Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have a Trojan Cryptic.NP and change name


  • This topic is locked This topic is locked
29 replies to this topic

#1 dariobelt

dariobelt

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 16 May 2010 - 09:21 AM

Here is the OTL and Extra.


OTL logfile created on: 5/16/2010 9:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Dario\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1862.92 Gb Total Space | 1831.19 Gb Free Space | 98.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARIO-PC
Current User Name: Dario
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/16 09:42:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
PRC - [2010/04/21 16:59:05 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 16:59:05 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 18:29:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 18:21:29 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 18:21:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 18:21:25 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/10 08:39:31 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/02/10 08:37:18 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/10/31 11:43:48 | 002,382,848 | ---- | M] (Watch Tower Bible and Tract Society of Pennsylvania.) -- C:\Program Files\Watchtower\Watchtower Library 2009\S\WTLibrary.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 21:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/03/13 12:42:36 | 003,231,744 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2006/10/26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/16 09:42:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
MOD - [2010/03/17 18:21:29 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 18:21:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/27 15:19:13 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 16:59:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 18:21:29 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 18:21:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 17:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A7 FC C7 0C 00 00 55 40 98 C1 9D E2 8A BD 7A 17 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A7 FC C7 0C 00 00 55 40 98 C1 9D E2 8A BD 7A 17 [binary data]

IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 89 2B F4 3F AA CA 01 [binary data]
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A7 FC C7 0C 00 00 55 40 98 C1 9D E2 8A BD 7A 17 [binary data]
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..\URLSearchHook: {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/05/02 09:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 09:54:22 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {0CC7FCA7-0000-4055-98C1-9DE28ABD7A17} - C:\ProgramData\dmband32.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (tjutilbarra Toolbar) - {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (tjutilbarra Toolbar) - {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..\Toolbar\WebBrowser: (tjutilbarra Toolbar) - {C6BF3BC4-0101-4782-AB1E-63A072BCED3C} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..Trusted Domains: descargasteocraticas.org ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.248.95.213 206.248.95.217 206.248.95.218 206.248.79.194
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\system32\DDACLSys32.dll) - C:\Windows\System32\DDACLSys32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 22:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/16 09:42:42 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
[2010/05/14 06:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\tjutilbarra
[2010/05/14 06:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/14 06:13:42 | 000,000,000 | ---D | C] -- C:\TJUtilPack2
[2010/05/02 10:45:28 | 000,086,016 | ---- | C] (Stamps.com, Inc.) -- C:\Windows\System32\SDCCInfo.dll
[2010/05/02 10:44:15 | 000,352,256 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex6.ocx
[2010/05/02 10:44:15 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2010/05/02 10:44:15 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TLBINF32.DLL
[2010/05/02 10:44:14 | 000,104,464 | ---- | C] (devSoft Inc. - www.dev-soft.com) -- C:\Windows\System32\netdia40.ocx
[2010/05/02 10:44:13 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010/05/02 10:44:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/05/02 10:44:06 | 000,004,192 | R--- | C] (Btrieve Technologies, Inc.) -- C:\Windows\System32\WBTRVRES.DLL
[2010/05/02 10:44:05 | 000,630,784 | ---- | C] (Apache Software Foundation) -- C:\Windows\System32\PAWSAX.DLL
[2010/05/02 10:44:05 | 000,565,248 | ---- | C] (Apache Software Foundation) -- C:\Windows\System32\ptxml_1_0.dll
[2010/05/02 10:44:05 | 000,314,980 | R--- | C] (Btrieve Technologies, Incorporated) -- C:\Windows\System32\Wbtr32.exe
[2010/05/02 10:44:05 | 000,132,544 | ---- | C] (ImageFX) -- C:\Windows\System32\IMGFX300.DLL
[2010/05/02 10:44:05 | 000,072,320 | ---- | C] (ImageFX) -- C:\Windows\System32\FXTLS300.DLL
[2010/05/02 10:44:05 | 000,068,096 | R--- | C] (Pervasive Software Inc.) -- C:\Windows\System32\WBTRV32.DLL
[2010/05/02 10:44:05 | 000,064,496 | ---- | C] (ImageFX) -- C:\Windows\System32\FXSHP300.VBX
[2010/05/02 10:44:05 | 000,060,864 | ---- | C] (ImageFX) -- C:\Windows\System32\FXIMG300.VBX
[2010/05/02 10:44:05 | 000,059,216 | ---- | C] (ImageFX) -- C:\Windows\System32\FXVID300.VBX
[2010/05/02 10:44:05 | 000,053,344 | ---- | C] (ImageFX) -- C:\Windows\System32\FXLBL300.VBX
[2010/05/02 10:44:05 | 000,043,472 | R--- | C] (Pervasive Software Inc.) -- C:\Windows\System32\WBTRCALL.DLL
[2010/05/02 10:44:05 | 000,026,256 | ---- | C] (ImageFX) -- C:\Windows\System32\FXSND300.VBX
[2010/05/02 10:44:05 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wavemix.dll
[2010/05/02 10:44:05 | 000,017,690 | R--- | C] (Btrieve Technologies, Incorporated) -- C:\Windows\System32\WBTRLOCL.DLL
[2010/05/02 10:44:05 | 000,005,824 | R--- | C] (Btrieve Technologies, Inc.) -- C:\Windows\System32\WBTRTHNK.DLL
[2010/05/02 10:44:05 | 000,004,292 | R--- | C] (Btrieve Technologies, Incorporated) -- C:\Windows\System32\WBT32RES.DLL
[2010/05/02 10:44:04 | 000,026,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\hh.1
[2010/05/02 10:44:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010/05/02 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WexTech Shared
[2010/05/02 09:56:02 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Roaming\WinRAR
[2010/05/02 09:56:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/05/02 09:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\1794487949
[2010/05/02 09:54:24 | 000,000,000 | -HSD | C] -- C:\Users\Dario\AppData\Roaming\SystemProc
[2010/05/02 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/02 09:51:10 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Local\WinZip
[2010/05/02 09:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/05/02 09:42:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/02 09:39:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/05/02 09:19:46 | 000,000,000 | ---D | C] -- C:\Users\Dario\Documents\FrostWire
[2010/05/02 09:19:43 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Roaming\FrostWire
[2010/05/02 09:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/02 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/02 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/05/02 09:18:56 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/02 09:18:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/02 09:18:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/02 09:18:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/02 09:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/02 09:15:51 | 007,936,534 | ---- | C] (FrostWire, LLC) -- C:\Users\Dario\Desktop\frostwire-4.20.6.windows.exe
[2010/05/02 08:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage
[2010/05/02 08:31:10 | 000,111,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCAL.OCX
[2010/05/02 08:31:04 | 000,536,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OC25.DLL
[2010/05/02 08:31:04 | 000,000,000 | ---D | C] -- C:\Peachw
[2010/05/02 08:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Peach
[2010/05/02 08:30:39 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/04/27 16:51:07 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/27 16:51:07 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/04/25 19:33:50 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Roaming\Mozilla
[2010/04/25 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2010/04/21 16:46:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2 C:\Users\Dario\AppData\Roaming\*.tmp files -> C:\Users\Dario\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/16 09:45:45 | 001,310,720 | -HS- | M] () -- C:\Users\Dario\ntuser.dat
[2010/05/16 09:42:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
[2010/05/16 09:26:21 | 060,047,216 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/16 09:17:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/16 09:16:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/16 07:42:48 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/16 07:42:48 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/16 07:42:48 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/16 07:36:54 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/16 07:36:53 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/16 07:36:49 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/16 07:19:43 | 261,541,804 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/16 06:10:54 | 000,119,598 | ---- | M] () -- C:\Users\Dario\Documents\Five Common Car mistakes.docx
[2010/05/15 06:35:58 | 001,017,740 | -H-- | M] () -- C:\Users\Dario\AppData\Local\IconCache.db
[2010/05/15 06:18:25 | 000,003,661 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896P.manifest
[2010/05/15 06:13:49 | 000,000,051 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896C.manifest
[2010/05/15 06:13:49 | 000,000,011 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896S.manifest
[2010/05/15 06:13:49 | 000,000,011 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896O.manifest
[2010/05/14 06:14:50 | 000,000,615 | ---- | M] () -- C:\Users\Dario\Desktop\TJUtilPack2.lnk
[2010/05/11 17:37:51 | 000,000,817 | ---- | M] () -- C:\ProgramData\1489490410
[2010/05/11 16:31:05 | 000,000,249 | -HS- | M] () -- C:\ProgramData\144146874
[2010/05/09 11:27:55 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/09 11:27:55 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/02 18:42:31 | 000,001,881 | ---- | M] () -- C:\Users\Dario\Documents\DF.rtf
[2010/05/02 10:46:05 | 000,002,953 | ---- | M] () -- C:\Windows\pcw100.ini
[2010/05/02 10:46:04 | 000,000,793 | ---- | M] () -- C:\Windows\Bti.ini
[2010/05/02 09:56:01 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl1769345832
[2010/05/02 09:55:47 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/05/02 09:28:00 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/02 09:19:17 | 000,001,177 | ---- | M] () -- C:\Users\Dario\Desktop\FrostWire 4.20.6.lnk
[2010/05/02 09:18:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/02 09:18:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/02 09:18:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/02 09:18:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/02 09:15:54 | 007,936,534 | ---- | M] (FrostWire, LLC) -- C:\Users\Dario\Desktop\frostwire-4.20.6.windows.exe
[2010/05/01 09:31:43 | 000,012,870 | ---- | M] () -- C:\Users\Dario\Documents\EMPRESA BELTRAN.docx
[2010/04/21 17:55:34 | 000,409,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\systemcpl.dll
[2010/04/21 17:55:34 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll
[2010/04/21 16:59:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/18 19:47:01 | 000,017,576 | ---- | M] () -- C:\Users\Dario\Documents\BudgetD+G.xlsx
[2010/04/18 18:54:02 | 000,017,512 | ---- | M] () -- C:\Users\Dario\Documents\Backup of BudgetD+G.xlk
[2010/04/18 18:20:13 | 000,013,361 | ---- | M] () -- C:\Users\Dario\Documents\vacaciones 2010.xlsx
[2010/04/18 10:03:07 | 000,595,714 | ---- | M] () -- C:\Users\Dario\Documents\Malanga.pdf
[2 C:\Users\Dario\AppData\Roaming\*.tmp files -> C:\Users\Dario\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 06:10:53 | 000,119,598 | ---- | C] () -- C:\Users\Dario\Documents\Five Common Car mistakes.docx
[2010/05/14 06:14:50 | 000,000,615 | ---- | C] () -- C:\Users\Dario\Desktop\TJUtilPack2.lnk
[2010/05/02 18:42:31 | 000,001,881 | ---- | C] () -- C:\Users\Dario\Documents\DF.rtf
[2010/05/02 10:46:09 | 000,001,078 | ---- | C] () -- C:\Windows\TUTOR.ICO
[2010/05/02 10:46:08 | 000,000,766 | ---- | C] () -- C:\Windows\ACTGPR2.ICO
[2010/05/02 10:44:06 | 000,000,793 | ---- | C] () -- C:\Windows\Bti.ini
[2010/05/02 10:44:05 | 000,320,512 | R--- | C] () -- C:\Windows\System32\W32MKDE.EXE
[2010/05/02 10:44:05 | 000,110,080 | R--- | C] () -- C:\Windows\System32\W32MKRC.DLL
[2010/05/02 10:44:05 | 000,038,576 | ---- | C] () -- C:\Windows\System32\NWLOCALE.DLL
[2010/05/02 10:44:04 | 000,002,953 | ---- | C] () -- C:\Windows\pcw100.ini
[2010/05/02 10:09:04 | 000,000,249 | -HS- | C] () -- C:\ProgramData\144146874
[2010/05/02 09:57:58 | 000,000,817 | ---- | C] () -- C:\ProgramData\1489490410
[2010/05/02 09:56:01 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl1769345832
[2010/05/02 09:55:47 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/05/02 09:54:20 | 000,003,661 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896P.manifest
[2010/05/02 09:54:20 | 000,000,051 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896C.manifest
[2010/05/02 09:54:20 | 000,000,011 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896S.manifest
[2010/05/02 09:54:20 | 000,000,011 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896O.manifest
[2010/05/02 09:28:00 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/02 09:19:17 | 000,001,177 | ---- | C] () -- C:\Users\Dario\Desktop\FrostWire 4.20.6.lnk
[2010/05/02 08:31:44 | 000,172,032 | ---- | C] () -- C:\Windows\System32\rsUtil.dll
[2010/05/01 09:19:59 | 000,012,870 | ---- | C] () -- C:\Users\Dario\Documents\EMPRESA BELTRAN.docx
[2010/04/21 16:46:26 | 261,541,804 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/04/18 17:30:25 | 000,017,576 | ---- | C] () -- C:\Users\Dario\Documents\BudgetD+G.xlsx
[2010/04/18 17:30:25 | 000,017,512 | ---- | C] () -- C:\Users\Dario\Documents\Backup of BudgetD+G.xlk
[2010/04/18 10:03:07 | 000,595,714 | ---- | C] () -- C:\Users\Dario\Documents\Malanga.pdf
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/07/13 21:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/17 18:21:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/17 18:21:29 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/21 16:59:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/27 03:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/27 03:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/27 03:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
< End of report >


EXTRA REPORT

OTL Extras logfile created on: 5/16/2010 9:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Dario\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1862.92 Gb Total Space | 1831.19 Gb Free Space | 98.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARIO-PC
Current User Name: Dario
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}_is1" = Ares 3.1.5.3033
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6072EF5D-2EBB-4FBA-8BE5-1C2BA21E8CFA}" = Watchtower Library 2009 - espaņol
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.1.5.3038
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.20.6
"Google Chrome" = Google Chrome
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2003
"Stamps.com Internet Postage" = Stamps.com Internet Postage
"tjutilbarra Toolbar" = tjutilbarra Toolbar
"TJUtilPack" = TJUtilPack 2.4
"TuneUpMedia" = TuneUp Companion 1.6.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 6:18:37 AM | Computer Name = Dario-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bcdd0 Faulting module name: DDACLSys32.dll, version: 0.0.0.0, time
stamp: 0x4bd92733 Exception code: 0xc0000005 Fault offset: 0x00002019 Faulting process
id: 0x7e4 Faulting application start time: 0x01caf4178f9e0720 Faulting application
path: C:\Windows\system32\SearchProtocolHost.exe Faulting module path: C:\Windows\system32\DDACLSys32.dll
Report
Id: 39764820-600b-11df-8cc9-00306724fee1

Error - 5/15/2010 6:18:44 AM | Computer Name = Dario-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleToolbarUser_32.exe, version: 6.4.1208.1530,
time stamp: 0x4b1eea03 Faulting module name: DDACLSys32.dll, version: 0.0.0.0, time
stamp: 0x4bd92733 Exception code: 0xc0000005 Fault offset: 0x00002019 Faulting process
id: 0x904 Faulting application start time: 0x01caf417702f4e30 Faulting application
path: C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe Faulting module
path: C:\Windows\system32\DDACLSys32.dll Report Id: 3d33c550-600b-11df-8cc9-00306724fee1

Error - 5/15/2010 6:19:53 AM | Computer Name = Dario-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunesHelper.exe, version: 9.0.3.15, time
stamp: 0x4b590700 Faulting module name: DDACLSys32.dll, version: 0.0.0.0, time stamp:
0x4bd92733 Exception code: 0xc0000005 Fault offset: 0x00002019 Faulting process id:
0xa30 Faulting application start time: 0x01caf417505b43c0 Faulting application path:
C:\Program Files\iTunes\iTunesHelper.exe Faulting module path: C:\Windows\system32\DDACLSys32.dll
Report
Id: 6695cba0-600b-11df-8cc9-00306724fee1

Error - 5/15/2010 6:37:19 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/15/2010 6:55:18 AM | Computer Name = Dario-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 5/15/2010 12:03:21 PM | Computer Name = DARIO-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/15/2010 12:53:14 PM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/16/2010 5:56:10 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/16/2010 7:19:48 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/16/2010 7:36:54 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ System Events ]
Error - 5/15/2010 6:16:40 AM | Computer Name = Dario-PC | Source = DCOM | ID = 10001
Description =

Error - 5/15/2010 12:03:18 PM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:00:43 PM on ?5/?15/?2010 was unexpected.

Error - 5/15/2010 12:53:13 PM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:45:15 PM on ?5/?15/?2010 was unexpected.

Error - 5/15/2010 12:53:14 PM | Computer Name = Dario-PC | Source = BugCheck | ID = 1005
Description =

Error - 5/15/2010 12:53:14 PM | Computer Name = Dario-PC | Source = BugCheck | ID = 1001
Description =

Error - 5/16/2010 5:59:00 AM | Computer Name = Dario-PC | Source = DCOM | ID = 10001
Description =

Error - 5/16/2010 7:19:46 AM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:16:48 AM on ?5/?16/?2010 was unexpected.

Error - 5/16/2010 7:19:46 AM | Computer Name = DARIO-PC | Source = BugCheck | ID = 1005
Description =

Error - 5/16/2010 7:19:46 AM | Computer Name = DARIO-PC | Source = BugCheck | ID = 1001
Description =

Error - 5/16/2010 7:36:52 AM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:33:42 AM on ?5/?16/?2010 was unexpected.


< End of report >


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 AM

Posted 19 May 2010 - 02:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 dariobelt

dariobelt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 22 May 2010 - 05:20 PM

I have not resolve the Trojan problem

Here is the OTL:

OTL logfile created on: 5/22/2010 6:10:07 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Dario\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1862.92 Gb Total Space | 1831.11 Gb Free Space | 98.29% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARIO-PC
Current User Name: Dario
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/16 09:42:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
PRC - [2010/04/21 16:59:05 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/21 16:59:05 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/01 18:29:50 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/17 18:21:29 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/17 18:21:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/17 18:21:25 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/10 08:39:31 | 000,298,608 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2010/02/10 08:37:18 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/01/26 20:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe
PRC - [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/07/13 21:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2009/07/13 21:14:12 | 000,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009/03/13 12:42:36 | 003,231,744 | ---- | M] (Ares Development Group) -- C:\Program Files\Ares\Ares.exe
PRC - [2006/10/26 20:24:54 | 000,098,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/16 09:42:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
MOD - [2010/03/17 18:21:29 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/07/13 21:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 21:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 21:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 21:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 21:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 21:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 21:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 21:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 21:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 21:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 21:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/17 18:21:27 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/02/27 15:19:13 | 001,343,400 | ---- | M] () [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/01/25 10:00:54 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2009/07/13 21:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 21:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 21:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 21:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 21:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 21:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 21:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 21:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 21:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 21:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 21:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 21:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 21:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 21:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 21:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - [2010/04/21 16:59:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/03/17 18:21:29 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/17 18:21:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/12/11 03:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/07/13 21:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 21:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 21:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 21:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 21:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 21:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 21:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 21:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 21:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 21:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 21:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 21:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 21:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 21:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 21:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 21:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 21:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 21:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 21:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 21:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 21:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 21:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 21:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 21:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 21:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 21:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 21:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 21:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 21:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 21:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 21:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 21:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 21:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 20:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 20:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 20:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 19:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 19:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 19:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 19:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 19:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 19:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 19:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 19:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 19:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 19:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 19:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 19:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 19:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/07/13 19:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 19:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 18:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 18:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 18:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 18:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 18:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 18:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 18:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 18:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 18:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 17:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A7 FC C7 0C 00 00 55 40 98 C1 9D E2 8A BD 7A 17 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A7 FC C7 0C 00 00 55 40 98 C1 9D E2 8A BD 7A 17 [binary data]

IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 89 2B F4 3F AA CA 01 [binary data]
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = A7 FC C7 0C 00 00 55 40 98 C1 9D E2 8A BD 7A 17 [binary data]
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..\URLSearchHook: {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/05/02 09:54:22 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/02 09:54:22 | 000,000,000 | ---D | M] (Adobe Flash Plugin) -- C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {0CC7FCA7-0000-4055-98C1-9DE28ABD7A17} - C:\ProgramData\dmband32.dll File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (tjutilbarra Toolbar) - {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (tjutilbarra Toolbar) - {c6bf3bc4-0101-4782-ab1e-63a072bced3c} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..\Toolbar\WebBrowser: (tjutilbarra Toolbar) - {C6BF3BC4-0101-4782-AB1E-63A072BCED3C} - C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000..\Run: [ares] C:\Program Files\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1488632439-2138322173-3643674576-1000\..Trusted Domains: descargasteocraticas.org ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 206.248.95.217 206.248.95.213 206.248.95.215
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\Windows\system32\DDACLSys32.dll) - C:\Windows\System32\DDACLSys32.dll File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/13 22:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2010/05/16 09:42:42 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
[2010/05/14 06:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\tjutilbarra
[2010/05/14 06:14:46 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/05/14 06:13:42 | 000,000,000 | ---D | C] -- C:\TJUtilPack2
[2010/05/02 10:45:28 | 000,086,016 | ---- | C] (Stamps.com, Inc.) -- C:\Windows\System32\SDCCInfo.dll
[2010/05/02 10:44:15 | 000,352,256 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex6.ocx
[2010/05/02 10:44:15 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2010/05/02 10:44:15 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TLBINF32.DLL
[2010/05/02 10:44:14 | 000,104,464 | ---- | C] (devSoft Inc. - www.dev-soft.com) -- C:\Windows\System32\netdia40.ocx
[2010/05/02 10:44:13 | 000,644,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCOMCT2.OCX
[2010/05/02 10:44:13 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2010/05/02 10:44:06 | 000,004,192 | R--- | C] (Btrieve Technologies, Inc.) -- C:\Windows\System32\WBTRVRES.DLL
[2010/05/02 10:44:05 | 000,630,784 | ---- | C] (Apache Software Foundation) -- C:\Windows\System32\PAWSAX.DLL
[2010/05/02 10:44:05 | 000,565,248 | ---- | C] (Apache Software Foundation) -- C:\Windows\System32\ptxml_1_0.dll
[2010/05/02 10:44:05 | 000,314,980 | R--- | C] (Btrieve Technologies, Incorporated) -- C:\Windows\System32\Wbtr32.exe
[2010/05/02 10:44:05 | 000,132,544 | ---- | C] (ImageFX) -- C:\Windows\System32\IMGFX300.DLL
[2010/05/02 10:44:05 | 000,072,320 | ---- | C] (ImageFX) -- C:\Windows\System32\FXTLS300.DLL
[2010/05/02 10:44:05 | 000,068,096 | R--- | C] (Pervasive Software Inc.) -- C:\Windows\System32\WBTRV32.DLL
[2010/05/02 10:44:05 | 000,064,496 | ---- | C] (ImageFX) -- C:\Windows\System32\FXSHP300.VBX
[2010/05/02 10:44:05 | 000,060,864 | ---- | C] (ImageFX) -- C:\Windows\System32\FXIMG300.VBX
[2010/05/02 10:44:05 | 000,059,216 | ---- | C] (ImageFX) -- C:\Windows\System32\FXVID300.VBX
[2010/05/02 10:44:05 | 000,053,344 | ---- | C] (ImageFX) -- C:\Windows\System32\FXLBL300.VBX
[2010/05/02 10:44:05 | 000,043,472 | R--- | C] (Pervasive Software Inc.) -- C:\Windows\System32\WBTRCALL.DLL
[2010/05/02 10:44:05 | 000,026,256 | ---- | C] (ImageFX) -- C:\Windows\System32\FXSND300.VBX
[2010/05/02 10:44:05 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wavemix.dll
[2010/05/02 10:44:05 | 000,017,690 | R--- | C] (Btrieve Technologies, Incorporated) -- C:\Windows\System32\WBTRLOCL.DLL
[2010/05/02 10:44:05 | 000,005,824 | R--- | C] (Btrieve Technologies, Inc.) -- C:\Windows\System32\WBTRTHNK.DLL
[2010/05/02 10:44:05 | 000,004,292 | R--- | C] (Btrieve Technologies, Incorporated) -- C:\Windows\System32\WBT32RES.DLL
[2010/05/02 10:44:04 | 000,026,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\hh.1
[2010/05/02 10:44:04 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3a.dll
[2010/05/02 10:44:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\WexTech Shared
[2010/05/02 09:56:02 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Roaming\WinRAR
[2010/05/02 09:56:01 | 000,000,000 | -HSD | C] -- C:\ProgramData\SysWoW32
[2010/05/02 09:55:47 | 000,000,000 | ---D | C] -- C:\ProgramData\1794487949
[2010/05/02 09:54:24 | 000,000,000 | -HSD | C] -- C:\Users\Dario\AppData\Roaming\SystemProc
[2010/05/02 09:54:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/05/02 09:51:10 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Local\WinZip
[2010/05/02 09:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2010/05/02 09:42:40 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/05/02 09:39:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/05/02 09:19:46 | 000,000,000 | ---D | C] -- C:\Users\Dario\Documents\FrostWire
[2010/05/02 09:19:43 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Roaming\FrostWire
[2010/05/02 09:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/02 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/02 09:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2010/05/02 09:18:56 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/02 09:18:56 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/02 09:18:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/02 09:18:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/02 09:18:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/05/02 09:15:51 | 007,936,534 | ---- | C] (FrostWire, LLC) -- C:\Users\Dario\Desktop\frostwire-4.20.6.windows.exe
[2010/05/02 08:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Stamps.com Internet Postage
[2010/05/02 08:31:10 | 000,111,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCAL.OCX
[2010/05/02 08:31:04 | 000,536,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OC25.DLL
[2010/05/02 08:31:04 | 000,000,000 | ---D | C] -- C:\Peachw
[2010/05/02 08:31:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Peach
[2010/05/02 08:30:39 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010/04/29 14:47:18 | 003,600,384 | ---- | C] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2010/04/27 16:51:07 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010/04/27 16:51:07 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010/04/25 19:33:50 | 000,000,000 | ---D | C] -- C:\Users\Dario\AppData\Roaming\Mozilla
[2010/04/25 18:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUpMedia
[2 C:\Users\Dario\AppData\Roaming\*.tmp files -> C:\Users\Dario\AppData\Roaming\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/22 18:10:30 | 000,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/22 18:10:30 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/22 18:10:30 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/22 18:04:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/22 18:04:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/22 18:04:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/22 18:04:29 | 1508,761,600 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/22 17:57:11 | 207,863,724 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/22 17:42:46 | 060,290,511 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/05/22 05:52:35 | 001,310,720 | -HS- | M] () -- C:\Users\Dario\ntuser.dat
[2010/05/22 05:17:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/17 05:56:54 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/17 05:56:54 | 000,010,416 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/16 18:22:46 | 001,018,734 | -H-- | M] () -- C:\Users\Dario\AppData\Local\IconCache.db
[2010/05/16 09:42:57 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Dario\Desktop\OTL.exe
[2010/05/16 06:10:54 | 000,119,598 | ---- | M] () -- C:\Users\Dario\Documents\Five Common Car mistakes.docx
[2010/05/15 06:18:25 | 000,003,661 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896P.manifest
[2010/05/15 06:13:49 | 000,000,051 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896C.manifest
[2010/05/15 06:13:49 | 000,000,011 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896S.manifest
[2010/05/15 06:13:49 | 000,000,011 | -HS- | M] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896O.manifest
[2010/05/14 06:14:50 | 000,000,615 | ---- | M] () -- C:\Users\Dario\Desktop\TJUtilPack2.lnk
[2010/05/11 17:37:51 | 000,000,817 | ---- | M] () -- C:\ProgramData\1489490410
[2010/05/11 16:31:05 | 000,000,249 | -HS- | M] () -- C:\ProgramData\144146874
[2010/05/02 18:42:31 | 000,001,881 | ---- | M] () -- C:\Users\Dario\Documents\DF.rtf
[2010/05/02 10:46:05 | 000,002,953 | ---- | M] () -- C:\Windows\pcw100.ini
[2010/05/02 10:46:04 | 000,000,793 | ---- | M] () -- C:\Windows\Bti.ini
[2010/05/02 09:56:01 | 000,000,113 | ---- | M] () -- C:\ProgramData\sl1769345832
[2010/05/02 09:55:47 | 000,203,776 | -HS- | M] () -- C:\ProgramData\unrar.exe
[2010/05/02 09:28:00 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/02 09:19:17 | 000,001,177 | ---- | M] () -- C:\Users\Dario\Desktop\FrostWire 4.20.6.lnk
[2010/05/02 09:18:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/02 09:18:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/02 09:18:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/02 09:18:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/02 09:15:54 | 007,936,534 | ---- | M] (FrostWire, LLC) -- C:\Users\Dario\Desktop\frostwire-4.20.6.windows.exe
[2010/05/01 09:31:43 | 000,012,870 | ---- | M] () -- C:\Users\Dario\Documents\EMPRESA BELTRAN.docx
[2010/04/29 14:47:18 | 003,600,384 | ---- | M] (Google Inc.) -- C:\Windows\System32\GPhotos.scr
[2 C:\Users\Dario\AppData\Roaming\*.tmp files -> C:\Users\Dario\AppData\Roaming\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/16 06:10:53 | 000,119,598 | ---- | C] () -- C:\Users\Dario\Documents\Five Common Car mistakes.docx
[2010/05/14 06:14:50 | 000,000,615 | ---- | C] () -- C:\Users\Dario\Desktop\TJUtilPack2.lnk
[2010/05/02 18:42:31 | 000,001,881 | ---- | C] () -- C:\Users\Dario\Documents\DF.rtf
[2010/05/02 10:46:09 | 000,001,078 | ---- | C] () -- C:\Windows\TUTOR.ICO
[2010/05/02 10:46:08 | 000,000,766 | ---- | C] () -- C:\Windows\ACTGPR2.ICO
[2010/05/02 10:44:06 | 000,000,793 | ---- | C] () -- C:\Windows\Bti.ini
[2010/05/02 10:44:05 | 000,320,512 | R--- | C] () -- C:\Windows\System32\W32MKDE.EXE
[2010/05/02 10:44:05 | 000,110,080 | R--- | C] () -- C:\Windows\System32\W32MKRC.DLL
[2010/05/02 10:44:05 | 000,038,576 | ---- | C] () -- C:\Windows\System32\NWLOCALE.DLL
[2010/05/02 10:44:04 | 000,002,953 | ---- | C] () -- C:\Windows\pcw100.ini
[2010/05/02 10:09:04 | 000,000,249 | -HS- | C] () -- C:\ProgramData\144146874
[2010/05/02 09:57:58 | 000,000,817 | ---- | C] () -- C:\ProgramData\1489490410
[2010/05/02 09:56:01 | 000,000,113 | ---- | C] () -- C:\ProgramData\sl1769345832
[2010/05/02 09:55:47 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/05/02 09:54:20 | 000,003,661 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896P.manifest
[2010/05/02 09:54:20 | 000,000,051 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896C.manifest
[2010/05/02 09:54:20 | 000,000,011 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896S.manifest
[2010/05/02 09:54:20 | 000,000,011 | -HS- | C] () -- C:\Users\Dario\AppData\Roaming\02000000a74754cf896O.manifest
[2010/05/02 09:28:00 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/05/02 09:19:17 | 000,001,177 | ---- | C] () -- C:\Users\Dario\Desktop\FrostWire 4.20.6.lnk
[2010/05/02 08:31:44 | 000,172,032 | ---- | C] () -- C:\Windows\System32\rsUtil.dll
[2010/05/01 09:19:59 | 000,012,870 | ---- | C] () -- C:\Users\Dario\Documents\EMPRESA BELTRAN.docx
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 21:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 21:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 21:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 21:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 21:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009/07/13 21:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 21:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 21:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/13 21:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/07/13 21:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/17 18:21:25 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/17 18:21:29 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/21 16:59:05 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/27 03:32:05 | 000,123,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb.sys
[2010/02/27 03:32:26 | 000,221,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb10.sys
[2010/02/27 03:32:12 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\mrxsmb20.sys
< End of report >


Here is the extra:

OTL Extras logfile created on: 5/16/2010 9:44:29 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Dario\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 69.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1862.92 Gb Total Space | 1831.19 Gb Free Space | 98.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DARIO-PC
Current User Name: Dario
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{}_is1" = Ares 3.1.5.3033
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 20
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6072EF5D-2EBB-4FBA-8BE5-1C2BA21E8CFA}" = Watchtower Library 2009 - espaņol
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81063354-9060-42B2-A000-1EBE96778AA9}" = iTunes
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{C9FF844C-02F5-4221-8AD4-0BD823533C6E}_is1" = Ares 3.1.5.3038
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AVG9Uninstall" = AVG Free 9.0
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FrostWire" = FrostWire 4.20.6
"Google Chrome" = Google Chrome
"Peachtree Complete Accounting" = Peachtree Complete Accounting 2003
"Stamps.com Internet Postage" = Stamps.com Internet Postage
"tjutilbarra Toolbar" = tjutilbarra Toolbar
"TJUtilPack" = TJUtilPack 2.4
"TuneUpMedia" = TuneUp Companion 1.6.9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/15/2010 6:18:37 AM | Computer Name = Dario-PC | Source = Application Error | ID = 1000
Description = Faulting application name: SearchProtocolHost.exe, version: 7.0.7600.16385,
time stamp: 0x4a5bcdd0 Faulting module name: DDACLSys32.dll, version: 0.0.0.0, time
stamp: 0x4bd92733 Exception code: 0xc0000005 Fault offset: 0x00002019 Faulting process
id: 0x7e4 Faulting application start time: 0x01caf4178f9e0720 Faulting application
path: C:\Windows\system32\SearchProtocolHost.exe Faulting module path: C:\Windows\system32\DDACLSys32.dll
Report
Id: 39764820-600b-11df-8cc9-00306724fee1

Error - 5/15/2010 6:18:44 AM | Computer Name = Dario-PC | Source = Application Error | ID = 1000
Description = Faulting application name: GoogleToolbarUser_32.exe, version: 6.4.1208.1530,
time stamp: 0x4b1eea03 Faulting module name: DDACLSys32.dll, version: 0.0.0.0, time
stamp: 0x4bd92733 Exception code: 0xc0000005 Fault offset: 0x00002019 Faulting process
id: 0x904 Faulting application start time: 0x01caf417702f4e30 Faulting application
path: C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe Faulting module
path: C:\Windows\system32\DDACLSys32.dll Report Id: 3d33c550-600b-11df-8cc9-00306724fee1

Error - 5/15/2010 6:19:53 AM | Computer Name = Dario-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iTunesHelper.exe, version: 9.0.3.15, time
stamp: 0x4b590700 Faulting module name: DDACLSys32.dll, version: 0.0.0.0, time stamp:
0x4bd92733 Exception code: 0xc0000005 Fault offset: 0x00002019 Faulting process id:
0xa30 Faulting application start time: 0x01caf417505b43c0 Faulting application path:
C:\Program Files\iTunes\iTunesHelper.exe Faulting module path: C:\Windows\system32\DDACLSys32.dll
Report
Id: 6695cba0-600b-11df-8cc9-00306724fee1

Error - 5/15/2010 6:37:19 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/15/2010 6:55:18 AM | Computer Name = Dario-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 5/15/2010 12:03:21 PM | Computer Name = DARIO-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/15/2010 12:53:14 PM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/16/2010 5:56:10 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/16/2010 7:19:48 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

Error - 5/16/2010 7:36:54 AM | Computer Name = Dario-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.

[ System Events ]
Error - 5/15/2010 6:16:40 AM | Computer Name = Dario-PC | Source = DCOM | ID = 10001
Description =

Error - 5/15/2010 12:03:18 PM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:00:43 PM on ?5/?15/?2010 was unexpected.

Error - 5/15/2010 12:53:13 PM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:45:15 PM on ?5/?15/?2010 was unexpected.

Error - 5/15/2010 12:53:14 PM | Computer Name = Dario-PC | Source = BugCheck | ID = 1005
Description =

Error - 5/15/2010 12:53:14 PM | Computer Name = Dario-PC | Source = BugCheck | ID = 1001
Description =

Error - 5/16/2010 5:59:00 AM | Computer Name = Dario-PC | Source = DCOM | ID = 10001
Description =

Error - 5/16/2010 7:19:46 AM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:16:48 AM on ?5/?16/?2010 was unexpected.

Error - 5/16/2010 7:19:46 AM | Computer Name = DARIO-PC | Source = BugCheck | ID = 1005
Description =

Error - 5/16/2010 7:19:46 AM | Computer Name = DARIO-PC | Source = BugCheck | ID = 1001
Description =

Error - 5/16/2010 7:36:52 AM | Computer Name = Dario-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:33:42 AM on ?5/?16/?2010 was unexpected.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 AM

Posted 22 May 2010 - 08:39 PM

Hi,

please run a scan with gmer next:
Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 dariobelt

dariobelt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 26 May 2010 - 01:31 PM

Here is the gmer.log result.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-26 14:22:53
Windows 6.1.7600
Running: hfzw0sfu.exe; Driver: C:\Users\Dario\AppData\Local\Temp\uglcapod.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282BAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 828142D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82813898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282B6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282BF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8282C1A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8288B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 828AFF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys 95550C9D 28 Bytes JMP BAE13E34
.text peauth.sys 95550CC1 28 Bytes JMP BAE13E58

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!CreateWindowExW 77A10E51 5 Bytes JMP 6D9680F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxIndirectParamW 77A34AA7 5 Bytes JMP 6DA8F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxParamW 77A3564A 5 Bytes JMP 6D884B7F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxParamA 77A4CF6A 5 Bytes JMP 6DA8F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!DialogBoxIndirectParamA 77A4D29C 5 Bytes JMP 6DA8F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxIndirectA 77A5E8C9 5 Bytes JMP 6DA8F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxIndirectW 77A5E9C3 5 Bytes JMP 6DA8F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxExA 77A5EA29 5 Bytes JMP 6DA8F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4000] USER32.dll!MessageBoxExW 77A5EA4D 5 Bytes JMP 6DA8F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CreateDialogParamW 77A09BFF 5 Bytes JMP 100EC20C C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!EnableWindow 77A0A72E 5 Bytes JMP 6D8BC4C3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!GetAsyncKeyState 77A0C09A 5 Bytes JMP 6D87D6C9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!UnhookWindowsHookEx 77A0CC7B 5 Bytes JMP 6D9782FA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CallNextHookEx 77A0CC8F 5 Bytes JMP 6D959D00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CreateWindowExW 77A10E51 5 Bytes JMP 6D9680F7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!SetWindowsHookExW 77A1210A 5 Bytes JMP 6D9145DB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!GetKeyState 77A14FDA 5 Bytes JMP 6D8BD73A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!IsDialogMessageW 77A16F06 5 Bytes JMP 6D88425C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CreateDialogParamA 77A23E79 5 Bytes JMP 6DA8FE19 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!IsDialogMessage 77A2407A 5 Bytes JMP 6DA8F6BA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CreateDialogIndirectParamA 77A29110 5 Bytes JMP 6DA8FE50 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!CreateDialogIndirectParamW 77A308AD 5 Bytes JMP 6DA8FE87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxIndirectParamW 77A34AA7 5 Bytes JMP 6DA8F218 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!EndDialog 77A3555C 5 Bytes JMP 6D885AC1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxParamW 77A3564A 5 Bytes JMP 100EC3DC C:\Program Files\tjutilbarra\tbtju1.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!SetKeyboardState 77A36B52 5 Bytes JMP 6DA8FA1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!SendInput 77A37055 5 Bytes JMP 6DA905E8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!SetCursorPos 77A4C1D8 5 Bytes JMP 6DA90640 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxParamA 77A4CF6A 5 Bytes JMP 6DA8F1B5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!DialogBoxIndirectParamA 77A4D29C 5 Bytes JMP 6DA8F27B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxIndirectA 77A5E8C9 5 Bytes JMP 6DA8F14A C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxIndirectW 77A5E9C3 5 Bytes JMP 6DA8F0DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxExA 77A5EA29 5 Bytes JMP 6DA8F07D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!MessageBoxExW 77A5EA4D 5 Bytes JMP 6DA8F01B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] USER32.dll!keybd_event 77A5EC9B 5 Bytes JMP 6DA90973 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] SHELL32.dll!SHChangeNotification_Lock + 45BA 76CFB3E8 4 Bytes [11, 36, 3E, 6B]
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] SHELL32.dll!SHChangeNotification_Lock + 45C2 76CFB3F0 8 Bytes [5F, 35, 3E, 6B, D0, 73, 3D, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ole32.dll!OleLoadFromStream 76385B88 5 Bytes JMP 6DA8F576 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4048] ole32.dll!CoCreateInstance 763D57FC 5 Bytes JMP 6D968BE5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6B3C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6B3D3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6B3D1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6B3CC028] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6B3D3B9B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6B3D595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6B3D47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6B3D4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExA] [6B3D1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6B3CF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6B3C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6B3D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6B3D06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6B3CFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6B3D1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6B3D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6B3D0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6B3D0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6B3D3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6B3D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6B3C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6B3D06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6B3D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6B3D0CA0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6B3D2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6B3CF1BB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6B3CF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6B3CFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6B3D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6B3D1ED3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6B3D4EB8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6B3D47A8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6B3CDF55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6B3D06BA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6B3D3932] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6B3CDCFA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6B3CDE25] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6B3D0571] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6B3C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6B3D1D43] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6B3CDBCF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6B3D41F1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6B3D595C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6B3D4735] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6B3D4B56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6B3D823A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6B3D89C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6B3D8584] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6B3D7E55] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6B3D8CD4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6B3D90D9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6B3D7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6B3D8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6B3D7F8E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6B3D794A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6B3D7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6B3D8898] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6B3D86C0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6B3D8760] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsContentTypeW] [6B3D7EF3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegQueryUSValueW] [6B3D9B99] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegEnumUSKeyW] [6B3D958E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyA] [6B3D99D2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6B3D8026] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6B3D7F42] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6B3D7AE4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6B3D97FC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCanonicalizeW] [6B3D7BD1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6B3D9C52] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6B3D98B5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6B3D77ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6B3D96FD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6B3D81EE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6B3D80BE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6B3D8286] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6B3D8D75] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6B3D7DBA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6B3D8F70] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6B3D892C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegOpenUSKeyW] [6B3D9A2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6B3D92E3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6B3D9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6B3D8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6B3D7B33] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6B3D9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6B3D789A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6B3D83BC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6B3D861C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6B3D8A5E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6B3D8454] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6B3D84EC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6B3D9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6B3D8EBD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6B3CD9AD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6B3D0F2A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6B3D1904] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6B3D141F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6B3D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6B3D09C2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6B3CFAB6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6B3CF834] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6B3CF084] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6B3D27FF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6B3D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6B3CF312] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6B3CEB7A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6B3CE563] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6B3D2ADB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6B3D27DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6B3CE901] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6B3D0043] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6B3CEE02] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6B3D1BBF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6B3D1A3B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6B3C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6B3D9974] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6B3D9916] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6B3D8A0C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6B3D8D26] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6B3D8E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6B3D7D19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6B3D8FCE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6B3D9E16] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6B3D9029] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6B3D9E71] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6B3D7C72] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6B3C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4048] @ C:\Windows\system32\secur32.dll [KERNEL32.dll!GetProcAddress] [6B3C9F14] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000043 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 AM

Posted 26 May 2010 - 02:31 PM

Hi,

can you please tell me where the trojan cryptic.np is found? In which folder and how is the file called?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 dariobelt

dariobelt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 26 May 2010 - 03:21 PM

I try to copy paste the result from AVG vault in order for you to see where is it. But I could not do it. A couple of places is c:\Program Data\SysWoW32\wu43879344vl, c:users\Dario\Document\Frostwire\Saved and c:Windows\System32.

Now sometimes the computer is shuting down by itself when I Try to run AVG. It's getting worst.

Thanks
dariobelt

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 AM

Posted 26 May 2010 - 03:35 PM

Hi,

Your log(s) show that you are using so called peer-to-peer or file-sharing programmes (in your case FrostWire). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 dariobelt

dariobelt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 26 May 2010 - 03:59 PM

Here is the ComboFix.txt

ComboFix 10-05-26.01 - Dario 05/26/2010 16:51:57.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1210 [GMT -4:00]
Running from: c:\users\Dario\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul
c:\program files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf
c:\programdata\SysWoW32
c:\programdata\SysWoW32\@u43879344v0
c:\programdata\SysWoW32\@u43879344v4
c:\programdata\SysWoW32\@u43879344v5
c:\programdata\SysWoW32\@u43879344v6
c:\programdata\SysWoW32\@u43879344v7
c:\programdata\SysWoW32\_u43879344v0
c:\programdata\SysWoW32\_u43879344v4
c:\programdata\SysWoW32\_u43879344v5
c:\programdata\SysWoW32\_u43879344v6
c:\programdata\SysWoW32\_u43879344v7
c:\programdata\SysWoW32\mu43879344v4
c:\programdata\SysWoW32\mu43879344v4.kwd
c:\programdata\SysWoW32\mu43879344v5
c:\programdata\SysWoW32\mu43879344v5.kwd
c:\programdata\SysWoW32\mu43879344v6
c:\programdata\SysWoW32\mu43879344v6.kwd
c:\programdata\SysWoW32\mu43879344v7
c:\programdata\SysWoW32\mu43879344v7.kwd
c:\programdata\SysWoW32\wu43879344v0
c:\programdata\SysWoW32\wu43879344v0.kwd
c:\programdata\SysWoW32\wu43879344v1.kwd
c:\programdata\SysWoW32\wu43879344v2.kwd
c:\programdata\SysWoW32\wu43879344v3.kwd
c:\programdata\unrar.exe
c:\users\Dario\AppData\Roaming\02000000a74754cf896C.manifest
c:\users\Dario\AppData\Roaming\02000000a74754cf896O.manifest
c:\users\Dario\AppData\Roaming\02000000a74754cf896P.manifest
c:\users\Dario\AppData\Roaming\02000000a74754cf896S.manifest
c:\users\Dario\AppData\Roaming\A332.tmp
c:\users\Dario\AppData\Roaming\SystemProc
c:\users\Dario\AppData\Roaming\SystemProc\upd.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 20:55 . 2010-05-26 20:55 -------- d-----w- c:\users\Dario\AppData\Local\temp
2010-05-26 20:55 . 2010-05-26 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 10:31 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 10:14 . 2010-05-14 10:15 -------- d-----w- c:\program files\tjutilbarra
2010-05-14 10:14 . 2010-05-14 10:14 -------- d-----w- c:\program files\Conduit
2010-05-14 10:13 . 2010-05-14 10:17 -------- d-----w- C:\TJUtilPack2
2010-05-11 23:43 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-02 14:45 . 2001-06-19 20:05 86016 ----a-w- c:\windows\system32\SDCCInfo.dll
2010-05-02 13:55 . 2010-05-09 21:48 -------- d-----w- c:\programdata\1794487949
2010-05-02 13:51 . 2010-05-14 10:18 -------- d-----w- c:\users\Dario\AppData\Local\WinZip
2010-05-02 13:42 . 2010-05-02 13:42 -------- d-----w- C:\$AVG
2010-05-02 13:28 . 2010-05-02 13:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-02 13:26 . 2010-05-02 13:26 0 ----a-w- c:\users\Dario\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-02 13:19 . 2010-05-02 14:45 -------- d-----w- c:\users\Dario\AppData\Roaming\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 13:18 . 2010-05-02 13:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 13:18 . 2010-05-02 13:18 -------- d-----w- c:\program files\Java
2010-05-02 12:31 . 2001-06-19 19:15 172032 ----a-w- c:\windows\system32\rsUtil.dll
2010-05-02 12:31 . 2010-05-02 14:46 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-05-02 12:31 . 2010-05-02 15:07 -------- d-----w- C:\Peachw
2010-05-02 12:31 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\Peach
2010-05-02 12:31 . 1995-07-26 04:00 536048 ------w- c:\windows\system32\OC25.DLL
2010-05-02 12:30 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-27 20:51 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 20:51 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 20:51 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 09:52 . 2010-04-10 14:06 -------- d-----w- c:\users\Dario\AppData\Roaming\TuneUpMedia
2010-05-16 15:18 . 2010-02-10 12:37 -------- d-----w- c:\program files\Google
2010-05-15 10:37 . 2010-02-08 07:01 -------- d-----w- c:\programdata\avg9
2010-05-12 00:44 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-02 14:44 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\WexTech Shared
2010-05-02 13:55 . 2010-05-02 13:54 0 --sha-w- c:\users\Dario\AppData\Roaming\9913.tmp
2010-05-02 13:51 . 2010-03-17 23:19 -------- d-----w- c:\programdata\WinZip
2010-04-25 22:28 . 2010-04-25 22:26 -------- d-----w- c:\program files\TuneUpMedia
2010-04-21 21:55 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-21 21:55 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-21 20:59 . 2010-02-08 07:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 14:07 . 2010-04-10 14:06 -------- d-----w- c:\programdata\TuneUpMedia
2010-04-10 14:07 . 2010-03-06 17:00 -------- d-----w- c:\program files\iTunes
2010-03-28 13:07 . 2010-02-11 22:08 -------- d-----w- c:\program files\Watchtower
2010-03-17 22:21 . 2010-03-17 22:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 22:21 . 2010-02-08 07:01 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 22:21 . 2010-02-08 07:01 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 21:33 . 2010-04-13 20:49 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 21:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-27 12:07 . 2010-04-13 20:49 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-13 20:49 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-13 20:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-13 20:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-13 20:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-03-05 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]
2010-05-14 10:15 2515552 ----a-w- c:\program files\tjutilbarra\tbtju1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C6BF3BC4-0101-4782-AB1E-63A072BCED3C}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-10 39408]
"ares"="c:\program files\Ares\Ares.exe" [2009-03-13 3231744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:00]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: descargasteocraticas.org\www
.
- - - - ORPHANS REMOVED - - - -

BHO-{0CC7FCA7-0000-4055-98C1-9DE28ABD7A17} - c:\programdata\dmband32.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-26 16:57:18
ComboFix-quarantined-files.txt 2010-05-26 20:57

Pre-Run: 1,966,569,611,264 bytes free
Post-Run: 1,967,441,174,528 bytes free

- - End Of File - - C42EFE5FAAE2B61E965C5389A5B1F3A2


Thanks myrti
dariobelt

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 AM

Posted 26 May 2010 - 05:40 PM

Hi,

please run the following script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
File::
c:\programdata\1794487949
SRPeek::
C:\windows\system32\user32.dll


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 dariobelt

dariobelt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 26 May 2010 - 06:04 PM

Here is the result:

ComboFix 10-05-26.01 - Dario 05/26/2010 18:57:54.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1253 [GMT -4:00]
Running from: c:\users\Dario\Desktop\ComboFix.exe
Command switches used :: c:\users\Dario\Desktop\CFScript.txt

FILE ::
"c:\programdata\1794487949"
.

((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 23:01 . 2010-05-26 23:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-26 23:01 . 2010-05-26 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 22:56 . 2010-05-26 22:56 -------- d-----w- C:\32788R22FWJFW
2010-05-26 21:45 . 2010-05-26 21:45 -------- d-----w- c:\program files\Xiph.Org
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\programdata\ParetoLogic
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\programdata\FileCure
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\program files\ParetoLogic
2010-05-26 20:57 . 2010-05-26 23:01 -------- d-----w- c:\users\Dario\AppData\Local\temp
2010-05-26 10:31 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 10:14 . 2010-05-14 10:15 -------- d-----w- c:\program files\tjutilbarra
2010-05-14 10:14 . 2010-05-14 10:14 -------- d-----w- c:\program files\Conduit
2010-05-14 10:13 . 2010-05-14 10:17 -------- d-----w- C:\TJUtilPack2
2010-05-11 23:43 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-02 14:45 . 2001-06-19 20:05 86016 ----a-w- c:\windows\system32\SDCCInfo.dll
2010-05-02 13:55 . 2010-05-09 21:48 -------- d-----w- c:\programdata\1794487949
2010-05-02 13:51 . 2010-05-14 10:18 -------- d-----w- c:\users\Dario\AppData\Local\WinZip
2010-05-02 13:42 . 2010-05-02 13:42 -------- d-----w- C:\$AVG
2010-05-02 13:28 . 2010-05-02 13:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-02 13:26 . 2010-05-02 13:26 0 ----a-w- c:\users\Dario\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-02 13:19 . 2010-05-02 14:45 -------- d-----w- c:\users\Dario\AppData\Roaming\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 13:18 . 2010-05-02 13:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 13:18 . 2010-05-02 13:18 -------- d-----w- c:\program files\Java
2010-05-02 12:31 . 2001-06-19 19:15 172032 ----a-w- c:\windows\system32\rsUtil.dll
2010-05-02 12:31 . 2010-05-02 14:46 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-05-02 12:31 . 2010-05-02 15:07 -------- d-----w- C:\Peachw
2010-05-02 12:31 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\Peach
2010-05-02 12:31 . 1995-07-26 04:00 536048 ------w- c:\windows\system32\OC25.DLL
2010-05-02 12:30 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-27 20:51 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 20:51 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 20:51 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 09:52 . 2010-04-10 14:06 -------- d-----w- c:\users\Dario\AppData\Roaming\TuneUpMedia
2010-05-16 15:18 . 2010-02-10 12:37 -------- d-----w- c:\program files\Google
2010-05-15 10:37 . 2010-02-08 07:01 -------- d-----w- c:\programdata\avg9
2010-05-12 00:44 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-02 14:44 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\WexTech Shared
2010-05-02 13:55 . 2010-05-02 13:54 0 --sha-w- c:\users\Dario\AppData\Roaming\9913.tmp
2010-05-02 13:51 . 2010-03-17 23:19 -------- d-----w- c:\programdata\WinZip
2010-04-25 22:28 . 2010-04-25 22:26 -------- d-----w- c:\program files\TuneUpMedia
2010-04-21 21:55 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-21 21:55 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-21 20:59 . 2010-02-08 07:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 14:07 . 2010-04-10 14:06 -------- d-----w- c:\programdata\TuneUpMedia
2010-04-10 14:07 . 2010-03-06 17:00 -------- d-----w- c:\program files\iTunes
2010-03-28 13:07 . 2010-02-11 22:08 -------- d-----w- c:\program files\Watchtower
2010-03-17 22:21 . 2010-03-17 22:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 22:21 . 2010-02-08 07:01 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 22:21 . 2010-02-08 07:01 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 21:33 . 2010-04-13 20:49 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 21:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-27 12:07 . 2010-04-13 20:49 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-13 20:49 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-13 20:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-13 20:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-13 20:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2010-03-05 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-26_20.55.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-02-09 10:06 . 2010-05-26 18:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-09 10:06 . 2010-05-26 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-09 10:06 . 2010-05-26 18:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-09 10:06 . 2010-05-26 21:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-05-26 18:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-26 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-10 23:14 . 2010-05-26 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-10 23:14 . 2010-05-26 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-10 23:14 . 2010-05-26 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-10 10:57 . 2010-05-26 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-10 10:57 . 2010-05-26 20:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]
2010-05-14 10:15 2515552 ----a-w- c:\program files\tjutilbarra\tbtju1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C6BF3BC4-0101-4782-AB1E-63A072BCED3C}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-10 39408]
"ares"="c:\program files\Ares\Ares.exe" [2009-03-13 3231744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 AM

Posted 26 May 2010 - 06:15 PM

Hi,

it seems the log got cut off, could you please retry pasting it entirely?
Do you have yuor Windows CD handy and could we use it?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 dariobelt

dariobelt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 26 May 2010 - 06:23 PM

It was my fault. I didn't shade all the file. Here it is the complete file.
No. I don't have the windows cd with me.

Thanks
dariobelt



ComboFix 10-05-26.01 - Dario 05/26/2010 18:57:54.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1253 [GMT -4:00]
Running from: c:\users\Dario\Desktop\ComboFix.exe
Command switches used :: c:\users\Dario\Desktop\CFScript.txt

FILE ::
"c:\programdata\1794487949"
.

((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 23:01 . 2010-05-26 23:01 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-26 23:01 . 2010-05-26 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-26 22:56 . 2010-05-26 22:56 -------- d-----w- C:\32788R22FWJFW
2010-05-26 21:45 . 2010-05-26 21:45 -------- d-----w- c:\program files\Xiph.Org
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\programdata\ParetoLogic
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\programdata\FileCure
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\program files\ParetoLogic
2010-05-26 20:57 . 2010-05-26 23:01 -------- d-----w- c:\users\Dario\AppData\Local\temp
2010-05-26 10:31 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 10:14 . 2010-05-14 10:15 -------- d-----w- c:\program files\tjutilbarra
2010-05-14 10:14 . 2010-05-14 10:14 -------- d-----w- c:\program files\Conduit
2010-05-14 10:13 . 2010-05-14 10:17 -------- d-----w- C:\TJUtilPack2
2010-05-11 23:43 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-02 14:45 . 2001-06-19 20:05 86016 ----a-w- c:\windows\system32\SDCCInfo.dll
2010-05-02 13:55 . 2010-05-09 21:48 -------- d-----w- c:\programdata\1794487949
2010-05-02 13:51 . 2010-05-14 10:18 -------- d-----w- c:\users\Dario\AppData\Local\WinZip
2010-05-02 13:42 . 2010-05-02 13:42 -------- d-----w- C:\$AVG
2010-05-02 13:28 . 2010-05-02 13:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-02 13:26 . 2010-05-02 13:26 0 ----a-w- c:\users\Dario\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-02 13:19 . 2010-05-02 14:45 -------- d-----w- c:\users\Dario\AppData\Roaming\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 13:18 . 2010-05-02 13:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 13:18 . 2010-05-02 13:18 -------- d-----w- c:\program files\Java
2010-05-02 12:31 . 2001-06-19 19:15 172032 ----a-w- c:\windows\system32\rsUtil.dll
2010-05-02 12:31 . 2010-05-02 14:46 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-05-02 12:31 . 2010-05-02 15:07 -------- d-----w- C:\Peachw
2010-05-02 12:31 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\Peach
2010-05-02 12:31 . 1995-07-26 04:00 536048 ------w- c:\windows\system32\OC25.DLL
2010-05-02 12:30 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-27 20:51 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-04-27 20:51 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-04-27 20:51 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 09:52 . 2010-04-10 14:06 -------- d-----w- c:\users\Dario\AppData\Roaming\TuneUpMedia
2010-05-16 15:18 . 2010-02-10 12:37 -------- d-----w- c:\program files\Google
2010-05-15 10:37 . 2010-02-08 07:01 -------- d-----w- c:\programdata\avg9
2010-05-12 00:44 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-02 14:44 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\WexTech Shared
2010-05-02 13:55 . 2010-05-02 13:54 0 --sha-w- c:\users\Dario\AppData\Roaming\9913.tmp
2010-05-02 13:51 . 2010-03-17 23:19 -------- d-----w- c:\programdata\WinZip
2010-04-25 22:28 . 2010-04-25 22:26 -------- d-----w- c:\program files\TuneUpMedia
2010-04-21 21:55 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-21 21:55 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-21 20:59 . 2010-02-08 07:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 14:07 . 2010-04-10 14:06 -------- d-----w- c:\programdata\TuneUpMedia
2010-04-10 14:07 . 2010-03-06 17:00 -------- d-----w- c:\program files\iTunes
2010-03-28 13:07 . 2010-02-11 22:08 -------- d-----w- c:\program files\Watchtower
2010-03-17 22:21 . 2010-03-17 22:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 22:21 . 2010-02-08 07:01 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 22:21 . 2010-02-08 07:01 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 21:33 . 2010-04-13 20:49 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 21:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-27 12:07 . 2010-04-13 20:49 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-13 20:49 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-13 20:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-13 20:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-13 20:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

(((((((((((((((((((((((((((((((((((((((((( SR_Search ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
------- Sigcheck -------

[-] 2010-03-05 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-26_20.55.46 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-02-09 10:06 . 2010-05-26 18:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-09 10:06 . 2010-05-26 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-09 10:06 . 2010-05-26 18:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-09 10:06 . 2010-05-26 21:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2010-05-26 18:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-26 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-10 23:14 . 2010-05-26 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-10 23:14 . 2010-05-26 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-02-10 23:14 . 2010-05-26 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-10 10:57 . 2010-05-26 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-10 10:57 . 2010-05-26 20:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]
2010-05-14 10:15 2515552 ----a-w- c:\program files\tjutilbarra\tbtju1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C6BF3BC4-0101-4782-AB1E-63A072BCED3C}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-10 39408]
"ares"="c:\program files\Ares\Ares.exe" [2009-03-13 3231744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:00]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:00]

2010-05-26 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-05-26 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: descargasteocraticas.org\www
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-26 19:03:10
ComboFix-quarantined-files.txt 2010-05-26 23:03
ComboFix2.txt 2010-05-26 20:57

Pre-Run: 1,967,393,656,832 bytes free
Post-Run: 1,967,382,409,216 bytes free

- - End Of File - - 7DC24724858634D8F52383E7D36E4E23


#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,766 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:31 AM

Posted 27 May 2010 - 04:32 AM

Hi,

you have a modified system file we would need to replace, that is why I asked.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Folder::
c:\programdata\1794487949


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the file listed below in bold, then click Submit.

C:\windows\system32\user32.dll

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 dariobelt

dariobelt
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:08:31 PM

Posted 27 May 2010 - 05:08 PM

Here is the result:

ComboFix 10-05-26.01 - Dario 05/27/2010 18:02:25.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1918.1094 [GMT -4:00]
Running from: c:\users\Dario\Desktop\ComboFix.exe
Command switches used :: c:\users\Dario\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\1794487949

.
((((((((((((((((((((((((( Files Created from 2010-04-27 to 2010-05-27 )))))))))))))))))))))))))))))))
.

2010-05-26 10:31 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-14 10:14 . 2010-05-14 10:15 -------- d-----w- c:\program files\tjutilbarra
2010-05-14 10:14 . 2010-05-14 10:14 -------- d-----w- c:\program files\Conduit
2010-05-14 10:13 . 2010-05-14 10:17 -------- d-----w- C:\TJUtilPack2
2010-05-11 23:43 . 2010-03-04 07:33 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-02 14:45 . 2001-06-19 20:05 86016 ----a-w- c:\windows\system32\SDCCInfo.dll
2010-05-02 13:51 . 2010-05-14 10:18 -------- d-----w- c:\users\Dario\AppData\Local\WinZip
2010-05-02 13:42 . 2010-05-02 13:42 -------- d-----w- C:\$AVG
2010-05-02 13:28 . 2010-05-02 13:28 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-02 13:26 . 2010-05-02 13:26 0 ----a-w- c:\users\Dario\AppData\Roaming\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2010-05-02 13:19 . 2010-05-02 14:45 -------- d-----w- c:\users\Dario\AppData\Roaming\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\FrostWire
2010-05-02 13:19 . 2010-05-02 13:19 -------- d-----w- c:\program files\Common Files\Java
2010-05-02 13:18 . 2010-05-02 13:18 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-02 13:18 . 2010-05-02 13:18 -------- d-----w- c:\program files\Java
2010-05-02 12:31 . 2001-06-19 19:15 172032 ----a-w- c:\windows\system32\rsUtil.dll
2010-05-02 12:31 . 2010-05-02 14:46 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-05-02 12:31 . 2010-05-02 15:07 -------- d-----w- C:\Peachw
2010-05-02 12:31 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\Peach
2010-05-02 12:31 . 1995-07-26 04:00 536048 ------w- c:\windows\system32\OC25.DLL
2010-05-02 12:30 . 1998-10-29 20:45 306688 ----a-w- c:\windows\IsUninst.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 21:45 . 2010-05-26 21:45 -------- d-----w- c:\program files\Xiph.Org
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\programdata\ParetoLogic
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\programdata\FileCure
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-05-26 21:36 . 2010-05-26 21:36 -------- d-----w- c:\program files\ParetoLogic
2010-05-24 09:52 . 2010-04-10 14:06 -------- d-----w- c:\users\Dario\AppData\Roaming\TuneUpMedia
2010-05-19 19:00 . 2010-05-27 10:04 501872 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb5571.tmp.exe
2010-05-16 15:18 . 2010-02-10 12:37 -------- d-----w- c:\program files\Google
2010-05-15 10:37 . 2010-02-08 07:01 -------- d-----w- c:\programdata\avg9
2010-05-12 00:44 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-02 14:44 . 2010-05-02 14:44 -------- d-----w- c:\program files\Common Files\WexTech Shared
2010-05-02 13:55 . 2010-05-02 13:54 0 --sha-w- c:\users\Dario\AppData\Roaming\9913.tmp
2010-05-02 13:51 . 2010-03-17 23:19 -------- d-----w- c:\programdata\WinZip
2010-04-25 22:28 . 2010-04-25 22:26 -------- d-----w- c:\program files\TuneUpMedia
2010-04-21 21:55 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll
2010-04-21 21:55 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll
2010-04-21 20:59 . 2010-02-08 07:01 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 14:07 . 2010-04-10 14:06 -------- d-----w- c:\programdata\TuneUpMedia
2010-04-10 14:07 . 2010-03-06 17:00 -------- d-----w- c:\program files\iTunes
2010-03-17 22:21 . 2010-03-17 22:21 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-17 22:21 . 2010-02-08 07:01 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-17 22:21 . 2010-02-08 07:01 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-08 21:33 . 2010-04-13 20:49 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 21:32 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll
2010-02-27 12:07 . 2010-04-13 20:49 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 12:07 . 2010-04-13 20:49 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 07:32 . 2010-04-13 20:49 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-13 20:49 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-13 20:49 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

------- Sigcheck -------

[-] 2010-03-05 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-26_20.55.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-08 06:24 . 2010-05-27 21:42 26164 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-05-27 21:42 29910 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-02-09 10:06 . 2010-05-27 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-09 10:06 . 2010-05-26 18:36 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-09 10:06 . 2010-05-27 21:46 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-09 10:06 . 2010-05-26 18:36 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2010-05-27 21:46 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-05-26 18:36 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-08 07:00 . 2010-05-26 20:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-08 07:00 . 2010-05-27 21:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-08 07:00 . 2010-05-26 20:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-08 07:00 . 2010-05-27 21:43 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-08 07:00 . 2010-05-26 20:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-08 07:00 . 2010-05-27 21:43 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-10 10:57 . 2010-05-26 20:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-10 10:57 . 2010-05-27 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-10 23:14 . 2010-05-27 22:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-10 23:14 . 2010-05-27 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-02-10 23:14 . 2010-05-26 20:09 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-02-10 23:14 . 2010-05-27 22:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-02-10 10:57 . 2010-05-26 20:43 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-10 10:57 . 2010-05-27 22:06 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-10 10:57 . 2010-05-26 20:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-10 10:57 . 2010-05-27 21:43 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-20 23:39 . 2010-05-27 00:10 2628 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2010-02-08 06:11 . 2010-05-26 20:43 9036 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1488632439-2138322173-3643674576-1000_UserData.bin
+ 2010-02-08 06:11 . 2010-05-27 21:42 9036 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1488632439-2138322173-3643674576-1000_UserData.bin
+ 2010-05-27 21:41 . 2010-05-27 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-26 20:41 . 2010-05-26 20:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-26 20:41 . 2010-05-26 20:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-27 21:41 . 2010-05-27 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2010-05-26 20:47 615122 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-05-27 21:47 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-05-26 20:47 103496 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-05-27 21:47 103496 c:\windows\System32\perfc009.dat
- 2009-07-14 02:03 . 2010-05-26 16:02 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:03 . 2010-05-27 21:54 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]
2010-05-14 10:15 2515552 ----a-w- c:\program files\tjutilbarra\tbtju1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{c6bf3bc4-0101-4782-ab1e-63a072bced3c}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{C6BF3BC4-0101-4782-AB1E-63A072BCED3C}"= "c:\program files\tjutilbarra\tbtju1.dll" [2010-05-14 2515552]

[HKEY_CLASSES_ROOT\clsid\{c6bf3bc4-0101-4782-ab1e-63a072bced3c}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-10 39408]
"ares"="c:\program files\Ares\Ares.exe" [2009-03-13 3231744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\Dario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 135664]
R3 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-27 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-17 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-21 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-17 308064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-05-27 c:\windows\Tasks\FileCure Default.job
- c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47]

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:00]

2010-05-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-10 13:00]

2010-05-27 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-05-27 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
Trusted Zone: descargasteocraticas.org\www
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-05-27 18:07:42
ComboFix-quarantined-files.txt 2010-05-27 22:07
ComboFix2.txt 2010-05-26 23:03
ComboFix3.txt 2010-05-26 20:57

Pre-Run: 1,967,186,010,112 bytes free
Post-Run: 1,967,159,611,392 bytes free

- - End Of File - - 18A1B2ACD498E8D9396749FAA8F939A1





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users