Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis


  • This topic is locked This topic is locked
2 replies to this topic

#1 analiz

analiz

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 10 February 2010 - 01:02 AM

ComboFix 10-02-09.03 - Ana Lizarraga 09/02/2010 23:08:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.52.1033.18.2939.1724 [GMT -6:00]
Running from: c:\users\Ana Lizarraga\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1613085345-1796840964-2308868410-500
c:\$recycle.bin\S-1-5-21-737594619-1414829202-3786626943-500
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\alot\bin\ALOTSettings.exe
c:\program files\Common Files\Uninstall
c:\program files\Downloaded Installers
c:\program files\Downloaded Installers\{D8CB9961-4886-4C4E-BEC0-C9CE78C52C0B}\setup.msi
c:\program files\PandoBar
c:\program files\PandoBar\bar\1.bin\P4FFXTBR.JAR
c:\program files\PandoBar\bar\1.bin\P4FFXTBR.MANIFEST
c:\program files\PandoBar\bar\1.bin\P4HIGHIN.EXE
c:\program files\PandoBar\bar\1.bin\P4NTSTBR.JAR
c:\program files\PandoBar\bar\1.bin\P4NTSTBR.MANIFEST
c:\program files\PandoBar\bar\1.bin\PANDOBAR.DLL
c:\program files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
c:\program files\temp
c:\program files\temp\HideWin.exe
c:\users\Ana Lizarraga\AppData\Roaming\alot
c:\users\Ana Lizarraga\AppData\Roaming\Desktopicon
c:\users\Ana Lizarraga\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Ana Lizarraga\AppData\Roaming\Desktopicon\eBayShortcuts.exe
c:\users\Ana Lizarraga\AppData\Roaming\Desktopicon\mc.ico
c:\users\Ana Lizarraga\AppData\Roaming\Desktopicon\uninst.exe
c:\users\Ana Lizarraga\AppData\Roaming\inst.exe
c:\users\Ana Lizarraga\googleupdatesetup.exe
c:\windows\system32\app_dll.dll
c:\windows\system32\hkcmd .exe
c:\windows\system32\igfxpers .exe
c:\windows\system32\igfxtray .exe
c:\windows\system32\rmj .exe
c:\windows\system32\vbzlib1.dll
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_WinDHCPsvc


((((((((((((((((((((((((( Files Created from 2010-01-10 to 2010-02-10 )))))))))))))))))))))))))))))))
.

2010-02-10 05:17 . 2010-02-10 05:21 -------- d-----w- c:\users\Ana Lizarraga\AppData\Local\temp
2010-02-10 05:17 . 2010-02-10 05:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-10 04:50 . 2010-02-10 04:50 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-02-09 14:32 . 2010-02-09 14:32 -------- d-----w- c:\program files\Web Photo Album
2010-02-09 14:32 . 2010-02-09 14:32 -------- d-----w- c:\program files\Jpeg Enhancer
2010-02-09 12:34 . 2010-02-09 12:34 -------- d--h--w- c:\programdata\{DF3D7EF6-7048-48B8-BA35-8E517A744670}
2010-02-06 14:45 . 2010-02-06 14:45 -------- d-----w- c:\program files\Printernet
2010-02-03 15:51 . 2010-02-03 15:51 11242038 ----a-w- C:\SlideShow.exe
2010-02-03 14:52 . 2010-02-03 17:23 -------- d-----w- c:\program files\Quick Slide Show
2010-02-03 14:25 . 2009-12-10 18:35 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-02-03 14:25 . 2009-12-10 18:28 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-02-03 14:25 . 2009-12-10 18:28 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-02-03 14:24 . 2010-02-03 14:25 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-02-03 02:55 . 2010-02-03 02:55 -------- d-----w- c:\program files\perfilunico
2010-02-02 21:14 . 2010-02-02 21:14 -------- d-----w- c:\program files\ApecSoft
2010-02-01 07:24 . 2010-02-01 07:24 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Malwarebytes
2010-02-01 07:24 . 2010-02-01 07:24 -------- d-----w- c:\programdata\Malwarebytes
2010-01-31 16:18 . 2010-01-31 16:22 -------- d-----w- c:\program files\RegCure
2010-01-31 06:28 . 2010-01-31 06:30 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Gretech
2010-01-31 06:28 . 2010-01-31 06:28 -------- d-----w- c:\programdata\Gretech
2010-01-31 06:27 . 2010-01-31 06:27 -------- d-----w- c:\program files\CoreAAC
2010-01-31 06:24 . 2010-01-31 06:27 -------- d-----w- c:\program files\GRETECH
2010-01-31 06:24 . 2010-01-31 06:25 -------- d-----w- c:\program files\softonic.com4
2010-01-31 03:17 . 2010-01-31 05:05 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Error Fix
2010-01-31 03:17 . 2010-01-31 04:29 -------- d-----w- c:\program files\Error Fix
2010-01-31 01:25 . 2010-01-31 01:25 -------- d-----w- C:\searchplugins
2010-01-31 01:25 . 2010-01-31 01:26 -------- d-----w- c:\program files\Crawler
2010-01-31 01:24 . 2010-02-01 05:31 -------- d-----w- c:\program files\Spyware Terminator
2010-01-30 13:21 . 2010-01-30 13:21 -------- d-----w- c:\windows\Sun
2010-01-30 02:17 . 2010-01-31 01:11 -------- d-----w- c:\program files\PCClear_Plus
2010-01-30 02:17 . 2010-01-31 02:13 -------- d-----w- C:\DBGO
2010-01-29 07:14 . 2010-01-29 07:15 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2010-01-29 07:03 . 2003-04-18 22:29 44544 ----a-w- c:\windows\system32\msxml4a.dll
2010-01-29 07:02 . 2010-01-30 00:36 -------- d-----w- c:\programdata\MAGIX
2010-01-29 07:02 . 2010-01-30 00:45 -------- d-----w- c:\program files\MAGIX
2010-01-29 07:02 . 2007-04-27 16:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2010-01-29 07:01 . 2010-01-30 00:45 -------- d-----w- c:\windows\system32\MAGIX
2010-01-29 07:01 . 2008-04-15 22:14 700416 ----a-w- c:\windows\system32\mgxoschk.dll
2010-01-29 05:43 . 2010-01-29 05:43 -------- d-----w- c:\program files\MyAshampoo
2010-01-28 05:39 . 2010-01-28 05:39 -------- d-----w- c:\program files\Sony Setup
2010-01-28 05:01 . 2010-01-28 05:01 -------- d-----w- c:\users\Ana Lizarraga\AppData\Local\Real
2010-01-28 05:01 . 2009-04-02 21:21 84480 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-28 05:01 . 2008-06-09 05:58 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-01-28 04:59 . 2006-09-16 10:44 314368 ----a-w- c:\windows\system32\avisynth.dll
2010-01-28 04:59 . 2004-05-26 12:37 719872 ----a-w- c:\windows\system32\devil.dll
2010-01-28 04:59 . 2010-02-02 21:08 -------- d-----w- c:\program files\McFunSoft Video Capture Convert Burn Solution
2010-01-27 21:04 . 2010-01-27 21:04 -------- d-----w- c:\program files\InterActual
2010-01-27 02:23 . 2010-01-27 02:23 -------- d-----w- c:\program files\Common Files\eSellerate
2010-01-27 02:23 . 2010-01-27 04:36 -------- d-----w- c:\program files\NewBlue
2010-01-22 22:24 . 2010-01-22 22:24 -------- d-----w- c:\windows\system32\extensions
2010-01-20 05:26 . 2010-01-20 05:26 -------- d-----w- c:\users\Ana Lizarraga\AppData\Local\Nero
2010-01-20 05:06 . 2010-01-20 05:06 -------- d-----w- c:\users\Ana Lizarraga\AppData\Local\IsolatedStorage
2010-01-20 05:02 . 2010-01-20 05:02 -------- d-----w- c:\program files\Microsoft Expression
2010-01-20 01:36 . 2010-01-20 01:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-19 23:53 . 2010-01-20 00:34 -------- d-----w- c:\programdata\River Past G5
2010-01-19 23:53 . 2010-01-19 23:53 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\River Past G5
2010-01-19 23:05 . 2010-01-19 23:06 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\NCH Swift Sound
2010-01-19 23:05 . 2010-01-19 23:05 -------- d-----w- c:\program files\NCH
2010-01-19 22:48 . 2010-01-19 23:06 -------- d-----w- c:\programdata\NCH Swift Sound
2010-01-19 22:46 . 2010-01-19 23:06 -------- d-----w- c:\program files\NCH Swift Sound
2010-01-19 22:46 . 2010-01-20 14:13 -------- d-----w- c:\programdata\NCH Software
2010-01-19 22:45 . 2010-01-20 14:13 -------- d-----w- c:\program files\NCH Software
2010-01-19 22:45 . 2010-01-20 21:03 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\NCH Software
2010-01-19 02:47 . 2010-01-24 17:18 -------- d-----w- c:\users\Ana Lizarraga\AppData\Local\WMTools Downloaded Files
2010-01-19 02:45 . 2010-01-19 02:45 -------- d-----w- c:\program files\Movie Maker 2.6
2010-01-18 21:27 . 2010-01-18 21:27 -------- d-----w- c:\program files\Photo!
2010-01-18 17:40 . 2010-02-09 05:32 -------- d-----w- c:\program files\DeblurMyImage
2010-01-17 19:52 . 2010-01-30 21:19 243116 ---ha-w- c:\windows\system32\mlfcache.dat
2010-01-17 17:16 . 2010-02-03 15:11 -------- d-----w- c:\users\Ana Lizarraga\DESCARGADOS NUMERADOS
2010-01-17 04:59 . 2009-10-30 17:15 398336 ------w- c:\windows\system32\TVWizudlg.exe
2010-01-17 04:59 . 2009-10-30 17:14 140288 ------w- c:\windows\system32\igfxtvcx.dll
2010-01-17 04:48 . 2010-01-17 04:48 -------- d-----w- c:\users\Ana Lizarraga\{bd33de43-2dac-4c0a-ac29-dc95d60041dc}
2010-01-17 04:41 . 2010-01-17 04:41 -------- d-----w- c:\windows\system32\x64
2010-01-17 04:40 . 2009-09-09 14:53 114688 ------w- c:\windows\system32\RicohMediadriverVer.dll
2010-01-17 04:40 . 2009-06-25 22:58 48128 ------w- c:\windows\system32\drivers\rimmptsk.sys
2010-01-17 04:40 . 2009-06-25 22:10 44544 ------w- c:\windows\system32\drivers\rimsptsk.sys
2010-01-16 02:39 . 2010-01-16 03:22 344998294 ----a-w- c:\program files\Photoshop_CS2_tryout.zip
2010-01-16 01:41 . 2010-02-09 14:31 -------- d-----w- c:\users\Ana Lizarraga\DESCARGADOS
2010-01-14 17:17 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 17:17 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-14 16:18 . 2010-01-14 16:20 -------- d-----w- c:\program files\Ultra Video Joiner
2010-01-13 13:05 . 2010-01-13 13:05 -------- d-----w- C:\winbook
2010-01-13 02:58 . 2010-02-09 05:32 -------- d-----w- c:\users\Ana Lizarraga\AppData\Local\Digsby
2010-01-13 02:58 . 2010-01-17 19:42 -------- d-----w- c:\programdata\Digsby
2010-01-13 02:58 . 2010-01-13 03:17 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Digsby
2010-01-13 02:56 . 2010-01-17 19:42 -------- d-----w- c:\program files\Digsby
2010-01-11 20:04 . 2010-01-11 20:04 -------- d-----w- c:\programdata\hps
2010-01-11 19:57 . 2010-01-11 19:57 -------- d-----w- c:\program files\Fotolibro24

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-09 19:30 . 2009-09-11 13:42 -------- d-----w- c:\program files\QuickTime
2010-02-09 19:30 . 2009-01-18 07:05 -------- d-----w- c:\program files\Camera Assistant Software for Toshiba
2010-02-09 19:30 . 2008-08-15 01:02 -------- d-----w- c:\program files\Norton 360
2010-02-09 19:30 . 2008-08-15 01:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-09 06:44 . 2010-02-09 06:43 10182192 ----a-w- c:\programdata\Iminent\Iminent Booster\Updates\update.3.0.1005.0.exe
2010-02-09 05:32 . 2010-01-04 00:33 -------- d-----w- c:\program files\iTunes
2010-02-09 05:32 . 2009-12-05 05:06 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\muvee Technologies
2010-02-09 05:32 . 2009-11-28 20:14 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Ulead Systems
2010-02-09 05:32 . 2009-06-15 05:08 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\dvdcss
2010-02-09 05:32 . 2009-06-15 04:26 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\vlc
2010-02-09 05:32 . 2008-08-14 19:25 -------- d-----w- c:\programdata\Ulead Systems
2010-02-09 04:05 . 2009-12-14 04:41 6080 ----a-w- c:\users\Ana Lizarraga\AppData\Local\d3d9caps.dat
2010-02-09 03:21 . 2009-08-07 03:47 -------- d-----w- c:\programdata\DriverCure
2010-02-08 22:26 . 2009-09-11 13:44 -------- d-----w- c:\program files\iPod
2010-02-06 14:45 . 2010-02-06 14:45 174246 ----a-r- c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Installer\{BA52260A-8843-41B1-A137-271EDA20C4E3}\_D5545652869BA8E20C8DB0.exe
2010-02-06 14:45 . 2010-02-06 14:45 174246 ----a-r- c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Installer\{BA52260A-8843-41B1-A137-271EDA20C4E3}\_8DEF8934105BDE99962F6E.exe
2010-02-06 14:45 . 2010-02-06 14:45 174246 ----a-r- c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Installer\{BA52260A-8843-41B1-A137-271EDA20C4E3}\_6FEFF9B68218417F98F549.exe
2010-02-06 14:45 . 2010-02-06 14:45 174246 ----a-r- c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Installer\{BA52260A-8843-41B1-A137-271EDA20C4E3}\_21F3885A18D238E15AAE81.exe
2010-02-06 14:45 . 2010-02-06 14:45 10134 ----a-r- c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Installer\{BA52260A-8843-41B1-A137-271EDA20C4E3}\_F84BCD0F4CBD4750460967.exe
2010-02-05 19:51 . 2009-06-14 05:07 200104 ----a-w- c:\users\Ana Lizarraga\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-05 15:02 . 2009-06-28 03:42 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Skype
2010-02-05 14:00 . 2009-06-28 03:44 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\skypePM
2010-02-04 03:48 . 2009-10-29 02:00 -------- d-----w- c:\program files\Sony
2010-02-04 03:48 . 2009-10-29 02:00 -------- d-----w- c:\programdata\Sony
2010-02-03 13:15 . 2008-08-14 19:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-03 09:00 . 2010-02-10 01:49 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100209.025\NAVENG.SYS
2010-02-03 09:00 . 2010-02-10 01:49 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100209.025\NAVEX15.SYS
2010-02-03 09:00 . 2010-02-09 18:10 84912 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100209.003\NAVENG.SYS
2010-02-03 09:00 . 2010-02-09 18:10 1324720 ----a-w- c:\programdata\Symantec\Definitions\VirusDefs\20100209.003\NAVEX15.SYS
2010-02-03 03:56 . 2009-09-02 18:39 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox
2010-01-30 01:17 . 2009-08-01 02:15 -------- d-----w- c:\program files\Uniblue
2010-01-30 01:17 . 2009-12-05 05:04 -------- d-----w- c:\program files\muvee Technologies
2010-01-30 01:17 . 2009-12-05 05:04 -------- d-----w- c:\program files\Common Files\muvee Technologies
2010-01-30 01:17 . 2009-08-01 02:42 -------- dc-h--w- c:\programdata\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2010-01-29 23:53 . 2009-08-01 02:15 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Uniblue
2010-01-28 05:01 . 2009-09-22 13:57 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Vso
2010-01-28 04:59 . 2010-01-28 04:59 81920 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\ezpinst.exe
2010-01-28 04:59 . 2010-01-28 04:59 81920 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\ezpinst.exe
2010-01-28 04:59 . 2009-09-22 13:57 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-28 04:59 . 2009-09-22 13:57 47360 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\pcouffin.sys
2010-01-28 04:59 . 2009-09-22 13:57 47360 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\pcouffin.sys
2010-01-27 20:48 . 2010-01-06 21:13 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-01-27 20:37 . 2010-01-06 21:11 -------- d-----w- c:\program files\Roxio
2010-01-27 02:23 . 2010-01-27 02:23 279172 ----a-w- c:\programdata\eSellerate\eWebClient.dll
2010-01-27 02:23 . 2010-01-06 21:12 -------- d-----w- c:\programdata\eSellerate
2010-01-25 19:33 . 2010-01-25 17:33 1602184 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxClient.exe
2010-01-21 08:36 . 2010-01-21 08:35 10096744 ----a-w- c:\programdata\Iminent\Iminent Booster\Updates\update.3.0.1004.0.exe
2010-01-21 05:15 . 2010-01-06 21:12 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-01-21 05:15 . 2010-01-06 21:17 -------- d-----w- c:\programdata\Roxio
2010-01-20 10:32 . 2010-01-20 10:31 8354216 ----a-w- c:\programdata\Iminent\Iminent Booster\Updates\update.3.0.1001.0.exe
2010-01-20 01:42 . 2009-06-29 14:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 01:37 . 2009-10-16 22:04 -------- d-----w- c:\program files\TechSmith
2010-01-19 10:34 . 2009-12-07 12:14 373384 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxStarter.exe
2010-01-19 10:34 . 2009-12-07 11:39 168584 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxBrowserEngine.dll
2010-01-19 10:34 . 2009-12-07 10:22 266888 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxTray.exe
2010-01-19 10:34 . 2009-12-07 10:22 205448 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxDvd.exe
2010-01-19 09:45 . 2010-01-19 09:45 344712 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxDvdEngine.dll
2010-01-19 09:45 . 2010-01-19 09:45 123528 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxUpdater.exe
2010-01-19 04:09 . 2010-01-06 21:40 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Roxio
2010-01-18 01:54 . 2009-07-16 22:21 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\LimeWire
2010-01-17 05:34 . 2010-01-17 05:08 19043520 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Uniblue\DriverScanner\Download\pci_ven_8086_dev_2929_cc_01068_9_2_1002.exe
2010-01-17 04:59 . 2008-08-14 18:58 -------- d-----w- c:\program files\Intel
2010-01-17 04:36 . 2010-01-17 03:50 30215864 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Uniblue\DriverScanner\Download\pci_ven_8086_dev_2a438_15_10_1986.exe
2010-01-17 04:00 . 2010-01-17 03:50 4894968 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Uniblue\DriverScanner\Download\pci_ven_1180_dev_05926_10_01_03.exe
2010-01-17 03:51 . 2010-01-17 03:51 2837016 ----a-w- c:\users\Ana Lizarraga\AppData\Roaming\Uniblue\DriverScanner\Download\pci_ven_8086_dev_29348_3_1_1011.exe
2010-01-17 03:47 . 2009-08-01 02:41 -------- d-----w- c:\programdata\DriverScanner
2010-01-15 02:43 . 2009-11-11 18:09 -------- d-----w- c:\program files\Photodex
2010-01-15 01:05 . 2009-08-29 03:27 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Nero
2010-01-14 22:46 . 2009-08-29 02:50 -------- d-----w- c:\program files\Common Files\Nero
2010-01-14 22:31 . 2009-08-29 02:50 -------- d-----w- c:\program files\Nero
2010-01-14 22:12 . 2009-08-29 02:50 -------- d-----w- c:\programdata\Nero
2010-01-14 17:35 . 2009-01-18 06:47 -------- d-----w- c:\programdata\Microsoft Help
2010-01-14 17:12 . 2009-10-02 20:43 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-13 00:46 . 2008-08-14 19:40 -------- d-----w- c:\program files\Google
2010-01-10 22:41 . 2008-08-14 20:01 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-09 05:52 . 2010-01-09 05:52 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Ashampoo Photo Commander 7
2010-01-06 23:03 . 2010-01-06 21:12 -------- d-----w- c:\programdata\SmartSound Software Inc
2010-01-06 21:22 . 2009-06-17 01:02 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-01-06 21:20 . 2010-01-06 21:20 -------- d-----w- c:\programdata\Sonic
2010-01-06 21:12 . 2010-01-06 21:12 -------- d-----w- c:\program files\SmartSound Software
2010-01-06 21:11 . 2010-01-06 21:11 -------- d-----w- c:\programdata\InstallShield
2010-01-06 21:09 . 2010-01-06 21:09 10134 ----a-r- c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Installer\{098122AB-C605-4853-B441-C0A4EB359B75}\ARPPRODUCTICON.exe
2010-01-06 02:20 . 2009-10-29 00:05 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Ashampoo
2010-01-06 02:19 . 2009-09-24 18:42 -------- d-----w- c:\programdata\page
2010-01-06 02:19 . 2009-09-24 18:42 -------- d-----w- c:\program files\Ashampoo
2010-01-04 00:33 . 2009-07-24 18:26 -------- d-----w- c:\program files\Common Files\Apple
2010-01-03 05:37 . 2009-10-01 17:22 -------- d-----w- c:\program files\Wondershare
2010-01-02 06:38 . 2010-01-22 02:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 02:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 02:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 02:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-31 03:59 . 2009-12-31 03:56 -------- d-----w- c:\programdata\Bandoo
2009-12-31 03:57 . 2009-12-31 03:57 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Bandoo
2009-12-31 03:57 . 2009-12-31 03:56 -------- d-----w- c:\program files\Bandoo
2009-12-31 00:36 . 2009-12-31 00:36 536328 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-30 13:55 . 2009-12-30 13:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-29 04:35 . 2009-12-29 04:35 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\WindSolutions
2009-12-29 03:01 . 2009-07-24 18:29 -------- d-----w- c:\users\Ana Lizarraga\AppData\Roaming\Apple Computer
2009-12-29 02:47 . 2009-12-29 02:47 3584 ----a-r- c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-12-29 02:47 . 2009-12-29 02:47 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2009-07-04 05:42 . 2009-07-03 23:31 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
2009-07-04 05:42 . 2009-07-03 23:31 2048 --sha-w- c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
.
CODE
<pre>
c:\program files\Ashampoo\Ashampoo Magical UnInstall\magicaluninstall .exe
c:\program files\Camera Assistant Software for Toshiba\traybar .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\applesyncnotifier .exe
c:\program files\Common Files\ParetoLogic\UUS2\pareto_update .exe
c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\roxwatchtray10 .exe
c:\program files\Common Files\Symantec Shared\ccapp .exe
c:\program files\Common Files\Ulead Systems\AutoDetector\monitor .exe
c:\program files\Corel\Corel VideoStudio 12\uvpl .exe
c:\program files\CyberLink\PowerCinema for TOSHIBA\pcmagent .exe
c:\program files\CyberLink\PowerCinema for TOSHIBA\Kernel\CLML\clmlsvc .exe
c:\program files\Google\GoogleToolbarNotifier\googletoolbarnotifier .exe
c:\program files\Iminent\IMBooster\imbooster .exe
c:\program files\Iminent\SearchTheWeb\iminent.notifier .exe
c:\program files\Intel\Intel Matrix Storage Manager\iaanotif .exe
c:\program files\MAGIX\Movies2go_III_Download_version\trayserver .exe
c:\program files\NCH Software\BroadCam\broadcam .exe
c:\program files\Norton 360\oscheck .exe
c:\program files\Pando Networks\Pando\pando .exe
c:\program files\ParetoLogic\Anti-Spyware\pareto_as .exe
c:\program files\PCClear_Plus\pcclear_plus .exe
c:\program files\QuickTime\qttask        .exe
c:\program files\QuickTime\qttask      .exe
c:\program files\QuickTime\qttask     .exe
c:\program files\QuickTime\qttask    .exe
c:\program files\QuickTime\qttask   .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\QuickTime\qttask .exe
c:\program files\Realtek\Audio\HDA\rthdvcpl .exe
c:\program files\Roxio\CinePlayer\dmxlauncher .exe
c:\program files\Samsung\Samsung New PC Studio\npsagent .exe
c:\program files\Spyware Terminator\spywareterminatorshield .exe
c:\program files\Synaptics\SynTP\syntpenh .exe
c:\program files\TechSmith\Jing\jing .exe
c:\program files\Toshiba\FlashCards\tcrdmain .exe
c:\program files\Toshiba\TOSCDSPD\toscdspd .exe
c:\program files\Ulead Systems\Ulead Photo Express 6\calcheck .exe
c:\program files\Windows Live\Messenger\msnmsgr   .exe
c:\windows\System32\spool\drivers\w32x86\3\e_fatibvl .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"= "c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll" [2009-06-05 104448]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\program files\Softonic_ES\tbSof1.dll" [2009-07-04 2094616]

[HKEY_CLASSES_ROOT\clsid\{84ff7bd6-b47f-46f8-9130-01b2696b36cb}]
[HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO.1]
[HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{14a6f38f-a7da-496f-847b-d88efe6b2f90}]
2009-12-31 17:53 2349080 ----a-w- c:\program files\perfilunico\tbperf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
2009-06-05 14:33 104448 ----a-w- c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E9BAAF-53CD-4575-967B-2AF710A7D21F}]
2009-08-13 13:39 99840 ----a-w- c:\program files\Iminent\IMBooster\Iminent.LinkToContent.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]
2009-07-04 05:54 2094616 ----a-w- c:\program files\Softonic_ES\tbSof1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 23:11 1145736 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EB5CEE80-030A-4ED8-8E20-454E9C68380F}]
2009-12-16 23:31 2073024 ----a-w- c:\program files\Bandoo\Plugins\IE\ieplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}"= "c:\program files\Softonic_ES\tbSof1.dll" [2009-07-04 2094616]
"{c9a6357b-25cc-4bcf-96c1-78736985d412}"= "mscoree.dll" [2009-03-30 278848]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]
"{14a6f38f-a7da-496f-847b-d88efe6b2f90}"= "c:\program files\perfilunico\tbperf.dll" [2009-12-31 2349080]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CLASSES_ROOT\clsid\{c9a6357b-25cc-4bcf-96c1-78736985d412}]
[HKEY_CLASSES_ROOT\SearchBar.Toolbar]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{14a6f38f-a7da-496f-847b-d88efe6b2f90}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C2ED826E-8903-4A9D-B0DF-3A8FB8EA918A}"= "c:\program files\Softonic_ES\tbSof1.dll" [2009-07-04 2094616]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-05-06 1145736]

[HKEY_CLASSES_ROOT\clsid\{c2ed826e-8903-4a9d-b0df-3a8fb8ea918a}]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SmileboxTray"="c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxTray.exe" [2010-01-19 266888]
"Jing"="c:\program files\TechSmith\Jing\Jing.exe" [2009-12-14 3118344]

c:\users\Ana Lizarraga\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Digsby.lnk - c:\program files\Digsby\digsby.exe [2009-4-2 137728]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoSecCPL"= 0 (0x0)
"NoDevMgrPage"= 0 (0x0)
"NoConfigPage"= 0 (0x0)
"NoVirtMemPage"= 0 (0x0)
"NoFileSysPage"= 0 (0x0)
"NoNetSetup"= 0 (0x0)
"NoNetSetupIDPage"= 0 (0x0)
"NoNetSetupSecurityPage"= 0 (0x0)
"NoWorkgroupContents"= 0 (0x0)
"NoEntireNetwork"= 0 (0x0)
"NoFileSharingControl"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"RestrictRun"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{51C55F9E-C308-4c95-89AB-8858D8AFD819}"= "c:\program files\ParetoLogic\Anti-Spyware\PASShlExt.dll" [2009-08-05 98304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SmileboxTray"="c:\users\Ana Lizarraga\AppData\Roaming\Smilebox\SmileboxTray.exe"
"UnibluePowerSuite"=c:\program files\Uniblue\PowerSuite\PowerSuite.exe
"LosAlamos"=rundll32.exe c:\windows\system32\sshnas21.dll,AttachConsoleA

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:26,a0,fc,32,09,f2,c9,01

R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20100204.001\IDSvix86.sys [08/02/2010 04:00 p.m. 286768]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [10/07/2008 06:58 p.m. 40960]
R2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo HDD Control\DfSdkS.exe [30/11/2009 04:43 p.m. 406016]
R2 FsUsbExService;FsUsbExService;c:\windows\System32\FsUsbExService.Exe [09/11/2009 03:09 p.m. 233472]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [18/02/2008 06:37 a.m. 149352]
R2 TMachInfo;TMachInfo;c:\program files\Toshiba\TOSHIBA Service Station\TMachInfo.exe [14/08/2008 01:15 p.m. 62776]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 07:03 p.m. 126976]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [10/12/2009 12:32 p.m. 1044808]
R3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [12/01/2008 01:32 p.m. 23888]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/12/2009 11:56 a.m. 102448]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\System32\FsUsbExDisk.Sys [09/11/2009 03:09 p.m. 36608]
R3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys [14/08/2008 01:08 p.m. 7168]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [16/09/2009 11:41 a.m. 4233728]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [24/04/2008 08:35 p.m. 73728]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [19/02/2009 12:31 p.m. 41008]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14/10/2009 07:24 a.m. 10064]
S2 BroadCamService;BroadCam Video Streaming Server; [x]
S2 gupdate1c9eee7377d762f;Servicio de actualización de Google (gupdate1c9eee7377d762f);c:\program files\Google\Update\GoogleUpdate.exe [16/06/2009 07:01 p.m. 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\Roxio\Digital Home 10\RoxioUpnpService10.exe [24/08/2007 03:53 p.m. 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [24/08/2007 03:52 p.m. 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [24/08/2007 03:52 p.m. 166384]
S2 SessionLauncher;SessionLauncher; [x]
S3 cmusbser;%CMUSBSER%;c:\windows\System32\drivers\cmusbser.sys [13/07/2009 09:19 a.m. 87040]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [29/01/2010 01:03 a.m. 1527900]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20/01/2008 08:23 p.m. 21504]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [24/08/2007 03:53 p.m. 72176]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [24/08/2007 03:52 p.m. 1083888]
S3 SVRPEDRV;SVRPEDRV;c:\windows\System32\sysprep\PEDRV.SYS [20/08/2008 12:41 p.m. 9216]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST
*NewlyCreated* - FSUSBEXDISK

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-07-18 00:16]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 01:01]

2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 01:01]

2010-02-09 c:\windows\Tasks\NeroLiveEpgUpdate-AnaLizarraga-PC_Ana-Lizarraga.job
- c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 19:51]

2010-02-05 c:\windows\Tasks\ParetoLogic Privacy Controls_{1D1DBBB7-E45E-11DE-BEE2-001E33B6F445}.job
- c:\program files\ParetoLogic\Privacy Controls\Pareto_PC.exe [2009-12-02 00:46]

2010-02-10 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 17:25]

2010-02-10 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-02-03 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-02-09 c:\windows\Tasks\ParetoLogic Update.job
- c:\program files\Common Files\ParetoLogic\UUS\Pareto_Update.exe [2009-08-05 18:39]

2010-02-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-02-10 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-02-04 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]
.
.
------- Supplementary Scan -------
.
ustart page = hxxp://www.mecajuegos.com.ar
uDefault_Search_URL = hxxp://tudosearch.com/index.php?q=
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSHB&bmod=TSHB
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Crawler Search - tbr:iemenu
IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enlace de descarga usando Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{346de098-61f9-4b42-89da-6dfba7091bb6} - (no file)
URLSearchHooks-{06663B56-0D73-4f9f-BCC5-4AA941470AFD} - c:\program files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
BHO-{E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - c:\program files\PandoBar\bar\1.bin\PANDOBAR.DLL
Toolbar-{E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - c:\program files\PandoBar\bar\1.bin\PANDOBAR.DLL
Toolbar-{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - c:\program files\alot\bin\alot.dll
Toolbar-{87980967-3371-4709-a777-74c329fd13ae} - (no file)
Toolbar-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
Toolbar-{48645015-f654-430c-bfec-134d6192a90e} - (no file)
Toolbar-{b332015e-9c85-436f-a557-56f94c91d903} - (no file)
Toolbar-{fdb5d447-af88-4d71-9c29-20432f25db96} - (no file)
Toolbar-{89a2fe29-5e49-4ab2-9c96-ef21ba015d7b} - (no file)
Toolbar-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
Toolbar-{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - (no file)
Toolbar-{0974848a-b5bc-49f2-9778-307742b4a55d} - (no file)
WebBrowser-{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4} - c:\program files\PandoBar\bar\1.bin\PANDOBAR.DLL
WebBrowser-{09EC805C-CB2E-4D53-B0D3-A75A428B81C7} - (no file)
WebBrowser-{48645015-F654-430C-BFEC-134D6192A90E} - (no file)
WebBrowser-{87980967-3371-4709-A777-74C329FD13AE} - (no file)
WebBrowser-{B332015E-9C85-436F-A557-56F94C91D903} - (no file)
AddRemove-alotToolbar - c:\program files\alot\alotUninst.exe
AddRemove-eBay Icon - c:\users\Ana Lizarraga\AppData\Roaming\Desktopicon\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 23:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,f6,00,41,46,99,d1,4a,8d,b7,67,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,f6,00,41,46,99,d1,4a,8d,b7,67,\

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2580)
c:\program files\Common Files\Symantec Shared\ccSet.dll
c:\windows\System32\NLSData0009.dll
c:\windows\system32\TosBtExt.dll
c:\windows\system32\es.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Photodex\ProShowGold\ScsiAccess.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\windows\System32\TUProgSt.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\Bandoo\Bandoo.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2010-02-09 23:28:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-10 05:28

Pre-Run: 137,816,363,008 bytes free
Post-Run: 137,454,526,464 bytes free

- - End Of File - - 5CA842A1C6E0E194FE030A3DDC7B8D0A


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:44 AM

Posted 16 February 2010 - 09:13 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:06:44 AM

Posted 21 February 2010 - 05:02 AM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users