Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program


  • This topic is locked This topic is locked
12 replies to this topic

#1 javibani

javibani

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 23 April 2012 - 09:09 AM

Hello,

I have a computer Windows 7 64bit with the error of "STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program". I initially cleaned the computer from viruses, after installing MSE and uninstalling Norton and Mcafee trials. There were a number of infected items that were removed, finally it reboot with this issue. Here is the log of Farbar Recovery Scan Tool x64.
Scan result of Farbar Recovery Scan Tool Version: 22-04-2012
Ran by SYSTEM at 23-04-2012 15:02:12
Running from K:\
Windows 7 Home Premium (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8158240 2009-10-07] (Realtek Semiconductor)
HKLM\...\Run: [RunDLLEntry_THXCfg] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 [17920 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [RunDLLEntry_EptMon] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\EptMon64.dll,RunDLLEntry EptMon64 [21504 2009-10-15] (Creative Technology Ltd.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436736 2011-06-15] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-10-02] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2009-07-17] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m [1807680 2010-02-09] ()
HKLM-x32\...\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" /r [963584 2009-12-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [FAStartup] [x]
HKLM-x32\...\Run: [UCam_Menu] "C:\Program Files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Dell\Dell TouchCam" UpdateWithCreateOnce "Software\CyberLink\Dell TouchCam\1.1" [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [98488 2011-04-23] (Sensible Vision )
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [103896 2012-01-04] (PC Tools)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-06] (Apple Inc.)
HKU\MARTA\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-02-24] (Google Inc.)
HKU\MARTA\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\MARTA\...\Run: [YZ5CZHZY2D1F1WUUDNQYWTBBTTHWU] C:\$Recycle$\B8DEA5BB43B.exe /q [x]
HKU\MARTA\...\Winlogon: [Shell] C:\Users\MARTA\AppData\Local\caa402c1\X
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-06] (Dell)
HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Lsa: [Notification Packages] scecli
FAPassSync
SubSystems: [Windows] ==> ZeroAccess

==================== Services (Whitelisted) ======

2 0238701335099065mcinstcleanup; C:\Users\MARTA\AppData\Local\Temp\0238701335099065mcinst.exe C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [1295 2012-04-22] ()
3 AdobeFlashPlayerUpdateSvc; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253088 2012-04-17] (Adobe Systems Incorporated)
2 ATIBTCAP; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 ATIBTCAP; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [462184 2011-08-31] (Apple Inc.)
2 cqmghost; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 cqmghost; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 DM9102; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 DM9102; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 dmio; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 dmio; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 IAStorDataMgrSvc; "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe" [13336 2009-10-02] (Intel Corporation)
2 interactivelogon; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 interactivelogon; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 irda; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 irda; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 isdrv120; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 isdrv120; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [64856 2009-02-26] (Microsoft Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe" [12784 2011-04-27] (Microsoft Corporation)
2 nHancer; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 nHancer; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
3 NisSrv; "C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe" [288272 2011-04-27] (Microsoft Corporation)
2 NWUSBModem; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 NWUSBModem; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [793048 2012-01-04] (PC Tools)
2 ProcObsrv; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 ProcObsrv; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 rp_fws; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 rp_fws; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 ser2pl; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 ser2pl; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 srtspx; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 srtspx; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 vaiomediaplatform-musicserver-appserver; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 vaiomediaplatform-musicserver-appserver; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 viaudio; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 viaudio; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 vxsvc; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 vxsvc; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 winpowermanager; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 winpowermanager; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 winpowermonitor; \\.\globalrootC:\Windows\system32\svchost.exe -k netsvcs [27136 2009-07-14] (Microsoft Corporation)
2 winpowermonitor; \\.\globalrootC:\Windows\SysWow64\svchost.exe -k netsvcs [20992 2009-07-14] (Microsoft Corporation)
2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [x]
2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [x]
2 mfevtp; "C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe" [x]
3 RoxMediaDB10; "c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe" [x]
3 stllssvr; "c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [x]

========================== Drivers (Whitelisted) =============

3 athur; C:\Windows\System32\DRIVERS\athurx.sys [1847296 2010-01-05] (Atheros Communications, Inc.)
3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [115328 2008-03-17] (Huawei Technologies Co., Ltd.)
3 NW1950; C:\Windows\System32\Drivers\NW1950.sys [24568 2009-07-29] ()
1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions)
1 SASDIFSV; \??\C:\Users\MARTA\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [14920 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Users\MARTA\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [12360 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2011-01-11] (Duplex Secure Ltd.)
3 cfwids; C:\Windows\System32\drivers\cfwids.sys [x]
1 kptsiffe; \??\C:\Windows\system32\drivers\kptsiffe.sys [x]
3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [x]
3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [x]
3 mfeavfk01; [x]
3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [x]
0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [x]
3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [x]
0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [x]
3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x]
1 pyfvgkru; \??\C:\Windows\system32\drivers\pyfvgkru.sys [x]

========================== NetSvcs (Whitelisted) ===========
NETSVC: procexp90
NETSVC: bc_tdi_f
NETSVC: Cap7134
NETSVC: sqlagent$soshome22
NETSVC: AEADIFilters
NETSVC: ss_mdm
NETSVC: sbcssvc
NETSVC: USR1806V
NETSVC: ibmcicstransactiongateway
NETSVC: SMCB000
NETSVC: VAIOMediaPlatform-PhotoServer-UPnP
NETSVC: ATIVXSTW
NETSVC: netsvc
NETSVC: FETNDISB
NETSVC: tphkdrv
NETSVC: cachemanxp
NETSVC: RAPIProtocol
NETSVC: TuneUp.Defrag
NETSVC: AN983
NETSVC: RESMGR
NETSVC: eabfiltr
NETSVC: lvckap
NETSVC: SGHIDI
NETSVC: sigfilt
NETSVC: msgame
NETSVC: UWProSys
NETSVC: allegro
NETSVC: sndsrvc
NETSVC: PhilCam8116
NETSVC: w200mdfl
NETSVC: DniVad
NETSVC: zebrmdm
NETSVC: CYGF32X
NETSVC: icm10blk
NETSVC: intelroam
NETSVC: db2remotecmd
NETSVC: NPDriver
NETSVC: CTMSHD
NETSVC: PGPsdkDriver
NETSVC: CTEDSPIO.DLL
NETSVC: MSMQTriggers
NETSVC: pmshellsrv
NETSVC: retroexplauncher
NETSVC: elosystemservice
NETSVC: adsexpb
NETSVC: sbiesvc
NETSVC: mohfilt
NETSVC: DCFS2K
NETSVC: SE26obex
NETSVC: WD_FireWire_HID
NETSVC: vaiomediaplatform-videoserver-appserver
NETSVC: GTWModem
NETSVC: ypcservice
NETSVC: filechecker
NETSVC: kservice
NETSVC: LVVI500A
NETSVC: mindrepair
NETSVC: UNDPX2A
NETSVC: pcidrv
NETSVC: cpuz132
NETSVC: wmp54gsvc
NETSVC: MRV6X32P
NETSVC: ELacpi
NETSVC: regmon701
NETSVC: steamdvr
NETSVC: TUWinStylerThemeSvc
NETSVC: atixsaudio
NETSVC: bdpredir
NETSVC: imagesrv
NETSVC: harmony
NETSVC: pdlncbas
NETSVC: winachcf
NETSVC: s117unic
NETSVC: tdrpman174
NETSVC: QPCapSvc
NETSVC: pxfhmdm
NETSVC: ezplay
NETSVC: VC4CB104
NETSVC: proxyhostdriver
NETSVC: mfebopk
NETSVC: PID_PEPI
NETSVC: Defrag32
NETSVC: DumaNT
NETSVC: dmboot
NETSVC: CXTUNE
NETSVC: MSW_USB
NETSVC: fa_scheduler
NETSVC: prevxdriver
NETSVC: se45mdfl
NETSVC: Mvc25U870_VID_1262&PID_25FD
NETSVC: NWSNS
NETSVC: roxupnprenderer
NETSVC: sysmonlog
NETSVC: BASFND
NETSVC: DELL_A02
NETSVC: CiscoVpnInstallService
NETSVC: trufos
NETSVC: cwcspud
NETSVC: AsuhfivrO
NETSVC: tosrfcom
NETSVC: igateway
NETSVC: issm
NETSVC: sptisrv
NETSVC: tmxpflt
NETSVC: U81xmdm
NETSVC: hprfdev
NETSVC: iSMBIOS
NETSVC: ROOTUSB
NETSVC: sisagp
NETSVC: entech
NETSVC: sdbus
NETSVC: cpntsrv
NETSVC: pwd_2K
NETSVC: lvpopflt
NETSVC: vvdsvc
NETSVC: ScanUSBEMPIA
NETSVC: motoswitchservice
NETSVC: amdk77
NETSVC: VC6SecS
NETSVC: pnmsrv
NETSVC: haspnt
NETSVC: ntlmssp
NETSVC: brmfbags
NETSVC: swmsflt
NETSVC: jukebox3
NETSVC: websensecamreportserver
NETSVC: BlueSoleilCS
NETSVC: {6080a529-897e-4629-a488-aba0c29b635e}
NETSVC: RMSvc
NETSVC: websenseusagemonitor
NETSVC: cisvc
NETSVC: U81xbus
NETSVC: KMWDFilter
NETSVC: mbr
NETSVC: pcscnsrv
NETSVC: ZTEusbser6k
NETSVC: transarcafsdaemon
NETSVC: ikfileflt
NETSVC: openvpnservice
NETSVC: contentfilter
NETSVC: acdpowerservice
NETSVC: SilverLink
NETSVC: edspport
NETSVC: usb20l
NETSVC: NMSCFG
NETSVC: PBADRV
NETSVC: vnxservice
NETSVC: ROB_A
NETSVC: sprtsvc_dellsupportcenter
NETSVC: symsecureport
NETSVC: flashcomadmin
NETSVC: changer
NETSVC: MtxDma0
NETSVC: USBCamera
NETSVC: HssTrayService
NETSVC: omsad
NETSVC: asctrm
NETSVC: RalinkRegistryWriter
NETSVC: webupdate
NETSVC: s3twistr
NETSVC: PTDCBus
NETSVC: nvmd
NETSVC: {e2b953a6-195a-44f9-9ba3-3d5f4e32bb55}
NETSVC: dsunidrv
NETSVC: USBCCID
NETSVC: SE2Cobex
NETSVC: se45nd5
NETSVC: s716mdfl
NETSVC: USB28xxOEM
NETSVC: swupdtmr
NETSVC: backupexecjobengine
NETSVC: oracleorahomedatagatherer
NETSVC: fetnd5bv
NETSVC: ppped
NETSVC: prfldsvc
NETSVC: radiosvr
NETSVC: elbycdio
NETSVC: btwhid
NETSVC: s716bus
NETSVC: pavsrv
NETSVC: cccredmgr
NETSVC: nvax
NETSVC: btwdndis
NETSVC: wwnetdde
NETSVC: ma_cmidi_installerservice
NETSVC: CTERFXFX.DLL
NETSVC: aic78xx
NETSVC: symdns
NETSVC: pdlndoem
NETSVC: centennialiptransferagent
NETSVC: antivirscheduler
NETSVC: W700bus
NETSVC: cwcwdm
NETSVC: alcxwdm
NETSVC: NVXBAR
NETSVC: tiwlnsvc
NETSVC: avinitnt
NETSVC: defragfs
NETSVC: ppmoucls
NETSVC: M2500
NETSVC: atikmdag
NETSVC: cwafreportscheduler
NETSVC: getPlusHelper
NETSVC: HIDSwvd
NETSVC: samfilt
NETSVC: hpqwmi
NETSVC: Eplpdx02
NETSVC: MRENDIS5
NETSVC: STEC3
NETSVC: SWMX00
NETSVC: e1express
NETSVC: aaksrv
NETSVC: epfwtdi
NETSVC: simbad
NETSVC: sqlagent$sony_mediamgr
NETSVC: SE2Cbus
NETSVC: SQTECH905C
NETSVC: cwcpsvc20
NETSVC: BCMModem
NETSVC: pcouffin
NETSVC: asusgsb
NETSVC: roxmediadb9
NETSVC: HECI
NETSVC: tsp
NETSVC: TPwSav
NETSVC: flashcom
NETSVC: omniusbl
NETSVC: scanexplicit
NETSVC: IWCA
NETSVC: ADSMService
NETSVC: naimagent32
NETSVC: ino_fltr
NETSVC: scarddrv
NETSVC: vmnetbridge
NETSVC: wdica
NETSVC: cfgwzsvc
NETSVC: hddsvc
NETSVC: USBModem
NETSVC: wanminiportservice
NETSVC: mpfirewl
NETSVC: suservice
NETSVC: KR3NPXP
NETSVC: nv
NETSVC: wg6n
NETSVC: hcf_msft
NETSVC: Tb2RCAssist
NETSVC: AVerBDA
NETSVC: iviregmgr
NETSVC: FontCache3.0.0.0.
NETSVC: MagicTune
NETSVC: A88xXBar
NETSVC: ftsata2
NETSVC: pcx1unic
NETSVC: snapman380
NETSVC: MTDVC2
NETSVC: dlpwd
NETSVC: w300mdfl
NETSVC: hcwPVRP2
NETSVC: s3ssavage
NETSVC: SE2Emgmt
NETSVC: VAIOMediaPlatform-MusicServer-HTTP
NETSVC: vaiomediaplatform-integratedserver-appserver
NETSVC: TMHIDSRV
NETSVC: askernel
NETSVC: spmd
NETSVC: slabser
NETSVC: pdlndtdl
NETSVC: U81xobex
NETSVC: TMBMServer
NETSVC: atiavaiw
NETSVC: mcupdmgr.exe
NETSVC: aliadwdm
NETSVC: ipinip
NETSVC: NWSAP
NETSVC: appnnode
NETSVC: CA561
NETSVC: wstcodec
NETSVC: bthpan
NETSVC: rasirda
NETSVC: cpqrcmc
NETSVC: Slpsvdr
NETSVC: pcampr5
NETSVC: nvnetbus
NETSVC: adfs
NETSVC: NvNdis
NETSVC: dktknsrv
NETSVC: nwlnkfwd
NETSVC: ccflic0
NETSVC: tb2launch
NETSVC: ctxcpusched
NETSVC: XUIF
NETSVC: HabuFltr
NETSVC: sandradatasrv
NETSVC: sonypvu1
NETSVC: delldmi
NETSVC: meraksmtp
NETSVC: Maplom
NETSVC: syntp
NETSVC: RivaTuner32
NETSVC: wampmysqld
NETSVC: mcpromgr
NETSVC: vsmon
NETSVC: MA8032U
NETSVC: vtserver
NETSVC: hsfhwazl
NETSVC: lexbces
NETSVC: avg7alrt
NETSVC: MSICPL
NETSVC: ctxcpubal
NETSVC: PD0620VID
NETSVC: vci
NETSVC: hpn
NETSVC: epsonbidirectionalservice
NETSVC: point32
NETSVC: nicser_wmp11
NETSVC: SetupNT
NETSVC: avgio
NETSVC: z525mdm
NETSVC: sprtsvc_smartagent
NETSVC: infrastructure
NETSVC: sr
NETSVC: DELTA
NETSVC: db2licd
NETSVC: ASMMAP
NETSVC: ASInsHelp
NETSVC: ovmsmaccessmanager
NETSVC: eamon
NETSVC: webrootadminconsole
NETSVC: mi-raysat_3dsmax8
NETSVC: MREMP50a64
NETSVC: ser2plms
NETSVC: XBCD
NETSVC: regmanserv
NETSVC: nfsds
NETSVC: SQLWriter
NETSVC: tos_sps32
NETSVC: captureservice
NETSVC: mf
NETSVC: carboncopy32
NETSVC: AsIO
NETSVC: datasvr
NETSVC: win32sl

============ One Month Created Files and Folders ==============

2012-04-23 15:02 - 2010-12-05 04:09 - 0000000 ____D C:\FRST
2012-04-22 14:47 - 2011-06-29 22:22 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-22 14:47 - 2011-01-11 17:18 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-22 11:40 - 2011-08-27 01:22 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\SUPERAntiSpyware.com
2012-04-22 11:40 - 2010-12-04 19:48 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-22 11:40 - 2010-12-04 19:48 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-04-22 11:40 - 2010-12-04 19:48 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-22 10:54 - 2010-12-29 23:51 - 0000000 ____D C:\Users\MARTA\Pavark
2012-04-22 08:51 - 2009-07-14 03:41 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-04-22 08:46 - 2012-04-22 08:44 - 0270864 ____A C:\Windows\Minidump\042212-16738-01.dmp
2012-04-22 08:44 - 2012-04-21 16:21 - 0270864 ____A C:\Windows\Minidump\042212-16083-01.dmp
2012-04-21 17:25 - 2012-04-20 22:51 - 0270864 ____A C:\Windows\Minidump\042112-16411-01.dmp
2012-04-21 16:21 - 2012-04-21 17:25 - 0270864 ____A C:\Windows\Minidump\042112-16676-01.dmp
2012-04-20 22:54 - 2012-04-20 22:27 - 0270864 ____A C:\Windows\Minidump\042012-16302-01.dmp
2012-04-20 22:51 - 2012-04-20 17:54 - 0270864 ____A C:\Windows\Minidump\042012-22791-01.dmp
2012-04-20 22:51 - 2010-12-29 23:51 - 0003536 ____N C:\bootsqm.dat
2012-04-20 22:27 - 2012-04-20 17:09 - 0270864 ____A C:\Windows\Minidump\042012-16052-01.dmp
2012-04-20 20:21 - 2012-04-20 17:12 - 0270864 ____A C:\Windows\Minidump\042012-16645-01.dmp
2012-04-20 20:19 - 2012-04-20 22:54 - 0270864 ____A C:\Windows\Minidump\042012-16426-01.dmp
2012-04-20 17:54 - 2012-04-20 20:21 - 0270864 ____A C:\Windows\Minidump\042012-16894-01.dmp
2012-04-20 17:12 - 2012-04-20 20:19 - 0270864 ____A C:\Windows\Minidump\042012-16442-01.dmp
2012-04-20 17:09 - 2012-04-20 17:05 - 0270864 ____A C:\Windows\Minidump\042012-16021-01.dmp
2012-04-20 17:05 - 2012-04-18 23:10 - 0270864 ____A C:\Windows\Minidump\042012-13618-01.dmp
2012-04-18 23:17 - 2012-04-17 00:38 - 0270976 ____A C:\Windows\Minidump\041812-14445-01.dmp
2012-04-18 23:15 - 2012-04-18 23:17 - 0270976 ____A C:\Windows\Minidump\041812-16442-01.dmp
2012-04-18 23:13 - 2011-01-11 18:16 - 0001912 ____A C:\Windows\epplauncher.mif
2012-04-18 23:12 - 2012-04-18 23:15 - 0270976 ____A C:\Windows\Minidump\041812-16707-01.dmp
2012-04-18 23:10 - 2012-04-18 23:12 - 0270976 ____A C:\Windows\Minidump\041812-16926-01.dmp
2012-04-17 00:51 - 2012-02-28 09:34 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-04-17 00:51 - 2012-02-28 08:56 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-04-17 00:51 - 2012-02-28 08:48 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-04-17 00:51 - 2012-02-28 08:45 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-04-17 00:51 - 2012-02-28 08:42 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-04-17 00:51 - 2012-02-28 03:52 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-04-17 00:51 - 2012-02-28 03:18 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-04-17 00:51 - 2012-02-28 03:09 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-04-17 00:51 - 2012-02-28 03:06 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-04-17 00:51 - 2012-02-28 03:03 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-04-17 00:51 - 2011-06-15 00:36 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-04-17 00:51 - 2011-05-03 07:29 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-04-17 00:51 - 2011-05-03 06:30 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-04-17 00:51 - 2010-11-20 15:27 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-04-17 00:51 - 2010-11-20 14:21 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-04-17 00:51 - 2009-07-14 03:41 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-04-17 00:51 - 2009-07-14 03:38 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-04-17 00:51 - 2009-07-14 03:16 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-04-17 00:51 - 2009-07-14 03:14 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-04-17 00:50 - 2012-03-29 03:00 - 0000215 ____A C:\Windows\System32\MRT.INI
2012-04-17 00:48 - 2009-07-14 03:47 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-17 00:48 - 2009-07-14 03:41 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-17 00:48 - 2009-07-14 03:38 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-17 00:48 - 2009-07-14 03:33 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-17 00:48 - 2009-07-14 03:16 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-17 00:48 - 2009-07-14 03:14 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-17 00:48 - 2009-07-14 03:11 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-17 00:43 - 2012-04-17 00:43 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-17 00:38 - 2012-04-17 00:26 - 0270976 ____A C:\Windows\Minidump\041712-18158-01.dmp
2012-04-17 00:30 - 2012-03-29 01:07 - 0270976 ____A C:\Windows\Minidump\041712-16052-01.dmp
2012-04-17 00:28 - 2012-04-17 00:30 - 0270976 ____A C:\Windows\Minidump\041712-16083-01.dmp
2012-04-17 00:26 - 2012-04-17 00:28 - 0270976 ____A C:\Windows\Minidump\041712-17940-01.dmp
2012-04-17 00:24 - 2009-07-14 03:14 - 52550552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-03-31 00:26 - 2012-03-13 18:03 - 0169472 ____A C:\Users\MARTA\AppData\Roaming\cgs8h0.exe
2012-03-31 00:15 - 2011-02-08 21:31 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\Antivirus Protection 2012
2012-03-29 01:07 - 2012-04-22 14:03 - 0000000 ____D C:\Windows\Minidump
2012-03-29 01:07 - 2009-07-14 03:39 - 4737776 ____A C:\Windows\ntbtlog.txt
2012-03-29 01:07 - - 0291912 ____A C:\Windows\Minidump\032912-17269-01.dmp
2012-03-29 00:43 - - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-03-29 00:34 - 2009-07-14 03:40 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
2012-03-29 00:33 - 2010-12-29 23:51 - 0000000 __SHD C:\Users\MARTA\AppData\Local\caa402c1
2012-03-29 00:33 - 2009-07-14 03:14 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-03-29 00:33 - - 0000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-03-27 19:13 - 2011-01-11 17:44 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\Product_RM
2012-03-27 19:13 - 2010-12-04 19:46 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-27 19:13 - 2010-12-04 19:46 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-03-27 19:13 - 2010-12-04 19:46 - 0000000 ____D C:\ProgramData\PC Tools

============ 3 Months Modified Files and Folders =============

2012-04-23 15:02 - 2012-04-23 15:02 - 0000000 ____D C:\FRST
2012-04-23 11:12 - 2010-12-04 19:31 - 479522816 __ASH C:\hiberfil.sys
2012-04-22 18:58 - 2012-03-29 01:07 - 4737776 ____A C:\Windows\ntbtlog.txt
2012-04-22 14:51 - 2010-12-04 19:51 - 0000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2012-04-22 14:51 - 2009-07-14 11:31 - 0699846 ____A C:\Windows\System32\perfh00A.dat
2012-04-22 14:51 - 2009-07-14 11:31 - 0136410 ____A C:\Windows\System32\perfc00A.dat
2012-04-22 14:51 - 2009-07-14 07:13 - 1545680 ____A C:\Windows\System32\PerfStringBackup.INI
2012-04-22 14:48 - 2012-01-27 19:13 - 0000000 ____D C:\Users\All Users\Symantec
2012-04-22 14:48 - 2012-01-27 19:13 - 0000000 ____D C:\Users\All Users\Norton
2012-04-22 14:48 - 2012-01-27 19:13 - 0000000 ____D C:\Users\All Users\Application Data\Symantec
2012-04-22 14:48 - 2012-01-27 19:13 - 0000000 ____D C:\Users\All Users\Application Data\Norton
2012-04-22 14:48 - 2012-01-27 19:13 - 0000000 ____D C:\ProgramData\Norton
2012-04-22 14:47 - 2012-04-22 14:47 - 0000000 ____D C:\Program Files\Microsoft Security Client
2012-04-22 14:47 - 2012-04-22 14:47 - 0000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-04-22 14:47 - 2012-04-18 23:13 - 0001912 ____A C:\Windows\epplauncher.mif
2012-04-22 14:47 - 2012-02-11 01:40 - 1567040 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-04-22 14:46 - 2011-02-24 16:55 - 0001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-04-22 14:46 - 2010-12-04 20:14 - 0000000 ____D C:\Users\Default\Local Settings\SoftThinks
2012-04-22 14:46 - 2010-12-04 20:14 - 0000000 ____D C:\Users\Default\Local Settings\Application Data\SoftThinks
2012-04-22 14:46 - 2010-12-04 20:14 - 0000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2012-04-22 14:46 - 2010-12-04 20:14 - 0000000 ____D C:\Users\Default User\Local Settings\SoftThinks
2012-04-22 14:46 - 2010-12-04 20:14 - 0000000 ____D C:\Users\Default User\Local Settings\Application Data\SoftThinks
2012-04-22 14:46 - 2010-12-04 20:14 - 0000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2012-04-22 14:46 - 2009-07-14 07:08 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-04-22 14:45 - 2012-03-29 00:34 - 0000000 __ASH C:\Windows\System32\dds_log_trash.cmd
2012-04-22 14:45 - 2009-07-14 06:51 - 0114062 ____A C:\Windows\setupact.log
2012-04-22 14:03 - 2012-02-10 13:30 - 0000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job
2012-04-22 14:03 - 2010-12-04 19:31 - 0033664 ____A C:\Windows\PFRO.log
2012-04-22 14:03 - 2009-07-14 07:10 - 1398267 ____A C:\Windows\WindowsUpdate.log
2012-04-22 14:03 - 2009-07-14 06:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-04-22 14:03 - 2009-07-14 06:45 - 0014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-04-22 13:22 - 2012-04-22 10:54 - 0000000 ____D C:\Users\MARTA\Pavark
2012-04-22 11:40 - 2012-04-22 11:40 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\SUPERAntiSpyware.com
2012-04-22 11:40 - 2012-04-22 11:40 - 0000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-04-22 11:40 - 2012-04-22 11:40 - 0000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-04-22 11:40 - 2012-04-22 11:40 - 0000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2012-04-22 10:54 - 2010-12-29 23:51 - 0000000 ____D C:\users\MARTA
2012-04-22 10:51 - 2012-03-29 00:33 - 0000000 __SHD C:\Users\MARTA\AppData\Local\caa402c1
2012-04-22 09:22 - 2012-01-11 22:46 - 0000000 ___HD C:\$Recycle$
2012-04-22 08:46 - 2012-04-22 08:46 - 0270864 ____A C:\Windows\Minidump\042212-16738-01.dmp
2012-04-22 08:46 - 2012-03-29 01:07 - 0000000 ____D C:\Windows\Minidump
2012-04-22 08:44 - 2012-04-22 08:44 - 0270864 ____A C:\Windows\Minidump\042212-16083-01.dmp
2012-04-21 17:25 - 2012-04-21 17:25 - 0270864 ____A C:\Windows\Minidump\042112-16411-01.dmp
2012-04-21 16:21 - 2012-04-21 16:21 - 0270864 ____A C:\Windows\Minidump\042112-16676-01.dmp
2012-04-20 22:54 - 2012-04-20 22:54 - 0270864 ____A C:\Windows\Minidump\042012-16302-01.dmp
2012-04-20 22:51 - 2012-04-20 22:51 - 0270864 ____A C:\Windows\Minidump\042012-22791-01.dmp
2012-04-20 22:51 - 2012-04-20 22:51 - 0003536 ____N C:\bootsqm.dat
2012-04-20 22:27 - 2012-04-20 22:27 - 0270864 ____A C:\Windows\Minidump\042012-16052-01.dmp
2012-04-20 20:21 - 2012-04-20 20:21 - 0270864 ____A C:\Windows\Minidump\042012-16645-01.dmp
2012-04-20 20:19 - 2012-04-20 20:19 - 0270864 ____A C:\Windows\Minidump\042012-16426-01.dmp
2012-04-20 17:54 - 2012-04-20 17:54 - 0270864 ____A C:\Windows\Minidump\042012-16894-01.dmp
2012-04-20 17:12 - 2012-04-20 17:12 - 0270864 ____A C:\Windows\Minidump\042012-16442-01.dmp
2012-04-20 17:09 - 2012-04-20 17:09 - 0270864 ____A C:\Windows\Minidump\042012-16021-01.dmp
2012-04-20 17:05 - 2012-04-20 17:05 - 0270864 ____A C:\Windows\Minidump\042012-13618-01.dmp
2012-04-18 23:17 - 2012-04-18 23:17 - 0270976 ____A C:\Windows\Minidump\041812-14445-01.dmp
2012-04-18 23:15 - 2012-04-18 23:15 - 0270976 ____A C:\Windows\Minidump\041812-16442-01.dmp
2012-04-18 23:12 - 2012-04-18 23:12 - 0270976 ____A C:\Windows\Minidump\041812-16707-01.dmp
2012-04-18 23:10 - 2012-04-18 23:10 - 0270976 ____A C:\Windows\Minidump\041812-16926-01.dmp
2012-04-18 22:51 - 2012-03-29 00:33 - 0000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-04-17 00:52 - 2011-01-11 17:18 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-04-17 00:52 - 2011-01-11 17:18 - 0000000 ____D C:\Users\All Users\Application Data\Microsoft Help
2012-04-17 00:52 - 2011-01-11 17:18 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-04-17 00:50 - 2012-04-17 00:50 - 0000215 ____A C:\Windows\System32\MRT.INI
2012-04-17 00:50 - 2012-03-31 00:15 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\Antivirus Protection 2012
2012-04-17 00:43 - 2012-04-17 00:43 - 8766112 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2012-04-17 00:43 - 2012-03-29 00:33 - 0418464 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-04-17 00:43 - 2011-06-16 13:59 - 0070304 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-04-17 00:42 - 2011-09-29 23:14 - 0002342 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2012-04-17 00:42 - 2011-09-29 23:14 - 0002342 ____A C:\Users\All Users\Desktop\Google Chrome.lnk
2012-04-17 00:42 - 2011-02-24 16:55 - 0001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-04-17 00:38 - 2012-04-17 00:38 - 0270976 ____A C:\Windows\Minidump\041712-18158-01.dmp
2012-04-17 00:30 - 2012-04-17 00:30 - 0270976 ____A C:\Windows\Minidump\041712-16052-01.dmp
2012-04-17 00:28 - 2012-04-17 00:28 - 0270976 ____A C:\Windows\Minidump\041712-16083-01.dmp
2012-04-17 00:26 - 2012-04-17 00:26 - 0270976 ____A C:\Windows\Minidump\041712-17940-01.dmp
2012-04-10 15:46 - 2012-01-28 13:36 - 0000286 ____A C:\Windows\Tasks\RMSchedule.job
2012-04-03 17:00 - 2012-02-03 20:00 - 0000284 ____A C:\Windows\SysWOW64\AppLog.log
2012-03-31 15:38 - 2009-07-14 07:08 - 0032654 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-03-31 00:26 - 2012-03-31 00:26 - 0169472 ____A C:\Users\MARTA\AppData\Roaming\cgs8h0.exe
2012-03-29 11:58 - 2010-12-29 23:51 - 0000000 ____D C:\Users\MARTA\AppData\LocalLow
2012-03-29 03:00 - 2011-01-11 17:51 - 57249312 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-03-29 01:13 - 2012-01-28 13:36 - 0000000 ____D C:\Program Files (x86)\PC Tools Registry Mechanic
2012-03-29 01:07 - 2012-03-29 01:07 - 0291912 ____A C:\Windows\Minidump\032912-17269-01.dmp
2012-03-29 00:43 - 2012-03-29 00:43 - 0000000 __SHD C:\Windows\System32\%APPDATA%
2012-03-27 19:13 - 2012-03-27 19:13 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\Product_RM
2012-03-27 19:13 - 2012-03-27 19:13 - 0000000 ____D C:\Users\All Users\PC Tools
2012-03-27 19:13 - 2012-03-27 19:13 - 0000000 ____D C:\Users\All Users\Application Data\PC Tools
2012-03-27 19:13 - 2012-03-27 19:13 - 0000000 ____D C:\ProgramData\PC Tools
2012-03-27 19:13 - 2012-01-28 13:36 - 0001198 ____A C:\Users\Public\Desktop\PC Tools Registry Mechanic.lnk
2012-03-27 19:13 - 2012-01-28 13:36 - 0001198 ____A C:\Users\All Users\Desktop\PC Tools Registry Mechanic.lnk
2012-03-26 15:50 - 2012-02-10 13:30 - 0000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2012-03-24 23:36 - 2011-02-24 16:55 - 0000000 ____D C:\Users\MARTA\AppData\Local\Google
2012-03-15 01:58 - 2009-07-14 06:45 - 0465192 ____A C:\Windows\System32\FNTCACHE.DAT
2012-03-13 18:03 - 2011-11-19 15:13 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\Apple Computer
2012-03-13 17:54 - 2011-11-19 15:11 - 0002521 ____A C:\Users\Public\Desktop\Safari.lnk
2012-03-13 17:54 - 2011-11-19 15:11 - 0002521 ____A C:\Users\All Users\Desktop\Safari.lnk
2012-03-13 17:54 - 2011-11-19 15:11 - 0000000 ____D C:\Program Files (x86)\Safari
2012-03-13 17:52 - 2012-03-13 17:52 - 0001785 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-03-13 17:52 - 2012-03-13 17:52 - 0001785 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-03-13 17:52 - 2012-03-13 17:52 - 0000000 ____D C:\Program Files\iTunes
2012-03-13 17:52 - 2012-03-13 17:52 - 0000000 ____D C:\Program Files\iPod
2012-03-13 17:52 - 2012-03-13 17:52 - 0000000 ____D C:\Program Files (x86)\iTunes
2012-03-01 08:46 - 2012-04-17 00:48 - 0023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-03-01 08:38 - 2012-04-17 00:48 - 0220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-03-01 08:33 - 2012-04-17 00:48 - 0081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-03-01 08:28 - 2012-04-17 00:48 - 0005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-03-01 07:37 - 2012-04-17 00:48 - 0172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-03-01 07:33 - 2012-04-17 00:48 - 0159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-03-01 07:29 - 2012-04-17 00:48 - 0005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-03-01 00:53 - 2012-03-01 00:53 - 0000000 ____D C:\Users\MARTA\AppData\Local\{97957D58-8000-4A6D-B9AA-4D64839EE722}
2012-03-01 00:53 - 2011-11-25 12:38 - 0000000 ____D C:\Users\MARTA\AppData\Local\Windows Live
2012-02-28 09:34 - 2012-04-17 00:51 - 17790976 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-28 09:02 - 2012-04-17 00:51 - 10888704 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-28 08:56 - 2012-04-17 00:51 - 2311168 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-02-28 08:50 - 2012-04-17 00:51 - 1345536 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-28 08:49 - 2012-04-17 00:51 - 1390080 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-28 08:48 - 2012-04-17 00:51 - 1493504 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-02-28 08:48 - 2012-04-17 00:51 - 0237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-28 08:47 - 2012-04-17 00:51 - 0085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-28 08:45 - 2012-04-17 00:51 - 0818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-02-28 08:43 - 2012-04-17 00:51 - 2144256 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-28 08:43 - 2012-04-17 00:51 - 0096256 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-28 08:42 - 2012-04-17 00:51 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-28 08:39 - 2012-04-17 00:51 - 0248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-28 03:52 - 2012-04-17 00:51 - 12281856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-02-28 03:27 - 2012-04-17 00:51 - 9705984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-02-28 03:18 - 2012-04-17 00:51 - 1799168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-02-28 03:12 - 2012-04-17 00:51 - 1103360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-02-28 03:11 - 2012-04-17 00:51 - 1427456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-02-28 03:11 - 2012-04-17 00:51 - 1127424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-02-28 03:09 - 2012-04-17 00:51 - 0231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-02-28 03:08 - 2012-04-17 00:51 - 0065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-02-28 03:06 - 2012-04-17 00:51 - 0716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-02-28 03:04 - 2012-04-17 00:51 - 1792000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-02-28 03:03 - 2012-04-17 00:51 - 2382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-02-28 03:03 - 2012-04-17 00:51 - 0072704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-02-28 02:59 - 2012-04-17 00:51 - 0176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-02-23 10:18 - 2012-04-22 08:51 - 0279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-02-21 18:27 - 2009-07-14 04:34 - 0000510 ____A C:\Windows\win.ini
2012-02-17 08:38 - 2012-03-14 01:00 - 1031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-02-17 07:34 - 2012-03-14 01:00 - 0826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2012-02-17 06:58 - 2012-03-14 01:00 - 0210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-02-17 06:57 - 2012-03-14 01:00 - 0023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-02-16 14:55 - 2010-12-04 19:58 - 0000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 01:55 - 2011-07-20 00:03 - 0000000 ____D C:\Users\MARTA\AppData\Local\PokerStars
2012-02-10 13:30 - 2011-05-25 17:11 - 0000000 ____D C:\Program Files\Dell Support Center
2012-02-10 13:30 - 2010-12-04 20:04 - 0000000 ____D C:\Users\All Users\Dell
2012-02-10 13:30 - 2010-12-04 20:04 - 0000000 ____D C:\Users\All Users\Application Data\Dell
2012-02-10 13:30 - 2010-12-04 20:04 - 0000000 ____D C:\ProgramData\Dell
2012-02-10 08:36 - 2012-03-14 01:01 - 1544192 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-02-10 07:38 - 2012-03-14 01:01 - 1077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-02-07 18:49 - 2011-09-06 21:49 - 0000000 ____D C:\Users\MARTA\FOTOS VARIADAS 15-06-11
2012-02-07 11:02 - 2012-02-07 11:02 - 1070352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMCTL.OCX
2012-02-03 06:34 - 2012-03-14 01:01 - 3145728 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-31 23:27 - 2012-01-31 23:25 - 2904064 ____A C:\Users\MARTA\s-1-5-21-762421698-3512573189-3118915619-1000.rrr
2012-01-31 23:22 - 2012-01-31 23:22 - 0000000 ____D C:\Users\MARTA\AppData\Roaming\Registry Mechanic
2012-01-31 23:22 - 2009-07-14 07:32 - 0000000 ____D C:\Windows\Downloaded Program Files
2012-01-27 19:13 - 2012-01-27 19:13 - 0000000 ____D C:\Users\All Users\NortonInstaller
2012-01-27 19:13 - 2012-01-27 19:13 - 0000000 ____D C:\Users\All Users\Application Data\NortonInstaller
2012-01-27 19:13 - 2012-01-27 19:13 - 0000000 ____D C:\ProgramData\Symantec
2012-01-27 19:13 - 2012-01-27 19:13 - 0000000 ____D C:\ProgramData\NortonInstaller
2012-01-26 23:20 - 2012-04-17 00:24 - 52550552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MRT.exe
2012-01-26 18:05 - 2010-12-04 19:46 - 0000000 ____D C:\Windows\SysWOW64\Macromed
2012-01-25 08:38 - 2012-03-14 01:00 - 0149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-01-25 08:38 - 2012-03-14 01:00 - 0077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-01-25 08:33 - 2012-03-14 01:00 - 0009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 6071.08 MB
Available physical RAM: 5387.91 MB
Total Pagefile: 6069.23 MB
Available Pagefile: 5380.64 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:53.73 GB) (Free:13.43 GB) NTFS
2 Drive d: () (Fixed) (Total:866.42 GB) (Free:838.29 GB) NTFS
7 Drive i: (RECOVERY) (Fixed) (Total:11.27 GB) (Free:5.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
8 Drive j: (WinXPLive) (CDROM) (Total:0.67 GB) (Free:0 GB) CDFS
9 Drive k: () (Removable) (Total:14.9 GB) (Free:6.67 GB) FAT32
10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

N£m Disco Estado Tama¤o Disp Din Gpt
---------- ---------- ------- ------- --- ---
Disco 0 En l¡nea 931 GB 0 B
Disco 1 No hay med 0 B 0 B
Disco 2 No hay med 0 B 0 B
Disco 3 No hay med 0 B 0 B
Disco 4 No hay med 0 B 0 B
Disco 5 En l¡nea 14 GB 0 B

Saliendo de DiskPart...


==========================================================

Last Boot: 2012-04-10 16:28

======================= End Of Log ==========================

I need help, thanks.

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:16 AM

Posted 23 April 2012 - 11:42 AM

Hi

Please do the following:


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

start
script removed
end

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now please enter System Recovery Options then select Command Prompt

Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.

Edited by CatByte, 03 July 2012 - 08:54 PM.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 javibani

javibani
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 24 April 2012 - 04:20 AM

It works fine, good job my friend, thank you very much. I have another problem, I tried to activate firewall but it shows error 0x80070424 and there is no firewall service in this computer, do you know what would happen?.

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:16 AM

Posted 24 April 2012 - 05:16 PM

Yes, the malware does interrupt some services, so we have more work to do,

Please do the following:

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.



NEXT



Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 javibani

javibani
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 25 April 2012 - 06:42 AM

Hi,

Here are the logs.

ComboFix 12-04-24.05 - MARTA 25/04/2012 12:10:30.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.6071.4730 [GMT 2:00]
Running from: d:\mis documentos\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))
.
.
2012-04-25 10:13 . 2012-04-25 10:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 14:25 . 2012-04-24 14:24 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23085CDD-2DF7-4F61-B2FC-A11B5D188F69}\gapaengine.dll
2012-04-24 14:25 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-24 14:25 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA089036-9A88-4BB0-BADE-73940E89409B}\mpengine.dll
2012-04-24 12:33 . 2012-04-24 12:59 -------- d-----w- c:\users\MARTA\AppData\Roaming\Auslogics
2012-04-23 13:02 . 2012-04-23 13:03 -------- d-----w- C:\FRST
2012-04-22 12:47 . 2012-04-22 12:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-22 12:47 . 2012-04-22 12:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-22 09:40 . 2012-04-22 09:40 -------- d-----w- c:\users\MARTA\AppData\Roaming\SUPERAntiSpyware.com
2012-04-22 09:40 . 2012-04-22 09:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-22 08:54 . 2012-04-22 11:22 -------- d-----w- c:\users\MARTA\Pavark
2012-04-22 06:51 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-16 22:48 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 22:48 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 22:48 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 22:48 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-16 22:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-16 22:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-16 22:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-16 22:43 . 2012-04-16 22:43 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-28 22:43 . 2012-03-28 22:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-28 22:33 . 2012-04-16 22:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-27 17:13 . 2012-03-27 17:13 -------- d-----w- c:\programdata\PC Tools
2012-03-27 17:13 . 2012-03-27 17:13 -------- d-----w- c:\users\MARTA\AppData\Roaming\Product_RM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 22:43 . 2011-06-16 11:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-13 23:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 23:01 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:01 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 23:01 3145728 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 15:35 . 2011-02-09 15:36 11574784 ----a-w- c:\program files\Vodafone Mobile Connect.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-25_09.51.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-04 18:11 . 2012-04-25 09:53 55920 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-25 09:53 28100 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-29 21:53 . 2012-04-25 09:53 17304 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-762421698-3512573189-3118915619-1000_UserData.bin
+ 2012-04-25 10:14 . 2012-04-25 10:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-25 09:51 . 2012-04-25 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-25 10:14 . 2012-04-25 10:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 09:31 . 2012-04-25 10:18 699846 c:\windows\system32\perfh00A.dat
- 2009-07-14 09:31 . 2012-04-25 06:54 699846 c:\windows\system32\perfh00A.dat
- 2009-07-14 02:36 . 2012-04-25 06:54 611996 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-25 10:18 611996 c:\windows\system32\perfh009.dat
+ 2009-07-14 09:31 . 2012-04-25 10:18 136410 c:\windows\system32\perfc00A.dat
- 2009-07-14 09:31 . 2012-04-25 06:54 136410 c:\windows\system32\perfc00A.dat
+ 2009-07-14 02:36 . 2012-04-25 10:18 105214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-25 06:54 105214 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-25 10:13 427384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-25 09:50 427384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-24 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UCam_Menu"="c:\program files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"FAStartup"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
.
c:\users\MARTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Touch Screen Tools.lnk - c:\program files (x86)\NextWindow\TouchScreenTools.exe [2009-8-24 445440]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-23 20:17 147640 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\users\MARTA\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\MARTA\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-04 793048]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 22:43]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 14:55]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 14:55]
.
2012-04-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-04-10 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-01-28 20:24]
.
2012-04-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Audiov
agent
Service
Tapiv
sqlagent$soshome22
sqlagent$sony_mediamgr
netbus
Ndis
SessionEbrowser
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.es/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: fnmt.es
TCP: DhcpNameServer = 192.168.40.10 192.168.40.11 195.5.64.2
FF - ProfilePath - c:\users\MARTA\AppData\Roaming\Mozilla\Firefox\Profiles\vq3h3ck6.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-04-25 12:21:56 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-25 10:21
ComboFix2.txt 2012-04-25 09:54
.
Pre-Run: 20.295.729.152 bytes libres
Post-Run: 20.249.260.032 bytes libres
.
- - End Of File - - 41551EC5FD154DC71C9DB719F873F8F9





----------------------------------------------------------------------------------------------------------------------

Farbar Service Scanner Version: 24-04-2012
Ran by MARTA (administrator) on 25-04-2012 at 12:27:14
Running from "D:\Mis Documentos\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

Attached Files



#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:16 AM

Posted 25 April 2012 - 05:05 PM

Hi,

Please do the following:

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

NetSvc::
Audiov
agent
Service
Tapiv
sqlagent$soshome22
sqlagent$sony_mediamgr
netbus
Ndis
SessionEbrowser

ClearJavaCache::

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.



NEXT


Please download RestoreBFE.exe from here

Double click on the downloaded file. It should only take a few seconds to run.
When complete, it will say .. "Done! Please check if BFE service is running now"

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 javibani

javibani
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 26 April 2012 - 01:44 AM

Hi,

Here is de log of combofix, the RestoreBFE app shows error "This tool does not apply to you" but there is a firewall service running ¡is ok!. We finished?.


ComboFix 12-04-24.05 - MARTA 26/04/2012 8:14.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.34.3082.18.6071.4515 [GMT 2:00]
Running from: k:\marta\ComboFix.exe
Command switches used :: d:\mis documentos\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-03-26 to 2012-04-26 )))))))))))))))))))))))))))))))
.
.
2012-04-26 06:29 . 2012-04-26 06:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-24 14:25 . 2012-04-24 14:24 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{23085CDD-2DF7-4F61-B2FC-A11B5D188F69}\gapaengine.dll
2012-04-24 14:25 . 2012-03-20 01:51 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-24 14:25 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FA089036-9A88-4BB0-BADE-73940E89409B}\mpengine.dll
2012-04-24 12:33 . 2012-04-24 12:59 -------- d-----w- c:\users\MARTA\AppData\Roaming\Auslogics
2012-04-23 13:02 . 2012-04-23 13:03 -------- d-----w- C:\FRST
2012-04-22 12:47 . 2012-04-22 12:47 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-22 12:47 . 2012-04-22 12:47 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-22 09:40 . 2012-04-22 09:40 -------- d-----w- c:\users\MARTA\AppData\Roaming\SUPERAntiSpyware.com
2012-04-22 09:40 . 2012-04-22 09:40 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-04-22 08:54 . 2012-04-22 11:22 -------- d-----w- c:\users\MARTA\Pavark
2012-04-22 06:51 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-04-16 22:48 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-16 22:48 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-16 22:48 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-16 22:48 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-16 22:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-16 22:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-16 22:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-16 22:43 . 2012-04-16 22:43 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-03-28 22:43 . 2012-03-28 22:43 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-03-28 22:33 . 2012-04-16 22:43 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-03-27 17:13 . 2012-03-27 17:13 -------- d-----w- c:\programdata\PC Tools
2012-03-27 17:13 . 2012-03-27 17:13 -------- d-----w- c:\users\MARTA\AppData\Roaming\Product_RM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-16 22:43 . 2011-06-16 11:59 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-17 06:38 . 2012-03-13 23:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-13 23:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-13 23:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-13 23:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-13 23:01 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-13 23:01 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-07 09:02 . 2012-02-07 09:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:34 . 2012-03-13 23:01 3145728 ----a-w- c:\windows\system32\win32k.sys
2011-02-09 15:35 . 2011-02-09 15:36 11574784 ----a-w- c:\program files\Vodafone Mobile Connect.msi
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-25_09.51.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-04-24 15:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-04-25 11:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-04-24 15:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 11:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-04-25 11:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-24 15:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-04 18:11 . 2012-04-26 06:11 56158 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-26 06:11 28316 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-29 21:53 . 2012-04-26 06:11 17488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-762421698-3512573189-3118915619-1000_UserData.bin
+ 2012-04-26 06:30 . 2012-04-26 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-04-25 09:51 . 2012-04-25 09:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-26 06:30 . 2012-04-26 06:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 09:31 . 2012-04-26 06:15 699846 c:\windows\system32\perfh00A.dat
- 2009-07-14 09:31 . 2012-04-25 06:54 699846 c:\windows\system32\perfh00A.dat
- 2009-07-14 02:36 . 2012-04-25 06:54 611996 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-26 06:15 611996 c:\windows\system32\perfh009.dat
+ 2009-07-14 09:31 . 2012-04-26 06:15 136410 c:\windows\system32\perfc00A.dat
- 2009-07-14 09:31 . 2012-04-25 06:54 136410 c:\windows\system32\perfc00A.dat
+ 2009-07-14 02:36 . 2012-04-26 06:15 105214 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-25 06:54 105214 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-04-26 06:29 427384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-04-25 09:50 427384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-02-17 13:44 . 2012-04-25 09:50 2308414 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-762421698-3512573189-3118915619-1000-8192.dat
+ 2011-02-17 13:44 . 2012-04-26 06:29 2308414 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-762421698-3512573189-3118915619-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-24 39408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2009-07-17 237568]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio PC\THXAudioCP\THXAudio.exe" [2009-12-01 963584]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"UCam_Menu"="c:\program files (x86)\Dell\Dell TouchCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2011-04-23 98488]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"FAStartup"="" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-06 559616]
.
c:\users\MARTA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Touch Screen Tools.lnk - c:\program files (x86)\NextWindow\TouchScreenTools.exe [2009-8-24 445440]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2010-5-28 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2011-04-23 20:17 147640 ----a-w- c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli FAPassSync
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\users\MARTA\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\MARTA\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 gupdate;Servicio Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 253088]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-15 183560]
R3 gupdatem;Servicio de Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspección de red de Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2011-04-23 2412728]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-10-02 13336]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-04 793048]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480]
S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 22:43]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 14:55]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 14:55]
.
2012-04-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
2012-04-10 c:\windows\Tasks\RMSchedule.job
- c:\program files (x86)\PC Tools Registry Mechanic\RegMech.exe [2012-01-28 20:24]
.
2012-04-25 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2012-02-07 23:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-07 8158240]
"RunDLLEntry_THXCfg"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"RunDLLEntry_EptMon"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Audiov
agent
Service
Tapiv
sqlagent$soshome22
sqlagent$sony_mediamgr
netbus
Ndis
SessionEbrowser
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.es/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: fnmt.es
TCP: DhcpNameServer = 192.168.40.10 192.168.40.11 195.5.64.2
FF - ProfilePath - c:\users\MARTA\AppData\Roaming\Mozilla\Firefox\Profiles\vq3h3ck6.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
.
**************************************************************************
.
Completion time: 2012-04-26 08:33:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-26 06:33
ComboFix2.txt 2012-04-25 11:25
ComboFix3.txt 2012-04-25 10:49
ComboFix4.txt 2012-04-25 10:21
ComboFix5.txt 2012-04-26 06:13
.
Pre-Run: 20.423.282.688 bytes libres
Post-Run: 20.217.204.736 bytes libres
.
- - End Of File - - 3AECE4631B236897F05F13B965A9A2B5

Attached Files



#8 javibani

javibani
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 26 April 2012 - 02:06 AM

Well, there is another problem, only can run app in admin mode, if i run an app in user mode it shows error "Illegal operation attempted on a registry key that was marked for deletion". Many of the apps that ran at the beginning are no longer doing, it will be for the same reason?.

#9 javibani

javibani
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 26 April 2012 - 03:27 AM

Forget de last post. I restart de computer and now is all ok. We finished?.

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:16 AM

Posted 26 April 2012 - 06:03 AM

Hi,

just a little more work to do before we are done, I will let you know. I want to make sure you are completely clean. Please do the following:

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish


NEXT
Please advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 javibani

javibani
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 29 April 2012 - 04:07 AM

Hi,

The friend, owner of the computer, wanted to take it and I gave it to him, although before that I ran in it Emisoft Antimalware, Windows removal tool, Spy DLL Remover and MSE, it was completely clean. Thanks very much for your invaluable help friend.

Best regards.

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:16 AM

Posted 29 April 2012 - 06:17 AM

ok thanks for letting me know

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:12:16 AM

Posted 29 April 2012 - 06:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users