Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

csrss.exe infection (Me thinks) - IE on Windows 7 crash


  • This topic is locked This topic is locked
21 replies to this topic

#1 Carlos Marcano

Carlos Marcano

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 February 2010 - 09:50 AM

Hi guys. I am getting problems after a, me thinks, corruption of csrss.exe. First Firefox was getting hijacked when i tried to get to any link from a google search, IE crashed also. I ran Spybot Search and Destroy and got Firefox back but IE keeps crashing and closing in start. I am pasting DDS log as requetsed. I am also attaching the Attach.tx created by DDS, the log file from GMER and the HJT log. Thanks in advance for your time and help. Regards, Carlos.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Carlos at 9:59:58,46 on 21/02/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.58.1033.18.3327.1970 [GMT -4,5:30]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AMD\OverDrive\AODAssist.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\MSI\Star Key Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\explorer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Downloads\Software\HousecallLauncher.exe
C:\Users\Carlos\AppData\Local\Temp\7zSB9C0.tmp\setup.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Public\Documents\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ncr
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: FDMIECookiesBHO Class: {cc59e0f9-7e43-44fa-9faa-8377850bf205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Free Download Manager] c:\program files\free download manager\fdm.exe -autorun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [LosAlamos] rundll32.exe c:\windows\system32\sshnas21.dll,AttachConsoleA
uRun: [TOY5KNQ8OC] c:\users\carlos\appdata\local\temp\Trh.exe
uRun: [sps2i] c:\users\carlos\appdata\local\temp\sps2i.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
StartupFolder: c:\users\carlos\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\msi\star key bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\free download manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\free download manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\free download manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\free download manager\dllink.htm
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\msi\star key bluetooth software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: {2FC79362-CC58-468D-A621-FBCBE2C9662C} = 8.8.8.8,200.44.32.12
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
AppInit_DLLs: c:\windows\system32\guard32.dll,avgrsstx.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - c:\program files\stardock\fences\FencesMenu.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\carlos\appdata\roaming\mozilla\firefox\profiles\lhyh9t6r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: c:\program files\free download manager\firefox\extension\components\vmsfdmff.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-1 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-1 28424]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-1 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2010-1-1 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-1-1 29520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-11-24 172032]
R2 AODService;AODService;c:\program files\amd\overdrive\AODAssist.exe [2009-10-22 136544]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-1-1 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-1-1 285392]
R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-1-12 12672]
R2 MotoConnect Service;MotoConnect Service;c:\program files\motorola\motoconnectservice\MotoConnectService.exe [2010-2-20 92928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-2-20 1153368]
R3 AODDriver;AODDriver;c:\program files\amd\overdrive\i386\AODDriver.sys [2009-10-22 8704]
R3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2010-1-5 31288]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2009-10-22 563760]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-1-16 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-6-19 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-29 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [2009-10-27 23936]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-2-8 27192]

=============== Created Last 30 ================

2010-02-21 14:16:30 0 d-----w- c:\windows\system32\log
2010-02-21 14:09:43 0 d-----w- c:\program files\Trend Micro
2010-02-21 14:04:54 0 d-----w- c:\program files\MSXML 4.0
2010-02-21 00:55:14 0 d-----w- c:\users\carlos\appdata\roaming\Blackberry Desktop
2010-02-21 00:51:57 0 d-----w- c:\users\carlos\appdata\roaming\Research In Motion
2010-02-21 00:49:13 0 d-----w- c:\programdata\InstallShield
2010-02-21 00:49:01 0 d-----w- c:\programdata\Sonic
2010-02-21 00:48:14 0 d-----w- c:\program files\common files\PX Storage Engine
2010-02-21 00:48:01 0 d-----w- c:\programdata\Roxio
2010-02-21 00:48:01 0 d-----w- c:\program files\Roxio
2010-02-21 00:48:01 0 d-----w- c:\program files\common files\Sonic Shared
2010-02-21 00:43:50 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-02-21 00:43:34 0 d-----w- c:\programdata\Research In Motion
2010-02-21 00:43:32 0 d-----w- c:\program files\Research In Motion
2010-02-21 00:43:32 0 d-----w- c:\program files\common files\Research In Motion
2010-02-21 00:05:14 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-21 00:05:14 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-20 23:20:58 0 d-----w- c:\programdata\BVRP Software
2010-02-20 23:20:58 0 d-----w- c:\program files\Motorola Phone Tools
2010-02-20 23:15:48 0 d-----w- c:\temp\MotoConnectTemp
2010-02-20 23:15:48 0 d-----w- C:\Temp
2010-02-20 23:15:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01007.Wdf
2010-02-20 23:15:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-02-20 23:15:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
2010-02-20 23:15:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
2010-02-20 23:12:21 0 d-----w- c:\program files\Motorola
2010-02-20 23:12:21 0 d-----w- c:\program files\common files\MSSoap
2010-02-20 23:12:21 0 d-----w- c:\program files\common files\Motorola Shared
2010-02-20 22:56:22 188416 ----a-w- c:\windows\system32\sshnas21.dll
2010-02-20 21:14:24 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2010-02-19 23:58:34 0 d-----w- c:\program files\TweetDeck
2010-02-19 02:37:23 0 d-----w- c:\programdata\SSScanAppDataDir
2010-02-19 02:37:10 0 d-----w- c:\programdata\MSScanAppDataDir
2010-02-18 20:28:40 0 d-----w- c:\programdata\Hewlett-Packard
2010-02-18 16:34:47 0 d-----w- c:\users\carlos\appdata\roaming\mkvtoolnix
2010-02-18 16:34:35 0 d-----w- c:\program files\MKVtoolnix
2010-02-16 03:49:06 0 d-----w- c:\program files\CoreCodec
2010-02-16 03:28:42 0 d-----w- c:\users\carlos\appdata\roaming\HandBrake
2010-02-16 03:28:28 0 d-----w- c:\program files\Handbrake
2010-02-16 03:14:19 53248 ----a-w- c:\windows\system32\vp7dec_settings.cpl
2010-02-16 03:14:19 237568 ----a-w- c:\windows\system32\vp7dec.ax
2010-02-16 03:14:19 0 d-----w- c:\program files\On2 Technologies
2010-02-16 03:14:05 81920 ----a-w- c:\windows\system32\dpl100.dll
2010-02-16 03:14:05 682496 ----a-w- c:\windows\system32\divx.dll
2010-02-16 03:14:05 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-02-16 03:14:05 0 d-----w- c:\program files\DivX Pro VFW
2010-02-15 21:16:53 0 d-----w- c:\program files\FairUse Wizard 2
2010-02-15 15:56:35 0 d-----w- c:\program files\XviD
2010-02-15 15:56:18 0 d-----w- c:\program files\AviSynth 2.5
2010-02-15 15:55:23 0 d-----w- c:\program files\AutoGK
2010-02-08 18:22:12 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-08 18:22:11 0 d-----w- c:\program files\VS Revo Group
2010-02-08 17:17:33 6912 ----a-w- c:\windows\nvoclock.sys
2010-02-08 17:17:33 53248 ----a-w- c:\windows\Nvgpio.dll
2010-02-08 17:17:33 499712 ----a-w- c:\windows\msvcp71.dll
2010-02-08 17:17:33 45056 ----a-w- c:\windows\NTuneGpu.dll
2010-02-08 17:17:33 421888 ----a-w- c:\windows\nvsulib.dll
2010-02-08 17:17:33 380928 ----a-w- c:\windows\ntuneoem.dll
2010-02-08 17:17:33 348160 ----a-w- c:\windows\msvcr71.dll
2010-02-08 17:17:33 28672 ----a-w- c:\windows\AutoTuneScript.dll
2010-02-08 17:17:33 18216 ----a-w- c:\windows\nvoclk64.sys
2010-02-08 17:17:33 1622016 ----a-w- c:\windows\NVBenchMarks.dll
2010-02-08 17:17:33 1060864 ----a-w- c:\windows\MFC71.dll
2010-02-08 17:11:43 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-02-08 17:11:43 2614272 ----a-w- c:\windows\explorer.exe
2010-01-24 14:39:14 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-01-24 14:39:14 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-01-24 14:39:09 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-01-24 14:39:05 395824 ----a-w- c:\windows\system32\vmnat.exe
2010-01-24 14:39:05 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-01-24 14:39:03 51248 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-01-24 14:39:03 36400 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-01-24 14:39:03 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-01-24 14:39:00 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-01-24 14:38:50 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-01-24 14:38:36 1024 ----a-w- C:\.rnd
2010-01-24 14:38:12 0 d-----w- c:\program files\common files\VMware
2010-01-24 14:37:41 0 d-----w- c:\programdata\VMware
2010-01-24 14:37:39 0 d-----w- c:\program files\VMware
2010-01-24 03:01:55 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-24 02:19:38 0 d-----r- c:\users\carlos\Virtual Machines
2010-01-24 02:15:57 0 d-----w- c:\program files\Windows Virtual PC
2010-01-24 02:14:32 14848 ----a-w- c:\windows\system32\vpchbuspipe.dll
2010-01-24 02:14:30 793600 ----a-w- c:\windows\system32\vmsal.exe
2010-01-24 02:14:30 78336 ----a-w- c:\windows\system32\drivers\vpcusb.sys
2010-01-24 02:14:30 559616 ----a-w- c:\windows\system32\VMCPropertyHandler.dll
2010-01-24 02:14:30 55040 ----a-w- c:\windows\system32\drivers\vpcnfltr.sys
2010-01-24 02:14:30 3329536 ----a-w- c:\windows\system32\vpc.exe
2010-01-24 02:14:30 294912 ----a-w- c:\windows\system32\drivers\vpcvmm.sys
2010-01-24 02:14:30 2169856 ----a-w- c:\windows\system32\VPCWizard.exe
2010-01-24 02:14:30 165376 ----a-w- c:\windows\system32\drivers\vpchbus.sys
2010-01-24 02:14:30 1260032 ----a-w- c:\windows\system32\VPCSettings.exe
2010-01-24 02:14:30 1002496 ----a-w- c:\windows\system32\VMWindow.exe
2010-01-24 02:13:25 0 d-----w- c:\program files\Windows XP Mode
2010-01-23 17:14:25 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-01-23 17:14:24 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-01-23 17:14:24 630784 ----a-w- c:\windows\system32\vp7vfw.dll
2010-01-23 17:14:24 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-01-23 17:14:24 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-01-23 17:14:24 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-01-23 17:14:24 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-01-23 17:14:23 0 d-----w- c:\program files\VSO

==================== Find3M ====================

2010-02-21 11:17:00 696208 ----a-w- c:\windows\system32\perfh00A.dat
2010-02-21 11:17:00 135424 ----a-w- c:\windows\system32\perfc00A.dat
2010-01-23 17:14:28 87608 ----a-w- c:\users\carlos\appdata\roaming\inst.exe
2010-01-23 17:14:28 47360 ----a-w- c:\users\carlos\appdata\roaming\pcouffin.sys
2010-01-21 19:54:20 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-08 03:18:02 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17:36 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-05 03:03:16 41390 ----a-w- c:\windows\system32\perfd00A.dat
2010-01-05 03:03:16 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfd.dat
2010-01-05 03:03:16 41390 ----a-w- c:\windows\inf\perflib\0c0a\perfc.dat
2010-01-05 03:03:16 341432 ----a-w- c:\windows\system32\perfi00A.dat
2010-01-05 03:03:16 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfi.dat
2010-01-05 03:03:16 341432 ----a-w- c:\windows\inf\perflib\0c0a\perfh.dat
2010-01-04 02:30:00 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-01-03 17:29:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-01-02 01:07:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-02 01:07:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-02 01:07:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-01 23:34:56 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-01-01 23:34:56 171552 ----a-w- c:\windows\system32\guard32.dll
2010-01-01 23:34:56 128376 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-12-31 21:25:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-19 09:02:52 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-19 09:02:48 1328640 ----a-w- c:\windows\system32\quartz.dll
2009-12-19 09:02:46 22016 ----a-w- c:\windows\system32\msyuv.dll
2009-12-19 09:02:45 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-19 09:02:45 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-19 09:02:40 84480 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-19 09:02:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-19 09:02:01 91648 ----a-w- c:\windows\system32\avifil32.dll
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-08 11:40:12 3955288 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:40:12 3899464 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 11:32:02 292864 ----a-w- c:\windows\system32\apphelp.dll
2009-11-25 03:18:02 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-11-25 03:17:34 368640 ----a-w- c:\windows\system32\atieclxx.exe
2009-11-25 03:17:04 172032 ----a-w- c:\windows\system32\atiesrxx.exe
2009-11-25 03:15:46 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2009-11-25 03:15:28 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2009-11-25 03:15:14 274432 ----a-w- c:\windows\system32\Oemdspif.dll
2009-11-25 03:15:04 11776 ----a-w- c:\windows\system32\atimuixx.dll
2009-11-25 03:14:58 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-11-25 03:12:12 3055616 ----a-w- c:\windows\system32\atidxx32.dll
2009-11-25 02:55:58 3617792 ----a-w- c:\windows\system32\atiumdag.dll
2009-11-25 02:44:56 13487616 ----a-w- c:\windows\system32\atioglxx.dll
2009-11-25 02:37:58 2899968 ----a-w- c:\windows\system32\atiumdva.dll
2009-11-25 02:25:38 52224 ----a-w- c:\windows\system32\atimpc32.dll
2009-11-25 02:25:38 52224 ----a-w- c:\windows\system32\amdpcom32.dll
2009-11-25 02:25:06 225280 ----a-w- c:\windows\system32\atiadlxx.dll
2009-11-25 02:21:52 53248 ----a-w- c:\windows\system32\aticalrt.dll
2009-11-25 02:21:36 53248 ----a-w- c:\windows\system32\aticalcl.dll
2009-11-25 02:20:26 3629056 ----a-w- c:\windows\system32\aticaldd.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:00:13,06 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 21 February 2010 - 05:28 PM

Shameless bump

#3 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 22 February 2010 - 09:28 AM

Monday bump

===========

Hello

While we understand your frustration at having to wait, please note that Bleeping Computer deals with several hundred requests for assistance such as yours on a daily basis. As a result, our backlog is quite large as are other comparable sites that help others with malware issues. Although our HJT Team members work on hundreds of requests each day, they are all volunteers who work logs when they can and are able to do so. No one is paid by Bleeping Computer for their assistance to our members.

Further, our malware removal staff is comprised of team members with various levels of skill and expertise to deal with thousands of malware variants, some more complex than others. Although we try to take DDS/HJT logs in order (starting with the oldest), it is often the skill level of the particular helper and sometimes the operating system that dictates which logs get selected first. Some infections are more complicated than others and require a higher skill level to remove. Without that skill level attempted removal could result in disastrous results. In other instances, the helper may not be familiar with the operating system that you are using, since they use another. In either case, neither of us want someone to assist you who is not familiar with your issue and attempt to fix it.

We ask that once you have posted your log and are waiting, please DO NOT "bump" your thread or make further replies until it has been responded to by a member of the Malware Response Team. The reason we ask this or do not respond to your requests is because that would remove you from the active queue that Techs and Staff have access to. The malware staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response, there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

That is why I have made an edit to your last post, instead of a reply. Please do not multiple post here, as that only pushes you further down the queue and causes confusion to the staff.

Please be patient. It may take several days, up to more than a week, perhaps less, to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

Thank you for understanding.

Elise - forum moderator

Edited by elise025, 22 February 2010 - 03:33 PM.


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 23 February 2010 - 05:41 AM

Hello ,
And welcome.gif to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------
If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------
Please be patient and I'd be grateful if you would note the following
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • GMER log

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 February 2010 - 09:34 AM

Hi, Elise. Thanks for the replys.

As per requested, my problem is:

When the infection began, Firefox was getting all my google searches hijacked and IE was crashing on startup. I ran Spybot Search and Destroy, which apparently fixed things because Firefox got normal but IE keeps crashing. I am seeing some csrss.exe process on task manager with no description, and sometimes I saw some wsr and wsh (i think) weird procceses too, but not anymore after Spybot S&D. Now I will paste my logs. Thanks!

OTL.txt

OTL logfile created on: 23/02/2010 09:13:47 a.m. - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Public\Documents
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000200a | Country: Republica Bolivariana de Venezuela | Language: ESV | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 50,00 Gb Total Space | 12,50 Gb Free Space | 25,00% Space Free | Partition Type: NTFS
Drive D: | 415,66 Gb Total Space | 95,95 Gb Free Space | 23,08% Space Free | Partition Type: NTFS
Drive E: | 465,63 Gb Total Space | 5,58 Gb Free Space | 1,20% Space Free | Partition Type: NTFS
Drive F: | 4,36 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MINA
Current User Name: Carlos
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/23 09:12:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Documents\OTL.exe
PRC - [2010/02/21 09:34:11 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/13 18:07:32 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/01/02 09:59:07 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/01/01 20:37:23 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/01/01 20:37:23 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/01/01 20:37:22 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/01/01 20:37:22 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/01/01 20:37:19 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/01/01 20:37:06 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/01 19:04:56 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/12/31 16:55:48 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/12/31 16:55:48 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\javaw.exe
PRC - [2009/12/14 17:08:36 | 000,092,928 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/12/14 15:06:02 | 000,278,272 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/11/25 08:54:14 | 004,009,592 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files\SpeedFan\speedfan.exe
PRC - [2009/11/24 22:47:34 | 000,368,640 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/11/24 22:47:04 | 000,172,032 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/10/31 01:15:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:59:24 | 000,129,584 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
PRC - [2009/10/22 03:49:18 | 000,136,544 | ---- | M] () -- C:\Program Files\AMD\OverDrive\AODAssist.exe
PRC - [2009/07/13 20:44:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/23 05:19:36 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 05:18:34 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/04/22 17:38:50 | 000,065,536 | ---- | M] (Advanced Micro Devices Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2009/04/22 17:37:16 | 000,065,536 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 16:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
PRC - [2009/01/31 02:45:14 | 003,399,727 | ---- | M] (FreeDownloadManager.ORG) -- C:\Program Files\Free Download Manager\fdm.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/25 11:44:34 | 000,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2006/11/21 16:09:04 | 001,589,248 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BtStackServer.exe
PRC - [2006/11/21 14:12:42 | 000,719,664 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe


========== Modules (SafeList) ==========

MOD - [2010/02/23 09:12:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Documents\OTL.exe
MOD - [2010/01/01 20:37:41 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2010/01/01 19:04:56 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2009/07/13 20:46:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 20:46:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 20:46:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 20:46:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 20:46:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 20:45:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 20:45:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 20:45:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 20:45:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 20:45:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 20:33:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/13 18:07:32 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/01/01 20:37:19 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010/01/01 20:37:06 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/14 17:08:36 | 000,092,928 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/11/24 22:47:04 | 000,172,032 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/11/13 18:26:46 | 000,136,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/10/22 05:00:04 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:59:58 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:59:48 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:49:18 | 000,136,544 | ---- | M] () [Auto | Running] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/08/05 22:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/13 20:46:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 20:46:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 20:46:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 20:46:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 20:46:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 20:46:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 20:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 20:46:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 20:46:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 20:46:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 20:46:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 20:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/07/13 20:45:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 20:45:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 20:45:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 20:45:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 20:44:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 20:44:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador de ActiveX (AxInstSV)
SRV - [2009/07/13 20:44:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 20:44:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/07/08 12:31:36 | 000,313,840 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2009/07/08 12:31:32 | 000,170,480 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2009/07/08 12:31:12 | 001,108,464 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2009/03/30 16:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/12/06 23:20:56 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/12/06 23:20:52 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/01/21 15:24:20 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2010/01/01 20:37:40 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/01/01 20:37:35 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/01 20:37:33 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/01/01 19:04:56 | 000,128,376 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/01 19:04:56 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2010/01/01 19:04:56 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/12/30 11:21:16 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2009/11/24 23:21:32 | 005,143,552 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 12:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/22 05:00:46 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:00:44 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:00:44 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 05:00:44 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 03:45:20 | 000,008,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Program Files\AMD\OverDrive\i386\AODDriver.sys -- (AODDriver)
DRV - [2009/10/22 00:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 00:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/19 14:45:54 | 000,031,288 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/30 10:03:56 | 000,104,976 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/22 20:49:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009/09/22 20:49:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009/09/22 20:48:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009/09/22 20:48:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009/09/01 20:20:34 | 000,219,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express) Intel®
DRV - [2009/08/23 18:25:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/08/05 22:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/13 20:56:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 20:56:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 20:56:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 20:56:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 20:56:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 20:56:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 20:56:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 20:56:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 20:56:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 20:56:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 20:50:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 20:50:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 20:50:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 20:50:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 20:50:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 20:50:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 20:50:36 | 000,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 20:50:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 20:50:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 20:50:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 20:50:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 20:50:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 20:50:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 20:50:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 20:50:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 20:50:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 20:50:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 20:49:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 20:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 20:49:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 20:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 20:49:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 20:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:49:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 20:49:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 20:49:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 20:49:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 20:49:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 20:49:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 20:49:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 20:49:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 20:49:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 20:47:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:27:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 19:32:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 19:31:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:25:21 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2009/07/13 19:25:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:23:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:22:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:22:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:22:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:21:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:21:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:16:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:15:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:06:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:03:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 18:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 18:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 18:54:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 18:49:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 18:46:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 18:41:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:24:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:23:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:23:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:23:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:23:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:23:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 17:32:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 17:32:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 17:32:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/07/13 16:20:20 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/06/19 16:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
DRV - [2009/01/29 17:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/09 16:18:02 | 000,027,136 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2008/05/20 19:33:50 | 000,022,784 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimUsb.sys -- (RimUsb)
DRV - [2007/05/01 03:00:00 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006/11/20 13:59:42 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2006/11/20 13:59:40 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2006/11/20 13:59:36 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2006/09/24 08:58:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
DRV - [1996/04/03 15:03:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3889810720-688641235-3460874813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ncr
IE - HKU\S-1-5-21-3889810720-688641235-3460874813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latam.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3889810720-688641235-3460874813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ve
IE - HKU\S-1-5-21-3889810720-688641235-3460874813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8F C3 57 61 4C 8A CA 01 [binary data]
IE - HKU\S-1-5-21-3889810720-688641235-3460874813-1000\S-1-5-21-3889810720-688641235-3460874813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ncr"
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/21 09:34:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/22 19:50:11 | 000,000,000 | ---D | M]

[2010/01/01 21:25:19 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\mozilla\Extensions
[2010/01/03 01:05:13 | 000,000,000 | ---D | M] -- C:\Users\Carlos\AppData\Roaming\mozilla\Firefox\Profiles\lhyh9t6r.default\extensions
[2010/01/01 21:25:05 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/12/02 03:41:27 | 000,003,996 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
[2009/12/02 03:41:27 | 000,000,751 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-es.xml
[2009/12/02 03:41:27 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2009/12/02 03:41:27 | 000,000,798 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2009/06/10 17:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-3889810720-688641235-3460874813-1000..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKU\S-1-5-21-3889810720-688641235-3460874813-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3889810720-688641235-3460874813-1000..\Run: [LosAlamos] C:\Windows\System32\sshnas21.DLL ()
O4 - HKU\S-1-5-21-3889810720-688641235-3460874813-1000..\Run: [sps2i] C:\Users\Carlos\AppData\Local\Temp\sps2i.exe File not found
O4 - HKU\S-1-5-21-3889810720-688641235-3460874813-1000..\Run: [TOY5KNQ8OC] C:\Users\Carlos\AppData\Local\Temp\Trh.exe File not found
O4 - HKU\S-1-5-21-3889810720-688641235-3460874813-1000..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{ce612d14-ffd7-11de-93a5-000272c76caf}\Shell - "" = AutoRun
O33 - MountPoints2\{ce612d14-ffd7-11de-93a5-000272c76caf}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/23 09:12:20 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Public\Documents\OTL.exe
[2010/02/21 10:01:21 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\gmer
[2010/02/21 09:46:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\log
[2010/02/21 09:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/02/21 09:34:54 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010/02/21 00:03:22 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Users\Carlos\Desktop\csrss.exe
[2010/02/20 20:25:14 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Blackberry Desktop
[2010/02/20 20:21:57 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\Research In Motion
[2010/02/20 20:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010/02/20 20:19:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sonic
[2010/02/20 20:18:40 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\Programs
[2010/02/20 20:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010/02/20 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2010/02/20 20:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Roxio
[2010/02/20 20:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2010/02/20 20:13:50 | 000,027,136 | ---- | C] (Research in Motion Ltd) -- C:\Windows\System32\drivers\RimSerial.sys
[2010/02/20 20:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2010/02/20 20:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Research In Motion
[2010/02/20 20:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion
[2010/02/20 20:13:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Research In Motion
[2010/02/20 19:35:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/02/20 19:35:14 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/20 19:33:34 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\ElevatedDiagnostics
[2010/02/20 18:51:35 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\BVRP Software
[2010/02/20 18:50:58 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola Phone Tools
[2010/02/20 18:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software
[2010/02/20 18:50:38 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\InstallShield
[2010/02/20 18:45:48 | 000,000,000 | ---D | C] -- C:\Temp
[2010/02/20 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/02/20 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Motorola Shared
[2010/02/20 18:42:21 | 000,000,000 | ---D | C] -- C:\Program Files\Motorola
[2010/02/20 16:44:24 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mfc42loc.dll
[2010/02/19 19:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\TweetDeck
[2010/02/18 22:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SSScanAppDataDir
[2010/02/18 22:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\MSScanAppDataDir
[2010/02/18 16:03:30 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\bleep-cadivi
[2010/02/18 15:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/02/18 12:04:47 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\mkvtoolnix
[2010/02/18 12:04:35 | 000,000,000 | ---D | C] -- C:\Program Files\MKVtoolnix
[2010/02/18 01:07:33 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\escan
[2010/02/15 23:19:06 | 000,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2010/02/15 22:59:16 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\HandBrake
[2010/02/15 22:58:42 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\HandBrake
[2010/02/15 22:58:28 | 000,000,000 | ---D | C] -- C:\Program Files\Handbrake
[2010/02/15 22:44:19 | 000,237,568 | ---- | C] (On2.com Inc.) -- C:\Windows\System32\vp7dec.ax
[2010/02/15 22:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\On2 Technologies
[2010/02/15 22:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010/02/15 22:44:05 | 000,682,496 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\divx.dll
[2010/02/15 22:44:05 | 000,081,920 | ---- | C] (DivX, Inc.) -- C:\Windows\System32\dpl100.dll
[2010/02/15 22:44:05 | 000,000,000 | ---D | C] -- C:\Program Files\DivX Pro VFW
[2010/02/15 22:27:41 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Desktop\luna de miel
[2010/02/15 16:46:53 | 000,000,000 | ---D | C] -- C:\Program Files\FairUse Wizard 2
[2010/02/15 13:38:12 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\WinRAR
[2010/02/15 11:39:23 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/02/15 11:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\XviD
[2010/02/15 11:26:18 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010/02/15 11:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\Gabest
[2010/02/15 11:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\AutoGK
[2010/02/14 18:09:52 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\Google
[2010/02/14 18:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010/02/10 06:58:43 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010/02/10 06:58:43 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010/02/10 06:58:43 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010/02/10 06:58:43 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010/02/10 06:58:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010/02/10 06:58:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010/02/10 06:58:42 | 003,955,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/02/10 06:58:42 | 003,899,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/02/10 06:58:42 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010/02/10 06:58:42 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010/02/10 06:58:41 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010/02/10 06:58:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010/02/10 06:58:41 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010/02/08 19:30:32 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/02/08 13:52:23 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Local\VS Revo Group
[2010/02/08 13:52:12 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2010/02/08 13:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/02/08 12:47:34 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\Microsoft
[2010/02/08 12:47:33 | 001,622,016 | ---- | C] (NVIDIA) -- C:\Windows\NVBenchMarks.dll
[2010/02/08 12:47:33 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\MFC71.dll
[2010/02/08 12:47:33 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcp71.dll
[2010/02/08 12:47:33 | 000,421,888 | ---- | C] (NVIDIA) -- C:\Windows\nvsulib.dll
[2010/02/08 12:47:33 | 000,380,928 | ---- | C] (NVIDIA) -- C:\Windows\ntuneoem.dll
[2010/02/08 12:47:33 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\msvcr71.dll
[2010/02/08 12:47:33 | 000,053,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\Nvgpio.dll
[2010/02/08 12:47:33 | 000,045,056 | ---- | C] (NVIDIA) -- C:\Windows\NTuneGpu.dll
[2010/02/08 12:47:33 | 000,028,672 | ---- | C] (NVIDIA) -- C:\Windows\AutoTuneScript.dll
[2010/02/08 12:47:33 | 000,018,216 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclk64.sys
[2010/02/08 12:47:33 | 000,006,912 | ---- | C] (NVidia Corp.) -- C:\Windows\nvoclock.sys
[2010/02/08 12:41:43 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/02/07 21:15:18 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Documents\Remote Assistance Logs
[2010/01/24 10:25:21 | 000,000,000 | ---D | C] -- C:\Users\Carlos\Documents\Virtual Machines
[2010/01/24 10:22:40 | 000,000,000 | ---D | C] -- C:\Users\Carlos\AppData\Roaming\VMware
[2010/01/24 10:09:14 | 000,059,952 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetinst.dll
[2010/01/24 10:09:14 | 000,016,560 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetadapter.sys
[2010/01/24 10:09:09 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
[2010/01/24 10:09:05 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
[2010/01/24 10:09:05 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetuserif.sys
[2010/01/24 10:09:03 | 000,051,248 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\vmnetbridge.dll
[2010/01/24 10:09:03 | 000,036,400 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnetbridge.sys
[2010/01/24 10:09:03 | 000,018,736 | R--- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\vmnet.sys
[2010/01/24 10:09:00 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\vnetlib.dll
[2010/01/24 10:08:50 | 000,023,216 | ---- | C] (VMware, Inc.) -- C:\Windows\System32\drivers\VMkbd.sys
[2010/01/24 10:08:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2010/01/24 10:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010/01/24 10:07:39 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2010/01/21 15:24:20 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Carlos\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/02/23 09:14:54 | 002,097,152 | -HS- | M] () -- C:\Users\Carlos\NTUSER.DAT
[2010/02/23 09:12:23 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Documents\OTL.exe
[2010/02/23 05:05:08 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/23 05:05:08 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/21 19:23:56 | 001,538,360 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/21 19:23:56 | 000,696,208 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/02/21 19:23:56 | 000,610,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/21 19:23:56 | 000,135,424 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/02/21 19:23:56 | 000,105,118 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/21 18:13:54 | 056,071,489 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/21 10:00:48 | 000,284,915 | ---- | M] () -- C:\Users\Public\Documents\gmer.zip
[2010/02/21 09:59:14 | 000,524,288 | ---- | M] () -- C:\Users\Public\Documents\dds.scr
[2010/02/21 09:46:52 | 000,000,036 | ---- | M] () -- C:\Users\Carlos\AppData\Local\housecall.guid.cache
[2010/02/21 09:39:59 | 000,002,071 | ---- | M] () -- C:\Users\Carlos\Desktop\HijackThis.lnk
[2010/02/21 06:42:11 | 000,128,448 | ---- | M] () -- C:\Users\Carlos\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/21 06:41:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/21 06:41:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/21 06:41:39 | 2616,598,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/02/21 00:00:37 | 000,473,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/20 20:13:36 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010/02/20 19:35:21 | 000,001,248 | ---- | M] () -- C:\Users\Carlos\Desktop\Spybot - Search & Destroy.lnk
[2010/02/20 18:51:33 | 000,001,992 | ---- | M] () -- C:\Users\Public\Desktop\Motorola Phone Tools.lnk
[2010/02/20 18:45:28 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motport_01007.Wdf
[2010/02/20 18:45:20 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/02/20 18:45:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2010/02/20 18:45:09 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2010/02/20 18:26:22 | 000,188,416 | ---- | M] () -- C:\Windows\System32\sshnas21.dll
[2010/02/19 20:23:33 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/19 19:28:34 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/02/18 22:25:46 | 000,108,448 | ---- | M] () -- C:\Users\Carlos\Documents\y 14.tif
[2010/02/18 12:04:38 | 000,001,866 | ---- | M] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk
[2010/02/18 01:41:27 | 000,002,656 | ---- | M] () -- C:\Users\Carlos\Desktop\23.queue
[2010/02/15 23:44:18 | 000,000,595 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\AutoGK.ini
[2010/02/15 23:37:11 | 000,000,918 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\coreavc.ini
[2010/02/15 23:20:38 | 000,000,896 | ---- | M] () -- C:\Users\Carlos\Desktop\mplayerc.exe - Acceso directo.lnk
[2010/02/15 22:58:29 | 000,001,009 | ---- | M] () -- C:\Users\Carlos\Desktop\Handbrake.lnk
[2010/02/15 16:47:12 | 000,001,017 | ---- | M] () -- C:\Users\Carlos\Desktop\FairUse Wizard 2.lnk
[2010/02/14 19:57:26 | 000,003,584 | ---- | M] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 18:10:08 | 000,001,096 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/08 15:50:17 | 000,001,041 | ---- | M] () -- C:\Users\Carlos\AppData\Roaming\vso_ts_preview.xml
[2010/02/08 14:01:12 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/02/08 13:52:12 | 000,001,158 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/02/08 12:47:34 | 000,001,207 | ---- | M] () -- C:\Users\Public\Desktop\OverclockingCenter.lnk
[2010/02/07 21:14:35 | 000,000,678 | ---- | M] () -- C:\Users\Carlos\Desktop\RAInvitation.msrcincident
[2010/01/24 10:08:36 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/01/24 10:08:32 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation.lnk

========== Files Created - No Company Name ==========

[2010/02/21 10:00:46 | 000,284,915 | ---- | C] () -- C:\Users\Public\Documents\gmer.zip
[2010/02/21 09:59:10 | 000,524,288 | ---- | C] () -- C:\Users\Public\Documents\dds.scr
[2010/02/21 09:46:52 | 000,000,036 | ---- | C] () -- C:\Users\Carlos\AppData\Local\housecall.guid.cache
[2010/02/21 09:39:59 | 000,002,071 | ---- | C] () -- C:\Users\Carlos\Desktop\HijackThis.lnk
[2010/02/20 20:13:36 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2010/02/20 19:35:21 | 000,001,248 | ---- | C] () -- C:\Users\Carlos\Desktop\Spybot - Search & Destroy.lnk
[2010/02/20 18:51:33 | 000,001,992 | ---- | C] () -- C:\Users\Public\Desktop\Motorola Phone Tools.lnk
[2010/02/20 18:45:28 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motport_01007.Wdf
[2010/02/20 18:45:20 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motmodem_01007.Wdf
[2010/02/20 18:45:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
[2010/02/20 18:45:09 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_motccgp_01007.Wdf
[2010/02/20 18:26:22 | 000,188,416 | ---- | C] () -- C:\Windows\System32\sshnas21.dll
[2010/02/19 19:28:34 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\TweetDeck.lnk
[2010/02/18 22:10:21 | 000,108,448 | ---- | C] () -- C:\Users\Carlos\Documents\y 14.tif
[2010/02/18 12:04:38 | 000,001,866 | ---- | C] () -- C:\Users\Public\Desktop\mkvmerge GUI.lnk
[2010/02/18 01:25:06 | 000,002,656 | ---- | C] () -- C:\Users\Carlos\Desktop\23.queue
[2010/02/15 23:20:38 | 000,000,896 | ---- | C] () -- C:\Users\Carlos\Desktop\mplayerc.exe - Acceso directo.lnk
[2010/02/15 23:19:55 | 000,000,918 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\coreavc.ini
[2010/02/15 22:58:29 | 000,001,009 | ---- | C] () -- C:\Users\Carlos\Desktop\Handbrake.lnk
[2010/02/15 22:44:19 | 000,053,248 | ---- | C] () -- C:\Windows\System32\vp7dec_settings.cpl
[2010/02/15 22:44:05 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010/02/15 16:47:12 | 000,001,017 | ---- | C] () -- C:\Users\Carlos\Desktop\FairUse Wizard 2.lnk
[2010/02/15 15:48:59 | 000,000,595 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\AutoGK.ini
[2010/02/14 19:57:26 | 000,003,584 | ---- | C] () -- C:\Users\Carlos\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/14 18:10:08 | 000,001,096 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/08 14:01:12 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\PS3 Media Server.lnk
[2010/02/08 13:52:12 | 000,001,158 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2010/02/08 12:47:34 | 000,001,207 | ---- | C] () -- C:\Users\Public\Desktop\OverclockingCenter.lnk
[2010/02/07 21:15:03 | 000,000,678 | ---- | C] () -- C:\Users\Carlos\Desktop\RAInvitation.msrcincident
[2010/01/24 10:08:36 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010/01/24 10:08:32 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation.lnk
[2010/01/21 15:24:37 | 000,001,041 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\vso_ts_preview.xml
[2010/01/21 15:24:30 | 000,000,034 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\pcouffin.log
[2010/01/21 15:24:20 | 000,087,608 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\inst.exe
[2010/01/21 15:24:20 | 000,007,887 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\pcouffin.cat
[2010/01/21 15:24:20 | 000,001,144 | ---- | C] () -- C:\Users\Carlos\AppData\Roaming\pcouffin.inf
[2010/01/12 10:06:41 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/07/13 20:25:09 | 000,587,776 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2009/07/13 19:21:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:12:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/01/25 16:40:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/01/08 18:31:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/11/21 13:43:46 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2002/10/15 18:24:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
[1996/04/03 15:03:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
< End of report >

HiJackThis.log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:33:27 a.m., on 23/02/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BtStackServer.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [LosAlamos] rundll32.exe C:\Windows\system32\sshnas21.dll,AttachConsoleA
O4 - HKCU\..\Run: [TOY5KNQ8OC] C:\Users\Carlos\AppData\Local\Temp\Trh.exe
O4 - HKCU\..\Run: [sps2i] C:\Users\Carlos\AppData\Local\Temp\sps2i.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FC79362-CC58-468D-A621-FBCBE2C9662C}: NameServer = 8.8.8.8,200.44.32.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{2FC79362-CC58-468D-A621-FBCBE2C9662C}: NameServer = 8.8.8.8,200.44.32.12
O17 - HKLM\System\CS2\Services\Tcpip\..\{2FC79362-CC58-468D-A621-FBCBE2C9662C}: NameServer = 8.8.8.8,200.44.32.12
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll,avgrsstx.dll
O22 - SharedTaskScheduler: FencesShellExt - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files\Stardock\Fences\FencesMenu.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: AODService - Unknown owner - C:\Program Files\AMD\OverDrive\AODAssist.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 10786 bytes

Attached Files



#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 23 February 2010 - 09:47 AM

Hello Carlos Marcano,

Please post only the logs I request. No need to post any other logs. Also, please paste the logs into the reply box instead of attaching them smile.gif

COMBOFIX
---------------
Please download ComboFix from one of these locations:
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

In your next reply, please include the following:
  • Combofix.txt

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 February 2010 - 12:06 PM

Hi, Elsie, thanks for your time and help!

After running ComboFix now I am able to use IE again! I did not think it would work because when running and between every completed stage windows kept showing intermitently a "This program (GQREP) has failed and will close" pop up - dozens of time. Anyway, looks like it worked! Here is the log:

ComboFix 10-02-22.07 - Carlos 23/02/2010 11:56:05.2.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.58.1033.18.3327.2020 [GMT -4,5:30]
Running from: c:\downloads\Software\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Carlos\AppData\Local\Temp\sfamcc00001.dll
c:\users\Carlos\AppData\Local\Temp\sfareca00001.dll
c:\users\Carlos\AppData\Roaming\inst.exe
c:\windows\system32\sshnas21.dll

c:\windows\system32\wuauclt.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-23 16:37 . 2010-02-23 16:42 -------- d-----w- c:\users\Carlos\AppData\Local\temp
2010-02-23 16:37 . 2010-02-23 16:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-23 16:25 . 2010-02-23 16:25 -------- d-----w- C:\32788R22FWJFW
2010-02-21 14:16 . 2010-02-21 14:16 -------- d-----w- c:\windows\system32\log
2010-02-21 14:09 . 2010-02-21 14:09 -------- d-----w- c:\program files\Trend Micro
2010-02-21 14:04 . 2010-02-21 14:04 -------- d-----w- c:\program files\MSXML 4.0
2010-02-21 00:55 . 2010-02-21 00:55 -------- d-----w- c:\users\Carlos\AppData\Roaming\Blackberry Desktop
2010-02-21 00:51 . 2010-02-21 00:51 -------- d-----w- c:\users\Carlos\AppData\Roaming\Research In Motion
2010-02-21 00:49 . 2010-02-21 00:49 -------- d-----w- c:\programdata\InstallShield
2010-02-21 00:49 . 2010-02-21 00:49 -------- d-----w- c:\programdata\Sonic
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\users\Carlos\AppData\Local\Programs
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\programdata\Roxio
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\program files\Roxio
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-21 00:43 . 2009-01-09 20:48 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-02-21 00:43 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-21 00:43 . 2010-02-21 00:44 -------- d-----w- c:\programdata\Research In Motion
2010-02-21 00:43 . 2010-02-21 00:44 -------- d-----w- c:\program files\Research In Motion
2010-02-21 00:43 . 2010-02-21 00:43 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-21 00:05 . 2010-02-21 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-21 00:05 . 2010-02-21 00:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-21 00:03 . 2010-02-21 00:03 -------- d-----w- c:\users\Carlos\AppData\Local\ElevatedDiagnostics
2010-02-20 23:21 . 2010-02-20 23:21 -------- d-----w- c:\users\Carlos\AppData\Local\BVRP Software
2010-02-20 23:20 . 2010-02-20 23:21 -------- d-----w- c:\program files\Motorola Phone Tools
2010-02-20 23:20 . 2010-02-20 23:20 -------- d-----w- c:\programdata\BVRP Software
2010-02-20 23:20 . 2010-02-21 00:49 -------- d-----w- c:\users\Carlos\AppData\Roaming\InstallShield
2010-02-20 23:15 . 2010-02-20 23:17 -------- d-----w- c:\temp\MotoConnectTemp
2010-02-20 23:15 . 2010-02-20 23:15 -------- d-----w- C:\Temp
2010-02-20 23:12 . 2010-02-20 23:12 -------- d-----w- c:\program files\Motorola
2010-02-20 23:12 . 2010-02-20 23:12 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-02-20 21:14 . 1998-06-17 22:38 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2010-02-19 23:58 . 2010-02-19 23:58 -------- d-----w- c:\program files\TweetDeck
2010-02-19 02:37 . 2010-02-19 02:37 -------- d-----w- c:\programdata\SSScanAppDataDir
2010-02-19 02:37 . 2010-02-19 02:37 -------- d-----w- c:\programdata\MSScanAppDataDir
2010-02-18 20:28 . 2010-02-18 20:28 -------- d-----w- c:\programdata\Hewlett-Packard
2010-02-18 20:28 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2010-02-18 16:34 . 2010-02-18 16:34 -------- d-----w- c:\users\Carlos\AppData\Roaming\mkvtoolnix
2010-02-18 16:34 . 2010-02-18 16:34 -------- d-----w- c:\program files\MKVtoolnix
2010-02-16 03:49 . 2010-02-16 03:49 -------- d-----w- c:\program files\CoreCodec
2010-02-16 03:29 . 2010-02-16 03:29 -------- d-----w- c:\users\Carlos\AppData\Local\HandBrake
2010-02-16 03:28 . 2010-02-16 03:31 -------- d-----w- c:\users\Carlos\AppData\Roaming\HandBrake
2010-02-16 03:28 . 2010-02-16 03:28 -------- d-----w- c:\program files\Handbrake
2010-02-16 03:14 . 2010-02-16 03:14 -------- d-----w- c:\program files\On2 Technologies
2010-02-16 03:14 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-16 03:14 . 2010-02-16 03:14 -------- d-----w- c:\program files\DivX Pro VFW
2010-02-16 03:14 . 2007-12-04 07:03 682496 ----a-w- c:\windows\system32\divx.dll
2010-02-16 03:14 . 2007-11-30 04:00 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-02-16 03:14 . 2007-11-30 03:58 81920 ----a-w- c:\windows\system32\dpl100.dll
2010-02-15 21:16 . 2010-02-17 19:33 -------- d-----w- c:\program files\FairUse Wizard 2
2010-02-15 15:56 . 2010-02-15 15:56 -------- d-----w- c:\program files\XviD
2010-02-15 15:56 . 2010-02-15 15:56 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-15 15:55 . 2010-02-15 15:55 -------- d-----w- c:\program files\Gabest
2010-02-15 15:55 . 2010-02-15 15:56 -------- d-----w- c:\program files\AutoGK
2010-02-14 22:39 . 2010-02-14 22:40 -------- d-----w- c:\users\Carlos\AppData\Local\Google
2010-02-14 22:39 . 2010-02-14 22:39 -------- d-----w- c:\program files\Google
2010-02-08 18:22 . 2010-02-08 18:22 -------- d-----w- c:\users\Carlos\AppData\Local\VS Revo Group
2010-02-08 18:22 . 2009-12-30 15:51 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-08 18:22 . 2010-02-08 18:22 -------- d-----w- c:\program files\VS Revo Group
2010-02-08 17:17 . 2006-10-13 11:48 18216 ----a-w- c:\windows\nvoclk64.sys
2010-02-08 17:17 . 2006-10-13 11:48 6912 ----a-w- c:\windows\nvoclock.sys
2010-02-08 17:17 . 2006-10-13 11:48 380928 ----a-w- c:\windows\ntuneoem.dll
2010-02-08 17:17 . 2006-10-13 11:46 421888 ----a-w- c:\windows\nvsulib.dll
2010-02-08 17:17 . 2006-10-13 11:43 1622016 ----a-w- c:\windows\NVBenchMarks.dll
2010-02-08 17:17 . 2006-10-13 11:42 28672 ----a-w- c:\windows\AutoTuneScript.dll
2010-02-08 17:17 . 2006-08-21 12:50 45056 ----a-w- c:\windows\NTuneGpu.dll
2010-02-08 17:17 . 2006-06-01 20:52 53248 ----a-w- c:\windows\Nvgpio.dll
2010-02-08 17:17 . 2005-09-23 20:03 499712 ----a-w- c:\windows\msvcp71.dll
2010-02-08 17:17 . 2005-09-23 20:03 348160 ----a-w- c:\windows\msvcr71.dll
2010-02-08 17:17 . 2005-09-23 20:03 1060864 ----a-w- c:\windows\MFC71.dll
2010-02-08 17:11 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-02-08 17:11 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 16:43 . 2010-01-02 15:44 -------- d-----w- c:\users\Carlos\AppData\Roaming\uTorrent
2010-02-23 16:39 . 2010-01-24 14:37 -------- d-----w- c:\programdata\VMware
2010-02-23 16:39 . 2010-01-02 15:44 -------- d-----w- c:\program files\uTorrent
2010-02-23 16:36 . 2010-01-03 01:07 -------- d-----w- c:\users\Carlos\AppData\Roaming\Free Download Manager
2010-02-22 22:25 . 2010-01-02 01:12 -------- d-----w- c:\program files\PS3 Media Server
2010-02-21 23:53 . 2010-01-05 03:04 696208 ----a-w- c:\windows\system32\perfh00A.dat
2010-02-21 23:53 . 2010-01-05 03:04 135424 ----a-w- c:\windows\system32\perfc00A.dat
2010-02-21 11:12 . 2010-01-02 00:27 128448 ----a-w- c:\users\Carlos\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 23:20 . 2010-01-06 01:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01007.Wdf
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
2010-02-19 23:49 . 2010-01-14 22:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-19 23:48 . 2010-01-14 22:42 38784 ----a-w- c:\users\Carlos\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-19 23:48 . 2010-01-14 22:42 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-14 22:29 . 2010-01-24 14:52 -------- d-----w- c:\users\Carlos\AppData\Roaming\VMware
2010-02-10 11:29 . 2010-01-13 23:09 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 20:20 . 2010-01-21 19:54 -------- d-----w- c:\users\Carlos\AppData\Roaming\Vso
2010-02-08 18:22 . 2010-01-08 02:30 -------- d-----w- c:\program files\MSI
2010-01-24 14:40 . 2010-01-24 14:40 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-01-24 14:40 . 2010-01-24 14:40 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-01-24 14:38 . 2010-01-24 14:38 -------- d-----w- c:\program files\Common Files\VMware
2010-01-24 14:37 . 2010-01-24 14:37 -------- d-----w- c:\program files\VMware
2010-01-24 14:36 . 2010-01-24 14:40 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-01-24 14:36 . 2010-01-24 14:40 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-01-24 14:36 . 2010-01-24 14:40 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-01-24 14:36 . 2010-01-24 14:40 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-01-24 14:36 . 2010-01-24 14:40 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-01-24 14:36 . 2010-01-24 14:40 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-01-24 14:36 . 2010-01-24 14:40 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-01-24 14:36 . 2010-01-24 14:40 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-01-24 14:28 . 2010-01-15 04:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 02:15 . 2010-01-24 02:15 -------- d-----w- c:\program files\Windows Virtual PC
2010-01-24 02:13 . 2010-01-24 02:13 -------- d-----w- c:\program files\Windows XP Mode
2010-01-23 17:14 . 2010-01-21 19:54 47360 ----a-w- c:\users\Carlos\AppData\Roaming\pcouffin.sys
2010-01-23 17:14 . 2010-01-21 19:54 47360 ----a-w- c:\users\Carlos\AppData\Roaming\pcouffin.sys
2010-01-23 17:14 . 2010-01-23 17:14 -------- d-----w- c:\program files\VSO
2010-01-21 19:54 . 2010-01-21 19:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-18 23:29 . 2010-02-10 11:28 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 11:28 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 11:28 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 11:28 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 11:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 11:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 11:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 11:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-16 14:45 . 2010-01-03 17:42 1 ----a-w- c:\users\Carlos\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-16 14:30 . 2010-01-16 14:30 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-16 14:30 . 2010-01-16 14:28 -------- d-----w- c:\program files\Windows Live
2010-01-16 14:29 . 2010-01-16 14:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-16 14:29 . 2010-01-15 04:53 -------- d-----w- c:\program files\Microsoft
2010-01-16 14:29 . 2010-01-16 14:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-16 14:09 . 2010-01-16 14:09 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-15 19:45 . 2010-01-15 19:45 -------- d-----w- c:\program files\MediaInfo
2010-01-15 19:31 . 2010-01-15 19:31 29184 ----a-r- c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2010-01-15 19:31 . 2010-01-15 19:31 -------- d-----w- c:\program files\mkv2vob
2010-01-15 19:30 . 2010-01-15 19:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 18:34 . 2010-01-03 03:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 18:19 . 2010-01-13 23:11 -------- d-----w- c:\program files\Microsoft Works
2010-01-15 00:32 . 2010-01-15 00:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-14 22:42 . 2010-01-14 22:42 -------- d-----w- c:\users\Carlos\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-01-13 23:11 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-13 23:11 . 2010-01-13 23:11 -------- d-----w- c:\program files\Microsoft.NET
2010-01-13 23:09 . 2010-01-13 23:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-13 16:37 . 2010-01-13 16:37 -------- d-----w- c:\program files\2BrightSparks
2010-01-13 16:27 . 2010-01-13 16:27 -------- d-----w- c:\program files\CCleaner
2010-01-12 14:39 . 2010-01-12 14:37 -------- d-----w- c:\users\Carlos\AppData\Roaming\Media Player Classic
2010-01-12 14:37 . 2010-01-12 14:37 -------- d-----w- c:\program files\DirectVobSub
2010-01-12 14:37 . 2010-01-12 14:37 -------- d-----w- c:\program files\Haali
2010-01-12 14:36 . 2010-01-12 14:36 -------- d-----w- c:\program files\ffdshow
2010-01-12 14:29 . 2010-01-12 14:29 -------- d-----w- c:\program files\CPUID
2010-01-11 18:03 . 2010-01-06 00:48 -------- d-----w- c:\program files\AMD
2010-01-08 03:18 . 2010-02-10 11:28 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 11:28 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-08 02:48 . 2010-01-08 02:48 -------- d-----w- c:\program files\Lavalys
2010-01-07 02:49 . 2010-01-07 02:49 -------- d-----w- c:\program files\OCCT
2010-01-06 01:15 . 2010-01-06 01:15 -------- d-----w- c:\users\Carlos\AppData\Roaming\ATI
2010-01-06 01:15 . 2010-01-06 01:15 -------- d-----w- c:\programdata\ATI
2010-01-06 01:12 . 2010-01-06 01:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-06 01:12 . 2010-01-06 00:47 -------- d-----w- c:\program files\ATI
2010-01-06 01:12 . 2010-01-06 00:47 -------- d-----w- c:\program files\ATI Technologies
2010-01-06 01:11 . 2010-01-06 01:11 10134 ----a-r- c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}\ARPPRODUCTICON.exe
2010-01-06 00:48 . 2010-01-06 00:48 -------- d-----w- c:\program files\DIFX
2010-01-05 03:49 . 2010-01-05 03:49 -------- d-----w- c:\users\Carlos\AppData\Roaming\Stardock
2010-01-05 03:48 . 2010-01-05 03:48 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-01-05 03:48 . 2010-01-05 03:48 -------- d-----w- c:\program files\Stardock
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-01-05 03:03 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-01-05 03:03 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-01-05 03:03 . 2010-01-05 03:04 41390 ----a-w- c:\windows\system32\perfd00A.dat
2010-01-05 03:03 . 2010-01-05 03:04 341432 ----a-w- c:\windows\system32\perfi00A.dat
2010-01-05 03:03 . 2010-01-05 03:03 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfd.dat
2010-01-05 03:03 . 2010-01-05 03:03 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfc.dat
2010-01-05 03:03 . 2010-01-05 03:03 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfi.dat
2010-01-05 03:03 . 2010-01-05 03:03 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfh.dat
2010-01-04 02:30 . 2010-01-12 14:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-23 319280]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-01 1800464]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]

c:\users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2006-11-21 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [01/01/2010 08:37 p.m. 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [01/01/2010 08:37 p.m. 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [01/01/2010 07:04 p.m. 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [01/01/2010 07:04 p.m. 29520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [24/11/2009 10:47 p.m. 172032]
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22/10/2009 03:49 a.m. 136544]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [01/01/2010 08:37 p.m. 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [01/01/2010 08:37 p.m. 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [12/01/2010 09:59 a.m. 12672]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [20/02/2010 06:42 p.m. 92928]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/02/2010 07:35 p.m. 1153368]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [22/10/2009 05:00 a.m. 70704]
R3 AODDriver;AODDriver;c:\program files\AMD\OverDrive\i386\AODDriver.sys [22/10/2009 03:45 a.m. 8704]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [05/01/2010 08:18 p.m. 31288]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22/10/2009 03:47 a.m. 563760]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [16/01/2010 10:00 a.m. 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 p.m. 704864]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [19/06/2009 04:59 p.m. 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [29/01/2009 05:18 p.m. 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\System32\drivers\motport.sys [27/10/2009 12:02 p.m. 23936]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [08/02/2010 01:52 p.m. 27192]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {2FC79362-CC58-468D-A621-FBCBE2C9662C} = 8.8.8.8,200.44.32.12
FF - ProfilePath - c:\users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\lhyh9t6r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-LosAlamos - c:\windows\system32\sshnas21.dll


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3764)
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\vmnat.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\System32\osk.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\MSI\Star Key Bluetooth Software\BtStackServer.exe
c:\program files\Motorola\MotoConnectService\MotoConnect.exe
c:\windows\system32\DllHost.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-02-23 12:15:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-23 16:45

Pre-Run: 13.289.107.456 bytes free
Post-Run: 13.168.123.904 bytes free

- - End Of File - - AC9D3485687C75F05F10564E82753CB8


Thanks again for your time and help, you guys (gals!) rock!

Regards,

Carlos.

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 23 February 2010 - 12:40 PM

Hi Carlos, we need to replace a systemfile. Please let me know if you have your Windows installation disk at hand.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 February 2010 - 01:18 PM

Hi, Elsie. Yes I have it here with me. W7 Ultimate.

Regards,

Carlos.

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 23 February 2010 - 02:07 PM

Since I don't have a Windows 7 disk at hand here, I have to ask you first if you can insert the disk in your CD drive and look for a folder named i386.

If it is not on the disk, can you please list me all folders that are on the disk?

Note, look only at the main folders (no need to look into folders for subfolders).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 February 2010 - 02:34 PM

This is the list of the folders in root:

BOOT
EFI
SOURCES
SUPPORT
UPGRADE

Maybe I could look for the needed files if you wish.

Regards,

Carlos.


#12 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 23 February 2010 - 02:57 PM

Yes, can you please search the disk for wuauclt ?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#13 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 February 2010 - 04:03 PM

Hi Elixe.

As much as I have tried, I can't find the file in the DVD. Althought it is in the /Windows/system32 folder in my C: drive!

I am clueless.

Regards,

Carlos.

#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,318 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:12:20 AM

Posted 23 February 2010 - 04:14 PM

Well, lets try it different then smile.gif

Open the Start Menu.

Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator.

At the command prompt type sfc /scannow (note the space between c and /) and press enter.

Let the scanner run unhindered. You might be prompted for your DVD.


After this finishes, re-run Combofix and post me the log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Carlos Marcano

Carlos Marcano
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:05:20 PM

Posted 23 February 2010 - 05:07 PM

Ok; I did as requested and this is the log:

ComboFix 10-02-22.07 - Carlos 23/02/2010 17:17:55.3.3 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.58.1033.18.3327.1911 [GMT -4,5:30]
Running from: c:\downloads\Software\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((( Files Created from 2010-01-23 to 2010-02-23 )))))))))))))))))))))))))))))))
.

2010-02-23 21:52 . 2010-02-23 21:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-02-23 21:52 . 2010-02-23 21:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-02-23 21:46 . 2010-02-23 21:46 -------- d-----w- C:\32788R22FWJFW
2010-02-23 20:41 . 2010-02-23 20:41 3304 ------w- C:\bootsqm.dat
2010-02-23 16:37 . 2010-02-23 21:52 -------- d-----w- c:\users\Carlos\AppData\Local\temp
2010-02-21 14:16 . 2010-02-21 14:16 -------- d-----w- c:\windows\system32\log
2010-02-21 14:09 . 2010-02-21 14:09 -------- d-----w- c:\program files\Trend Micro
2010-02-21 14:04 . 2010-02-21 14:04 -------- d-----w- c:\program files\MSXML 4.0
2010-02-21 00:55 . 2010-02-21 00:55 -------- d-----w- c:\users\Carlos\AppData\Roaming\Blackberry Desktop
2010-02-21 00:51 . 2010-02-21 00:51 -------- d-----w- c:\users\Carlos\AppData\Roaming\Research In Motion
2010-02-21 00:49 . 2010-02-21 00:49 -------- d-----w- c:\programdata\InstallShield
2010-02-21 00:49 . 2010-02-21 00:49 -------- d-----w- c:\programdata\Sonic
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\users\Carlos\AppData\Local\Programs
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\programdata\Roxio
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\program files\Roxio
2010-02-21 00:48 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-02-21 00:43 . 2009-01-09 20:48 27136 ----a-w- c:\windows\system32\drivers\RimSerial.sys
2010-02-21 00:43 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\Roxio Shared
2010-02-21 00:43 . 2010-02-21 00:44 -------- d-----w- c:\programdata\Research In Motion
2010-02-21 00:43 . 2010-02-21 00:44 -------- d-----w- c:\program files\Research In Motion
2010-02-21 00:43 . 2010-02-21 00:43 -------- d-----w- c:\program files\Common Files\Research In Motion
2010-02-21 00:05 . 2010-02-21 23:23 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-21 00:05 . 2010-02-21 00:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-21 00:03 . 2010-02-21 00:03 -------- d-----w- c:\users\Carlos\AppData\Local\ElevatedDiagnostics
2010-02-20 23:21 . 2010-02-20 23:21 -------- d-----w- c:\users\Carlos\AppData\Local\BVRP Software
2010-02-20 23:20 . 2010-02-20 23:21 -------- d-----w- c:\program files\Motorola Phone Tools
2010-02-20 23:20 . 2010-02-20 23:20 -------- d-----w- c:\programdata\BVRP Software
2010-02-20 23:20 . 2010-02-21 00:49 -------- d-----w- c:\users\Carlos\AppData\Roaming\InstallShield
2010-02-20 23:15 . 2010-02-20 23:17 -------- d-----w- c:\temp\MotoConnectTemp
2010-02-20 23:15 . 2010-02-20 23:15 -------- d-----w- C:\Temp
2010-02-20 23:12 . 2010-02-20 23:12 -------- d-----w- c:\program files\Motorola
2010-02-20 23:12 . 2010-02-20 23:12 -------- d-----w- c:\program files\Common Files\Motorola Shared
2010-02-20 21:14 . 1998-06-17 22:38 57344 ----a-w- c:\windows\system32\Mfc42loc.dll
2010-02-19 23:58 . 2010-02-19 23:58 -------- d-----w- c:\program files\TweetDeck
2010-02-19 02:37 . 2010-02-19 02:37 -------- d-----w- c:\programdata\SSScanAppDataDir
2010-02-19 02:37 . 2010-02-19 02:37 -------- d-----w- c:\programdata\MSScanAppDataDir
2010-02-18 20:28 . 2010-02-18 20:28 -------- d-----w- c:\programdata\Hewlett-Packard
2010-02-18 20:28 . 2009-07-14 01:15 280064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpzppw71.dll
2010-02-18 16:34 . 2010-02-18 16:34 -------- d-----w- c:\users\Carlos\AppData\Roaming\mkvtoolnix
2010-02-18 16:34 . 2010-02-18 16:34 -------- d-----w- c:\program files\MKVtoolnix
2010-02-16 03:49 . 2010-02-16 03:49 -------- d-----w- c:\program files\CoreCodec
2010-02-16 03:29 . 2010-02-16 03:29 -------- d-----w- c:\users\Carlos\AppData\Local\HandBrake
2010-02-16 03:28 . 2010-02-16 03:31 -------- d-----w- c:\users\Carlos\AppData\Roaming\HandBrake
2010-02-16 03:28 . 2010-02-16 03:28 -------- d-----w- c:\program files\Handbrake
2010-02-16 03:14 . 2010-02-16 03:14 -------- d-----w- c:\program files\On2 Technologies
2010-02-16 03:14 . 2010-02-21 00:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-16 03:14 . 2010-02-16 03:14 -------- d-----w- c:\program files\DivX Pro VFW
2010-02-16 03:14 . 2007-12-04 07:03 682496 ----a-w- c:\windows\system32\divx.dll
2010-02-16 03:14 . 2007-11-30 04:00 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-02-16 03:14 . 2007-11-30 03:58 81920 ----a-w- c:\windows\system32\dpl100.dll
2010-02-15 21:16 . 2010-02-17 19:33 -------- d-----w- c:\program files\FairUse Wizard 2
2010-02-15 15:56 . 2010-02-15 15:56 -------- d-----w- c:\program files\XviD
2010-02-15 15:56 . 2010-02-15 15:56 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-15 15:55 . 2010-02-15 15:55 -------- d-----w- c:\program files\Gabest
2010-02-15 15:55 . 2010-02-15 15:56 -------- d-----w- c:\program files\AutoGK
2010-02-14 22:39 . 2010-02-23 20:35 -------- d-----w- c:\users\Carlos\AppData\Local\Google
2010-02-14 22:39 . 2010-02-23 20:32 -------- d-----w- c:\program files\Google
2010-02-08 18:22 . 2010-02-08 18:22 -------- d-----w- c:\users\Carlos\AppData\Local\VS Revo Group
2010-02-08 18:22 . 2009-12-30 15:51 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-02-08 18:22 . 2010-02-08 18:22 -------- d-----w- c:\program files\VS Revo Group
2010-02-08 17:17 . 2006-10-13 11:48 18216 ----a-w- c:\windows\nvoclk64.sys
2010-02-08 17:17 . 2006-10-13 11:48 6912 ----a-w- c:\windows\nvoclock.sys
2010-02-08 17:17 . 2006-10-13 11:48 380928 ----a-w- c:\windows\ntuneoem.dll
2010-02-08 17:17 . 2006-10-13 11:46 421888 ----a-w- c:\windows\nvsulib.dll
2010-02-08 17:17 . 2006-10-13 11:43 1622016 ----a-w- c:\windows\NVBenchMarks.dll
2010-02-08 17:17 . 2006-10-13 11:42 28672 ----a-w- c:\windows\AutoTuneScript.dll
2010-02-08 17:17 . 2006-08-21 12:50 45056 ----a-w- c:\windows\NTuneGpu.dll
2010-02-08 17:17 . 2006-06-01 20:52 53248 ----a-w- c:\windows\Nvgpio.dll
2010-02-08 17:17 . 2005-09-23 20:03 499712 ----a-w- c:\windows\msvcp71.dll
2010-02-08 17:17 . 2005-09-23 20:03 348160 ----a-w- c:\windows\msvcr71.dll
2010-02-08 17:17 . 2005-09-23 20:03 1060864 ----a-w- c:\windows\MFC71.dll
2010-02-08 17:11 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-02-08 17:11 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-23 21:52 . 2010-01-03 01:07 -------- d-----w- c:\users\Carlos\AppData\Roaming\Free Download Manager
2010-02-23 21:39 . 2010-01-02 15:44 -------- d-----w- c:\users\Carlos\AppData\Roaming\uTorrent
2010-02-23 20:51 . 2010-01-05 03:04 696208 ----a-w- c:\windows\system32\perfh00A.dat
2010-02-23 20:51 . 2010-01-05 03:04 135424 ----a-w- c:\windows\system32\perfc00A.dat
2010-02-23 20:43 . 2010-01-24 14:37 -------- d-----w- c:\programdata\VMware
2010-02-23 16:39 . 2010-01-02 15:44 -------- d-----w- c:\program files\uTorrent
2010-02-22 22:25 . 2010-01-02 01:12 -------- d-----w- c:\program files\PS3 Media Server
2010-02-21 11:12 . 2010-01-02 00:27 128448 ----a-w- c:\users\Carlos\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 23:20 . 2010-01-06 01:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motport_01007.Wdf
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01007.Wdf
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgpfl_01007.Wdf
2010-02-20 23:15 . 2010-02-20 23:15 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motccgp_01007.Wdf
2010-02-19 23:49 . 2010-01-14 22:42 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-19 23:48 . 2010-01-14 22:42 38784 ----a-w- c:\users\Carlos\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-19 23:48 . 2010-01-14 22:42 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-14 22:29 . 2010-01-24 14:52 -------- d-----w- c:\users\Carlos\AppData\Roaming\VMware
2010-02-10 11:29 . 2010-01-13 23:09 -------- d-----w- c:\programdata\Microsoft Help
2010-02-08 20:20 . 2010-01-21 19:54 -------- d-----w- c:\users\Carlos\AppData\Roaming\Vso
2010-02-08 18:22 . 2010-01-08 02:30 -------- d-----w- c:\program files\MSI
2010-01-24 14:40 . 2010-01-24 14:40 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-01-24 14:40 . 2010-01-24 14:40 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-01-24 14:38 . 2010-01-24 14:38 -------- d-----w- c:\program files\Common Files\VMware
2010-01-24 14:37 . 2010-01-24 14:37 -------- d-----w- c:\program files\VMware
2010-01-24 14:36 . 2010-01-24 14:40 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-01-24 14:36 . 2010-01-24 14:40 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-01-24 14:36 . 2010-01-24 14:40 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-01-24 14:36 . 2010-01-24 14:40 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-01-24 14:36 . 2010-01-24 14:40 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-01-24 14:36 . 2010-01-24 14:40 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-01-24 14:36 . 2010-01-24 14:40 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-01-24 14:36 . 2010-01-24 14:40 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-01-24 14:28 . 2010-01-15 04:55 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-24 02:15 . 2010-01-24 02:15 -------- d-----w- c:\program files\Windows Virtual PC
2010-01-24 02:13 . 2010-01-24 02:13 -------- d-----w- c:\program files\Windows XP Mode
2010-01-23 17:14 . 2010-01-21 19:54 47360 ----a-w- c:\users\Carlos\AppData\Roaming\pcouffin.sys
2010-01-23 17:14 . 2010-01-21 19:54 47360 ----a-w- c:\users\Carlos\AppData\Roaming\pcouffin.sys
2010-01-23 17:14 . 2010-01-23 17:14 -------- d-----w- c:\program files\VSO
2010-01-21 19:54 . 2010-01-21 19:54 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-01-18 23:29 . 2010-02-10 11:28 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29 . 2010-02-10 11:28 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29 . 2010-02-10 11:28 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29 . 2010-02-10 11:28 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28 . 2010-02-10 11:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28 . 2010-02-10 11:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28 . 2010-02-10 11:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28 . 2010-02-10 11:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-16 14:45 . 2010-01-03 17:42 1 ----a-w- c:\users\Carlos\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-01-16 14:30 . 2010-01-16 14:30 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2010-01-16 14:30 . 2010-01-16 14:28 -------- d-----w- c:\program files\Windows Live
2010-01-16 14:29 . 2010-01-16 14:29 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-16 14:29 . 2010-01-15 04:53 -------- d-----w- c:\program files\Microsoft
2010-01-16 14:29 . 2010-01-16 14:29 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-16 14:09 . 2010-01-16 14:09 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-15 19:45 . 2010-01-15 19:45 -------- d-----w- c:\program files\MediaInfo
2010-01-15 19:31 . 2010-01-15 19:31 29184 ----a-r- c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2010-01-15 19:31 . 2010-01-15 19:31 -------- d-----w- c:\program files\mkv2vob
2010-01-15 19:30 . 2010-01-15 19:30 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 18:34 . 2010-01-03 03:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 18:19 . 2010-01-13 23:11 -------- d-----w- c:\program files\Microsoft Works
2010-01-15 00:32 . 2010-01-15 00:32 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-01-14 22:42 . 2010-01-14 22:42 -------- d-----w- c:\users\Carlos\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-01-13 23:11 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
2010-01-13 23:11 . 2010-01-13 23:11 -------- d-----w- c:\program files\Microsoft.NET
2010-01-13 23:09 . 2010-01-13 23:09 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-01-13 16:37 . 2010-01-13 16:37 -------- d-----w- c:\program files\2BrightSparks
2010-01-13 16:27 . 2010-01-13 16:27 -------- d-----w- c:\program files\CCleaner
2010-01-12 14:39 . 2010-01-12 14:37 -------- d-----w- c:\users\Carlos\AppData\Roaming\Media Player Classic
2010-01-12 14:37 . 2010-01-12 14:37 -------- d-----w- c:\program files\DirectVobSub
2010-01-12 14:37 . 2010-01-12 14:37 -------- d-----w- c:\program files\Haali
2010-01-12 14:36 . 2010-01-12 14:36 -------- d-----w- c:\program files\ffdshow
2010-01-12 14:29 . 2010-01-12 14:29 -------- d-----w- c:\program files\CPUID
2010-01-11 18:03 . 2010-01-06 00:48 -------- d-----w- c:\program files\AMD
2010-01-08 03:18 . 2010-02-10 11:28 221184 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-01-08 03:17 . 2010-02-10 11:28 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-01-08 02:48 . 2010-01-08 02:48 -------- d-----w- c:\program files\Lavalys
2010-01-07 02:49 . 2010-01-07 02:49 -------- d-----w- c:\program files\OCCT
2010-01-06 01:15 . 2010-01-06 01:15 -------- d-----w- c:\users\Carlos\AppData\Roaming\ATI
2010-01-06 01:15 . 2010-01-06 01:15 -------- d-----w- c:\programdata\ATI
2010-01-06 01:12 . 2010-01-06 01:12 -------- d-----w- c:\program files\Common Files\ATI Technologies
2010-01-06 01:12 . 2010-01-06 00:47 -------- d-----w- c:\program files\ATI
2010-01-06 01:12 . 2010-01-06 00:47 -------- d-----w- c:\program files\ATI Technologies
2010-01-06 01:11 . 2010-01-06 01:11 10134 ----a-r- c:\users\Carlos\AppData\Roaming\Microsoft\Installer\{A2D08D5A-74E8-7509-452A-E40E63D8FFC2}\ARPPRODUCTICON.exe
2010-01-06 00:48 . 2010-01-06 00:48 -------- d-----w- c:\program files\DIFX
2010-01-05 03:49 . 2010-01-05 03:49 -------- d-----w- c:\users\Carlos\AppData\Roaming\Stardock
2010-01-05 03:48 . 2010-01-05 03:48 -------- dc-h--w- c:\programdata\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2010-01-05 03:48 . 2010-01-05 03:48 -------- d-----w- c:\program files\Stardock
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-01-05 03:03 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-01-05 03:03 . 2009-07-14 07:50 -------- d-----w- c:\program files\Windows Journal
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Photo Viewer
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\DVD Maker
2010-01-05 03:03 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Defender
2010-01-05 03:03 . 2010-01-05 03:04 41390 ----a-w- c:\windows\system32\perfd00A.dat
2010-01-05 03:03 . 2010-01-05 03:04 341432 ----a-w- c:\windows\system32\perfi00A.dat
2010-01-05 03:03 . 2010-01-05 03:03 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfd.dat
2010-01-05 03:03 . 2010-01-05 03:03 41390 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfc.dat
2010-01-05 03:03 . 2010-01-05 03:03 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfi.dat
2010-01-05 03:03 . 2010-01-05 03:03 341432 ----a-w- c:\windows\inf\PERFLIB\0C0A\perfh.dat
2010-01-04 02:30 . 2010-01-12 14:36 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2010-02-23 20:35 . 2010-02-23 20:35 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-02-23 319280]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-31 149280]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-01 1800464]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-25 98304]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-14 307200]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2009-07-08 236016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-23 30192]

c:\users\Carlos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2006-11-21 719664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2009-10-02 128360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [01/01/2010 08:37 p.m. 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\drivers\avgtdix.sys [01/01/2010 08:37 p.m. 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [01/01/2010 07:04 p.m. 128376]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [01/01/2010 07:04 p.m. 29520]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\System32\atiesrxx.exe [24/11/2009 10:47 p.m. 172032]
R2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [22/10/2009 03:49 a.m. 136544]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [01/01/2010 08:37 p.m. 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [01/01/2010 08:37 p.m. 285392]
R2 cpuz132;cpuz132;c:\windows\System32\drivers\cpuz132_x32.sys [12/01/2010 09:59 a.m. 12672]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [20/02/2010 06:42 p.m. 92928]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [22/10/2009 05:00 a.m. 70704]
R3 AODDriver;AODDriver;c:\program files\AMD\OverDrive\i386\AODDriver.sys [22/10/2009 03:45 a.m. 8704]
R3 usbfilter;AMD USB Filter Driver;c:\windows\System32\drivers\usbfilter.sys [05/01/2010 08:18 p.m. 31288]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [20/02/2010 07:35 p.m. 1153368]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22/10/2009 03:47 a.m. 563760]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [16/01/2010 10:00 a.m. 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 10:48 p.m. 704864]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\System32\drivers\motccgp.sys [19/06/2009 04:59 p.m. 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\System32\drivers\motccgpfl.sys [29/01/2009 05:18 p.m. 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\System32\drivers\motport.sys [27/10/2009 12:02 p.m. 23936]
S3 Revoflt;Revoflt;c:\windows\System32\drivers\revoflt.sys [08/02/2010 01:52 p.m. 27192]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ncr
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Enviar imagen al dispositivo &Bluetooth... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
IE: Enviar página al dispositivo &Bluetooth... - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {2FC79362-CC58-468D-A621-FBCBE2C9662C} = 8.8.8.8,200.44.32.12
FF - ProfilePath - c:\users\Carlos\AppData\Roaming\Mozilla\Firefox\Profiles\lhyh9t6r.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
c:\windows\System32\guard32.dll

- - - - - - - > 'lsass.exe'(736)
c:\windows\System32\guard32.dll

- - - - - - - > 'Explorer.exe'(1688)
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Completion time: 2010-02-23 17:24:36
ComboFix-quarantined-files.txt 2010-02-23 21:54
ComboFix2.txt 2010-02-23 16:45

Pre-Run: 12.831.989.760 bytes free
Post-Run: 12.842.143.744 bytes free

- - End Of File - - BDAFD1EEFEC3BB884B5C0ED8EAB36CB4


Regards,

Carlos.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users