Solved Several malware and virus removed, Windows doesn't work well in normal mode

E

evilcaterpillar

Posts: 56   +0
Hi there,
I hope wou can help me with this problem.

While I was online a popup window appeared offering me an antivirus, I closed the window and after that my pc was really slow. Sadly, I didn't find this site before and followed a friend instructions, now I'm having problems with windows in normal mode.

Run Antispyware and found this:
-Trojan.Agent/Gen-SSHNAS
-Malware.Trace
-Disabled.SecurityCenterOption
-Several Tracking Cookies
-Trojan.Agent/Gen-FakeAlert[Local]
-Trojan.Agent/Gen-Pixler
-Trojan.Agent/Gen-Koobface[Bonkers]
-Trojan.Agent/Gen-Backdoor
-Trojan.Agent/Gen-Falcomp[Cont]

Run Spybot S&D and found this:
-BraveSentry
-Win32.Agent.ieu
-Microsoft Windows Security Center Disabled
-WildTangent

Now, when I try to start windows in normal mode a command prompt window appears every second, the window close too fast and cannot see the message. I'm currently running windows in safe mode with networking.

I own a Compaq Laptop with AMD Turion 64 Mobile Processor and 1Mb RAM, running on Windows XP Home Edition version 2002, Service Pack 3
I know is and old laptop but is mostly used for web browsing, spreadsheets and some design software.

Hope you can help me.
Regards in advance.

Carlos
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi Broni,
I've done all the scans, you will find the logs on the following posts.

Something is happening when i start Windows in normal mode, the hardware installation wizard pops-up asking for a driver for an unkonwn device, everytime I've closed the wizard without installing anything, at the same time there is a window: C-motech RDEVCHG with a message "Run time device change".
I dont'n know if this is important, tell me if I have to do something additional for this messages.

Thanks in advance
Carlos
 
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.09.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
carlos :: YOUR-4105E587B6 [administrator]

09/02/2012 19:47:30
mbam-log-2012-02-09 (19-47-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 200437
Time elapsed: 33 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 1
C:\Program Files\StartSearch plugin\ssBarLcher.dll (PUP.VShareRedir) -> Delete on reboot.

Registry Keys Detected: 15
HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Videocan (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON\NOTIFY\mdhcp32 (Trojan.Winlogon) -> Quarantined and deleted successfully.

Registry Values Detected: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: StartSearchTB -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Data: -> Quarantined and deleted successfully.

Registry Data Items Detected: 3
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|StartMenuLogoff (PUM.Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://startsear.ch/?aff=2&cf=06bca87a-2e5e-11e1-81bc-0014a5746f9d) Good: (http://www.google.com) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\guser.YOUR-4105E587B6\kkg.exe \s) Good: (Userinit.exe) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Program Files\StartSearch plugin\ssBarLcher.dll (PUP.VShareRedir) -> Delete on reboot.
C:\Documents and Settings\carlos\Application Data\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
c:\documents and settings\carlos\local settings\temp\05a24437.tmp (Backdoor.IRCBot) -> Quarantined and deleted successfully.
c:\documents and settings\carlos\local settings\temp\led.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\carlos\local settings\temp\lss.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\crt.dat (Malware.Trace) -> Quarantined and deleted successfully.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2012-02-10 13:07:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 FUJITSU_MHV2080AT_PL rev.008300A1
Running: 50tjg7cq.exe; Driver: C:\DOCUME~1\carlos\LOCALS~1\Temp\kfnyyaoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xEB0812DB]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xEB0812EF]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xEB08131B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xEB0812C7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xEB081305]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xEB081331]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xEB081347]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by carlos at 13:38:47 on 2012-02-10
Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.1033.18.894.393 [GMT -6:00]
.
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE
C:\Program Files\AutoTask\AutoTask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=Userinit.exe,
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\adobe acrobat 7.0\activex\AcroIEHelper.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Yahoo! IE Suggest: {5a263cf7-56a6-4d68-a8cf-345be45bc911} - c:\program files\yahoo!\search\YSearchSuggest.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\adobe acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Aim6]
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [Adobe Version Cue CS2] "c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe"
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\adobe acrobat 7.0\distillr\Acrotray.exe"
mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PCSuiteTrayApplication] c:\progra~1\nokia\nokiap~1\LAUNCH~1.EXE -startup
mRun: [IUSACELL_CDU680] c:\program files\iusacell\cdu680dora\bin\RDVCHG.EXE
mRun: [AutoTask] "c:\program files\autotask\AutoTask.exe" /STARTUP
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10e.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\inicio~1.lnk - c:\windows\installer\{ac76ba86-1034-4700-7760-100000000002}\SC_Acrobat.exe
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} - hxxp://www.web-a-file.com/webafiledownloader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: dimsntfy32 - dimsntfy32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\carlos\application data\mozilla\firefox\profiles\m67w9brq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=06bca87a-2e5e-11e1-81bc-0014a5746f9d&q=
FF - plugin: c:\documents and settings\carlos\application data\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\documents and settings\carlos\application data\facebook\npfbplugin_1_0_0.dll
FF - plugin: c:\documents and settings\carlos\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\carlos\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\adobe acrobat 7.0\acrobat\browser\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvsharetvplg.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
.
============= SERVICES / DRIVERS ===============
.
P2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2006-11-30 144960]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2006-11-30 31944]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-6-15 249648]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2007-11-25 104000]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2006-11-30 54872]
R2 PEEK5;PEEK Driver v4.5;c:\windows\system32\drivers\PEEK5.SYS [2009-11-20 13184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-10-12 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-8-22 231424]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2007-11-25 72264]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2007-11-25 34152]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2007-11-25 168776]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 135664]
S2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;c:\program files\symantec\liveupdate\AluSchedulerSvc.exe [2007-8-31 243064]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-7-7 195336]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [2009-5-22 87040]
S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-29 135664]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [2006-11-17 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [2006-11-17 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [2006-11-17 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [2006-11-17 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [2006-11-17 83344]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [2006-5-13 239488]
.
=============== Created Last 30 ================
.
2012-02-10 18:57:31 839 ----a-w- c:\documents and settings\all users\application data\aatpaaa.tmp
2012-02-10 18:57:31 803 ----a-w- c:\documents and settings\all users\application data\wzspaaa.tmp
2012-02-10 01:50:56 869 ----a-w- c:\documents and settings\all users\application data\nmrpaaa.tmp
2012-02-10 01:50:40 873 ----a-w- c:\documents and settings\all users\application data\omrpaaa.tmp
2012-02-10 01:50:06 804 ----a-w- c:\documents and settings\all users\application data\qmrpaaa.tmp
2012-02-10 01:45:23 -------- d-----w- c:\documents and settings\carlos\application data\Malwarebytes
2012-02-10 01:43:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-10 01:43:54 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 01:43:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-10 01:29:14 815 ----a-w- c:\documents and settings\all users\application data\mmrpaaa.tmp
2012-02-09 23:59:14 890 ----a-w- c:\documents and settings\all users\application data\zpfoaaa.tmp
2012-02-09 23:59:05 892 ----a-w- c:\documents and settings\all users\application data\xpfoaaa.tmp
2012-02-04 05:14:41 842 ----a-w- c:\documents and settings\all users\application data\erjqaaa.tmp
2012-02-04 05:14:40 862 ----a-w- c:\documents and settings\all users\application data\crjqaaa.tmp
2012-02-04 05:11:46 792 ----a-w- c:\documents and settings\all users\application data\drjqaaa.tmp
2012-02-03 01:56:16 835 ----a-w- c:\documents and settings\all users\application data\oelqaaa.tmp
2012-02-03 01:42:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-03 01:42:43 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-03 00:02:49 859 ----a-w- c:\documents and settings\all users\application data\kfoqaaa.tmp
2012-02-03 00:02:49 845 ----a-w- c:\documents and settings\all users\application data\ifoqaaa.tmp
2012-02-03 00:02:49 811 ----a-w- c:\documents and settings\all users\application data\jfoqaaa.tmp
2012-02-03 00:00:34 836 ----a-w- c:\documents and settings\all users\application data\hfoqaaa.tmp
2012-02-02 23:23:09 868 ----a-w- c:\documents and settings\all users\application data\asmqaaa.tmp
2012-02-02 23:23:09 846 ----a-w- c:\documents and settings\all users\application data\xrmqaaa.tmp
2012-02-02 23:21:01 852 ----a-w- c:\documents and settings\all users\application data\zrmqaaa.tmp
2012-02-02 23:19:04 839 ----a-w- c:\documents and settings\all users\application data\yrmqaaa.tmp
2012-02-02 22:51:34 830 ----a-w- c:\documents and settings\all users\application data\wrmqaaa.tmp
2012-01-20 00:39:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
2012-01-20 00:39:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2012-01-20 00:39:01 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
2012-01-20 00:39:01 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2012-01-20 00:39:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 23:28:29 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-02-27 00:53:30 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
.
============= FINISH: 13:41:36.35 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 29/04/2006 20:36:47
System Uptime: 10/02/2012 13:31:58 (0 hours ago)
.
Motherboard: Hewlett-Packard | | 30AE
Processor: AMD Turion(tm) 64 Mobile Technology ML-32 | U23 | 1794/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 67 GiB total, 14.233 GiB free.
D: is FIXED (FAT32) - 7 GiB total, 0.831 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 31/01/2012 19:15:20 - System Checkpoint
RP2: 31/01/2012 20:25:17 - Software Distribution Service 3.0
RP3: 02/02/2012 13:00:11 - Software Distribution Service 3.0
RP4: 02/02/2012 16:17:42 - Software Distribution Service 3.0
RP5: 02/02/2012 17:18:30 - Software Distribution Service 3.0
RP6: 02/02/2012 18:28:07 - Software Distribution Service 3.0
RP7: 02/02/2012 19:50:42 - Software Distribution Service 3.0
RP8: 03/02/2012 23:24:06 - System Checkpoint
RP9: 09/02/2012 14:56:40 - Software Distribution Service 3.0
RP10: 10/02/2012 12:16:41 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
Adobe Acrobat 7.0 Professional - Español, Italiano, Português
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Creative Suite 2
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe GoLive CS2
Adobe Help Center 1.0
Adobe Illustrator CS2
Adobe InDesign CS2
Adobe Photoshop CS2
Adobe Shockwave Player
Adobe Stock Photos 1.0
Adobe SVG Viewer 3.0
Adobe Version Cue CS2
AIM 6
AIO_Scan
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
ATI Display Driver
aTube Catcher 1.0
Audio MP3 Editor 2.20
Banda Ancha Móvil (CDU680DORA)
Bing Bar
Bonjour
BufferChm
Canon MP Navigator 2.0
Canon MP150
Canon Utilities Easy-PhotoPrint
Compatibility Pack for the 2007 Office system
Conexant AC-Link Audio
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_LightScribeConfig
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
cp_UpdateProjectsConfig
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Customer Experience Enhancement
Destinations
DeviceManagementQFolder
DivX Converter
DivX Setup
DJ_AIO_Software_min
EA SPORTS Game Face Browser Plugin 1.5.2.0
EA SPORTS Gameface Browser Plugin 1.3.1.0
Easy Internet Sign-up
Facebook Plug-In
FlashGet 1.9.2.1028
FullDPAppQFolder
Galería fotográfica de Windows Live
Google Toolbar for Internet Explorer
Google Update Helper
Herramienta de carga de Windows Live
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP DVD Play 2.0
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Software Update
HP User Guides--System Recovery
HP User Guides 0025
HP Wireless Assistant 2.00 C1
HpSdpAppCoreApp
InstantShareDevices
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 2
Java(TM) 6 Update 22
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
Knots3D
Lemonade Tycoon 2
LightScribe 1.4.62.1
LiveUpdate (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
LiveVDO plugin 1.3
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Fireworks 8
Macromedia Flash 8
Macromedia Flash 8 Video Encoder
Malwarebytes Anti-Malware version 1.60.1.1000
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 97 Professional
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Monopoly Tycoon
Monopoly Tycoon v1.4 Patch
Mozilla Firefox 9.0.1 (x86 es-AR)
MSN
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Music Rescue 3.1
muvee autoProducer 4.5
Nokia Connectivity Cable Driver
Nokia Lifeblog 2.1
Nokia MTP driver
Nokia N73 highlights
Nokia Nseries Skin for Microsoft Windows Media Player
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia themes for your device
Office 2003 Trial Assistant
OmniPage SE
OptionalContentQFolder
Panel de Control de ATI
PC Camera (6029 CIF)
PhotoGallery
Polar Bowler from Big Fish Games (remove only)
Quick Launch Buttons 5.20 F2
Quicken 2006
QuickTime
RandMap
Real Alternative 1.9.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
SkinsHP1
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Sonic_PrimoSDK
Star Wars Galactic Battlegrounds: Saga
Subtitle Workshop 2.51
Suite Specific
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Toshiba AutoTask
TourSetup
Unity Web Player
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.18
Viewpoint Media Player
WebFldrs XP
Winamp
Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sync
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Wireless Home Network Setup
Yahoo! Browser Services
Yahoo! IE Search Suggest
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
10/02/2012 13:33:09, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Programador de LiveUpdate automático service to connect.
10/02/2012 13:33:09, error: Service Control Manager [7000] - The Programador de LiveUpdate automático service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/02/2012 13:11:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Programador de LiveUpdate automático service to connect.
10/02/2012 13:11:06, error: Service Control Manager [7000] - The Programador de LiveUpdate automático service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
10/02/2012 12:59:38, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Programador de LiveUpdate automático service to connect.
10/02/2012 12:59:38, error: Service Control Manager [7000] - The Programador de LiveUpdate automático service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/02/2012 20:35:46, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AliIde IntelIde Pcmcia ViaIde
09/02/2012 20:32:49, error: Service Control Manager [7000] - The Programador de LiveUpdate automático service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/02/2012 20:32:48, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Programador de LiveUpdate automático service to connect.
09/02/2012 19:20:12, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LiveUpdate service to connect.
09/02/2012 19:19:48, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
09/02/2012 19:09:23, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ServiceLayer service to connect.
09/02/2012 19:09:23, error: Service Control Manager [7000] - The ServiceLayer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/02/2012 19:09:21, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service ServiceLayer with arguments "" in order to run the server: {ACF50018-41F8-476D-85FD-CD953DAE4A49}
09/02/2012 19:08:53, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
09/02/2012 19:08:53, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/02/2012 19:05:03, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Programador de LiveUpdate automático service to connect.
09/02/2012 19:05:03, error: Service Control Manager [7000] - The Programador de LiveUpdate automático service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/02/2012 18:50:41, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
09/02/2012 18:11:17, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Programador de LiveUpdate automático service to connect.
09/02/2012 18:11:17, error: Service Control Manager [7000] - The Programador de LiveUpdate automático service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/02/2012 18:00:59, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
09/02/2012 18:00:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
09/02/2012 17:43:29, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
09/02/2012 16:11:20, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AmdK8 eabfiltr eeCtrl Fips SASDIFSV SASKUTIL
09/02/2012 14:53:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Programador de LiveUpdate automático service to connect.
09/02/2012 14:53:06, error: Service Control Manager [7000] - The Programador de LiveUpdate automático service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
 
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Download Bootkit Remover to your Desktop.

  • Unzip downloaded file to your Desktop.
  • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Done... here the results

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-10 17:51:29
-----------------------------
17:51:29.015 OS Version: Windows 5.1.2600 Service Pack 3
17:51:29.015 Number of processors: 1 586 0x2402
17:51:29.015 ComputerName: YOUR-4105E587B6 UserName: carlos
17:51:34.890 Initialize success
17:51:59.437 AVAST engine defs: 12021001
17:52:06.953 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
17:52:06.953 Disk 0 Vendor: FUJITSU_MHV2080AT_PL 008300A1 Size: 76319MB BusType: 3
17:52:07.015 Disk 0 MBR read successfully
17:52:07.015 Disk 0 MBR scan
17:52:07.203 Disk 0 unknown MBR code
17:52:07.234 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 68723 MB offset 63
17:52:07.390 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 7585 MB offset 140761530
17:52:07.484 Disk 0 scanning sectors +156296385
17:52:07.781 Disk 0 scanning C:\WINDOWS\system32\drivers
17:53:55.906 Service scanning
17:54:02.921 Modules scanning
17:55:06.250 Disk 0 trace - called modules:
17:55:06.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
17:55:06.718 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85570030]
17:55:06.734 3 CLASSPNP.SYS[f7532fd7] -> nt!IofCallDriver -> \Device\00000078[0x855749e8]
17:55:06.750 5 ACPI.sys[f73a9620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x85592940]
17:55:08.000 AVAST engine scan C:\WINDOWS
17:55:29.828 File: C:\WINDOWS\explorer.exe **INFECTED** Win32:patched-AET [Trj]
17:57:21.140 AVAST engine scan C:\WINDOWS\system32
18:07:39.343 File: C:\WINDOWS\system32\svchost.exe **INFECTED** Win32:patched-AET [Trj]
18:08:32.500 File: C:\WINDOWS\system32\winlogon.exe **INFECTED** Win32:patched-AET [Trj]
18:19:18.156 AVAST engine scan C:\WINDOWS\system32\drivers
18:21:52.390 AVAST engine scan C:\Documents and Settings\carlos
18:38:45.937 File: C:\Documents and Settings\carlos\Local Settings\Temp\_E0.tmp **INFECTED** Win32:Delf-OXZ [Trj]
18:49:49.640 Disk 0 MBR has been saved successfully to "C:\Files\New files\MBR.dat"
18:49:49.859 The log file has been saved successfully to "C:\Files\New files\aswMBR Log.txt"


Bootkit Remover
(c) 2009 Esage Lab
www.esagelab.com

Program version: 1.2.0.1
OS Version: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
Boot sector MD5 is: d3c3d1a705af3d0bec0fc46073d431f4

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>


Done;
Press any key to quit...
 
ListParts by Farbar
Ran by carlos on 10-02-2012 at 19:45:57
Windows XP (X86)
Running From: C:\Files\New files
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 82%
Total physical RAM: 894.17 MB
Available physical RAM: 155.95 MB
Total Pagefile: 2167.29 MB
Available Pagefile: 808.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1998.16 MB

======================= Partitions =========================

1 Drive c: (CaterpillarDisk) (Fixed) (Total:67.11 GB) (Free:13.81 GB) NTFS ==>[Drive with boot components (Windows XP)]
2 Drive d: (PRESARIO_RP) (Fixed) (Total:7.39 GB) (Free:0.83 GB) FAT32 ==>[Drive with boot components (Windows XP)]

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 75 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 67 GB 32 KB
Partition 2 Primary 7585 MB 67 GB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C Caterpillar NTFS Partition 67 GB Healthy System (partition with boot components)

Disk: 0
Partition 2
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D PRESARIO_RP FAT32 Partition 7585 MB Healthy


****** End Of Log ******
 
Looks good.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode (How to...)

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Done

ComboFix 12-02-10.03 - carlos 11/02/2012 1:39.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.1033.18.894.374 [GMT -6:00]
Running from: c:\documents and settings\carlos\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\asmqaaa.tmp
c:\documents and settings\All Users\Application Data\crjqaaa.tmp
c:\documents and settings\All Users\Application Data\drjqaaa.tmp
c:\documents and settings\All Users\Application Data\erjqaaa.tmp
c:\documents and settings\All Users\Application Data\gnupaaa.tmp
c:\documents and settings\All Users\Application Data\hfoqaaa.tmp
c:\documents and settings\All Users\Application Data\hnupaaa.tmp
c:\documents and settings\All Users\Application Data\ifoqaaa.tmp
c:\documents and settings\All Users\Application Data\inupaaa.tmp
c:\documents and settings\All Users\Application Data\jfoqaaa.tmp
c:\documents and settings\All Users\Application Data\jnupaaa.tmp
c:\documents and settings\All Users\Application Data\kfoqaaa.tmp
c:\documents and settings\All Users\Application Data\knupaaa.tmp
c:\documents and settings\All Users\Application Data\mmrpaaa.tmp
c:\documents and settings\All Users\Application Data\nmrpaaa.tmp
c:\documents and settings\All Users\Application Data\oelqaaa.tmp
c:\documents and settings\All Users\Application Data\omrpaaa.tmp
c:\documents and settings\All Users\Application Data\qmrpaaa.tmp
c:\documents and settings\All Users\Application Data\wrmqaaa.tmp
c:\documents and settings\All Users\Application Data\xpfoaaa.tmp
c:\documents and settings\All Users\Application Data\xrmqaaa.tmp
c:\documents and settings\All Users\Application Data\yrmqaaa.tmp
c:\documents and settings\All Users\Application Data\zpfoaaa.tmp
c:\documents and settings\All Users\Application Data\zrmqaaa.tmp
c:\documents and settings\carlos\Application Data\Desktopicon
c:\documents and settings\carlos\Application Data\Desktopicon\mc.ico
c:\documents and settings\carlos\Recent\Thumbs.db
c:\documents and settings\carlos\WINDOWS
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vshareplg.crx
C:\Thumbs.db
c:\windows\expl.dat
c:\windows\offitems.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\CddbCdda.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\shimg.dll
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
D:\Autorun.inf
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-11 to 2012-02-11 )))))))))))))))))))))))))))))))
.
.
2012-02-10 01:45 . 2012-02-10 01:45 -------- d-----w- c:\documents and settings\carlos\Application Data\Malwarebytes
2012-02-10 01:43 . 2012-02-10 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-10 01:43 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 01:43 . 2012-02-10 01:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 01:42 . 2012-02-09 23:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-03 01:42 . 2012-02-09 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-01 01:27 . 2012-02-01 01:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-20 00:39 . 2012-01-20 00:39 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-01-20 00:39 . 2012-01-20 00:39 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-20 00:39 . 2012-01-20 00:39 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-01-20 00:39 . 2012-01-20 00:39 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-20 00:39 . 2012-01-20 00:39 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 08:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 08:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 23:28 . 2011-06-07 22:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-02-27 00:53 . 2010-02-27 00:53 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
2012-01-20 00:39 . 2012-01-20 00:39 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . D8B309610E34D4E2BFA93CAC940B8317 . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 7C4EFFFEC2A73C88EBBFFDBCD369CDE6 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . 67DAEC80394AE629F51E86770F34A38B . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IUSACELL_CDU680"="c:\program files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE" [2007-07-30 316664]
"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Inicio rápido de Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-100000000002}\SC_Acrobat.exe [2006-5-8 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 16:33 249648]
R2 PEEK5;PEEK Driver v4.5;c:\windows\system32\drivers\PEEK5.SYS [20/11/2009 23:31 13184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/10/2008 22:06 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 03:06 231424]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 16:46 135664]
S2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [31/08/2007 11:49 243064]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 18:31 195336]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [22/05/2009 10:47 87040]
S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 16:46 135664]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [17/11/2006 10:21 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [17/11/2006 10:21 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [17/11/2006 10:21 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [17/11/2006 10:21 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [17/11/2006 10:21 83344]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [13/05/2006 16:04 239488]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 22:46]
.
2012-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 22:46]
.
2011-10-20 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-11-30 10:04]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} - hxxp://www.web-a-file.com/webafiledownloader.cab
FF - ProfilePath - c:\documents and settings\carlos\Application Data\Mozilla\Firefox\Profiles\m67w9brq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=06bca87a-2e5e-11e1-81bc-0014a5746f9d&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Aim6 - (no file)
Notify-dimsntfy32 - dimsntfy32.dll
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-11 02:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????$????????? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,ee,95,f2,d4,80,46,4a,86,aa,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,ee,95,f2,d4,80,46,4a,86,aa,f6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_spa-co.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2012-02-11 02:16:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-11 08:16
.
Pre-Run: 14,906,269,696 bytes free
Post-Run: 15,759,544,320 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - F26369867947892C3D5F7DD23EF149AE
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
FCopy::
c:\windows\ServicePackFiles\i386\winlogon.exe | c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\svchost.exe | c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\explorer.exe | c:\windows\explorer.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=-

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
ComboFix 12-02-10.03 - carlos 12/02/2012 18:18:00.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.52.1033.18.894.304 [GMT -6:00]
Running from: c:\documents and settings\carlos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\carlos\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *Disabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\expl.dat
c:\windows\system32\dllc.dat
c:\windows\system32\svch.dat
c:\windows\system32\winl.dat
c:\windows\TEMP\win45.tmp
.
Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
.
Infected copy of c:\windows\system32\svchost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
.
c:\windows\explorer.exe . . . is infected!!
.
.
--------------- FCopy ---------------
.
c:\windows\ServicePackFiles\i386\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((( Files Created from 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))))
.
.
2012-02-13 00:27 . 2008-04-14 00:12 1058816 ----a-w- c:\windows\OLD3BA.tmp
2012-02-13 00:22 . 2008-04-14 00:12 545280 ----a-w- c:\windows\system32\OLD1EA.tmp
2012-02-10 01:45 . 2012-02-10 01:45 -------- d-----w- c:\documents and settings\carlos\Application Data\Malwarebytes
2012-02-10 01:43 . 2012-02-10 01:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-10 01:43 . 2011-12-10 21:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-10 01:43 . 2012-02-10 01:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-03 01:42 . 2012-02-09 23:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-03 01:42 . 2012-02-09 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-01 01:27 . 2012-02-01 01:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2012-01-20 00:39 . 2012-01-20 00:39 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
2012-01-20 00:39 . 2012-01-20 00:39 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2012-01-20 00:39 . 2012-01-20 00:39 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
2012-01-20 00:39 . 2012-01-20 00:39 121816 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2012-01-20 00:39 . 2012-01-20 00:39 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-13 00:34 . 2004-08-04 08:00 1058816 ----a-w- c:\windows\explorer.exe
2011-11-25 21:57 . 2004-08-04 08:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:25 . 2004-08-04 08:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-18 12:35 . 2004-08-04 08:00 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-04 08:00 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-04 08:00 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-15 23:28 . 2011-06-07 22:56 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2010-02-27 00:53 . 2010-02-27 00:53 2110728 ----a-w- c:\program files\Install_Facebook_Plug-In_1.0.3.exe
2012-01-20 00:39 . 2012-01-20 00:39 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . D8B309610E34D4E2BFA93CAC940B8317 . 545280 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\svchost.exe
[-] 2008-04-14 . 7C4EFFFEC2A73C88EBBFFDBCD369CDE6 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\svchost.exe
.
[-] 2012-02-13 . 67DAEC80394AE629F51E86770F34A38B . 1058816 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2012-02-11_08.06.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-13 00:02 . 2012-02-13 00:02 16384 c:\windows\Temp\Perflib_Perfdata_924.dat
+ 2012-02-13 00:39 . 2012-02-13 00:39 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
+ 2012-02-12 23:33 . 2012-02-12 23:52 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012012021220120213\index.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 27648 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871C6-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871B4-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:45 . 2012-02-12 23:52 12288 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99D9B951-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:47 . 2012-02-12 23:51 19456 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F89A6E21-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:33 . 2012-02-12 23:39 21504 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E1F365BF-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:32 . 2012-02-12 23:37 23552 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E1F0B544-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:46 . 2012-02-12 23:52 22528 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CD721CF7-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:46 . 2012-02-12 23:52 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CD721CF6-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:46 . 2012-02-12 23:46 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C2B9EA50-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:52 . 2012-02-12 23:59 31744 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A4A57E84-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:45 . 2012-02-12 23:52 31232 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99D9B954-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:37 . 2012-02-12 23:39 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82CC5D70-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:37 . 2012-02-12 23:39 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{755BFC22-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:43 . 2012-02-12 23:43 10752 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D980AB5-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:36 . 2012-02-12 23:39 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5CD66C78-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:43 . 2012-02-12 23:43 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{579FC758-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:35 . 2012-02-12 23:39 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{508DAEC2-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:35 . 2012-02-12 23:37 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4D3A8740-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:42 . 2012-02-12 23:44 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{447EA94A-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:35 . 2012-02-12 23:39 11776 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{39027602-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:56 . 2012-02-12 23:59 14336 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{32C8F017-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:48 . 2012-02-12 23:52 11264 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1C58EF6D-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:48 . 2012-02-12 23:48 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14C69795-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:48 . 2012-02-12 23:48 10240 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14C69794-55D4-11E1-81F0-0014A5746F9D}.dat
- 2012-02-01 01:48 . 2012-02-11 01:59 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-02-01 01:48 . 2012-02-12 23:53 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-02-01 01:30 . 2012-02-11 07:33 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-02-01 01:30 . 2012-02-12 23:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
+ 2012-02-12 23:21 . 2012-02-12 23:57 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871C9-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871C7-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871C5-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871C3-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871C1-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871BF-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871BD-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871BB-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871B9-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871B7-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871B5-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871B3-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{8D8871B1-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:41 . 2012-02-12 23:59 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{1A6AE8E8-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871CA-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871C8-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871C4-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871C2-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871C0-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871BE-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871BC-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871BA-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871B8-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871B6-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871B2-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:59 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Last Active\{8D8871B0-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:26 . 2012-02-12 23:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F3D8FF8F-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:26 . 2012-02-12 23:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F39B026B-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:26 . 2012-02-12 23:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F393DB5D-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:26 . 2012-02-12 23:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F387EF9B-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:26 . 2012-02-12 23:26 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{F1BBC9C1-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:32 . 2012-02-12 23:37 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E1F365BE-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:32 . 2012-02-12 23:33 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E1F3179E-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:32 . 2012-02-12 23:37 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E1F0B543-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:32 . 2012-02-12 23:37 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E1EE52E9-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:31 . 2012-02-12 23:31 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BBCFD9F7-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:38 . 2012-02-12 23:44 9216 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9DDA6CBE-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:38 . 2012-02-12 23:38 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9D9ED1F1-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:30 . 2012-02-12 23:30 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99E4A593-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:30 . 2012-02-12 23:30 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99E24339-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:30 . 2012-02-12 23:30 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99DD7E85-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:52 . 2012-02-12 23:52 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{99381927-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{9463180E-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8EB4BD9A-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:51 . 2012-02-12 23:52 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8C97246E-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8BF567E3-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{8BCF4243-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{75BF9F29-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{75BD3CCF-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{75BADA75-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{75B8781B-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{75B615C1-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{68073790-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{66F9CDD5-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:51 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{65D4293E-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5FCB356A-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5F83AEE2-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5C9BD132-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{58642B47-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{585AA1DF-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{5482766F-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{547B9D81-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{547B7671-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{547B4F61-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:28 . 2012-02-12 23:29 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{546A9EEB-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:28 . 2012-02-12 23:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{46A92DA7-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:28 . 2012-02-12 23:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{463B817B-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:28 . 2012-02-12 23:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{462AD105-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:28 . 2012-02-12 23:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{461C82E9-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:28 . 2012-02-12 23:28 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{444DFAB5-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:49 . 2012-02-12 23:49 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{4061599C-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:49 . 2012-02-12 23:49 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{3A1CCB02-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:27 . 2012-02-12 23:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1E6BB8CC-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:27 . 2012-02-12 23:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1E6B91BC-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:27 . 2012-02-12 23:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1E6B6AAC-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:27 . 2012-02-12 23:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1E6B439C-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:27 . 2012-02-12 23:27 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{1E6B1C8C-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:54 . 2012-02-12 23:59 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F31EA4C8-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:47 . 2012-02-12 23:47 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F0FE8CE2-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:47 . 2012-02-12 23:52 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F0FE8CE0-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:54 . 2012-02-12 23:59 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{EBB0103C-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:47 . 2012-02-12 23:47 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E6A0F396-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:33 . 2012-02-12 23:33 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E1F3179F-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:32 . 2012-02-12 23:37 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{E1EE52EA-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:46 . 2012-02-12 23:52 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{D3A5FB28-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:53 . 2012-02-12 23:59 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{CF569A14-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:53 . 2012-02-12 23:59 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{C7A7A60A-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:31 . 2012-02-12 23:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBCFDA00-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:31 . 2012-02-12 23:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBCFD9FE-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:31 . 2012-02-12 23:31 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBCFD9FC-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:31 . 2012-02-12 23:32 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBCFD9FA-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:31 . 2012-02-12 23:31 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{BBCFD9F8-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:45 . 2012-02-12 23:45 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{B10F1D6D-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:52 . 2012-02-12 23:59 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{AB804144-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:45 . 2012-02-12 23:52 7680 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A97F27EE-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:52 . 2012-02-12 23:59 6656 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9EA8767A-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:38 . 2012-02-12 23:38 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9DDA6CBF-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:38 . 2012-02-12 23:38 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9D9ED1F2-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{9CA37B86-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:30 . 2012-02-12 23:30 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99E4A594-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:30 . 2012-02-12 23:30 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99E2433A-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:30 . 2012-02-12 23:30 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99DD7E86-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:45 . 2012-02-12 23:45 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99D9B952-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:52 . 2012-02-12 23:52 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99466742-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:52 . 2012-02-12 23:52 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{99381928-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{97C9525E-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{97C9525C-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{97BB2B50-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:23 . 2012-02-12 23:23 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{97BB0440-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:52 . 2012-02-12 23:52 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{910F8D2E-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:44 . 2012-02-12 23:44 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8D63AEF1-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:44 . 2012-02-12 23:44 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8766A6DE-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:44 . 2012-02-12 23:44 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8766A6DD-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:44 . 2012-02-12 23:44 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{8766A6DC-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:51 . 2012-02-12 23:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82051769-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:51 . 2012-02-12 23:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{82051768-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:37 . 2012-02-12 23:37 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7C12FB9C-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:44 . 2012-02-12 23:44 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B382304-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:51 . 2012-02-12 23:51 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{7B2A54A8-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75BF9F2A-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75BD3CD0-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75BADA76-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75B8781C-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{75B615C2-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E0DC904-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6E0DC902-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{68073791-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:43 . 2012-02-12 23:43 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{67DB6A2C-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66F9CDD8-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:22 . 2012-02-12 23:22 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{66F9CDD6-55D0-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{65DDB2A2-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:51 . 2012-02-12 23:51 3584 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{65D4293F-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6397F4DA-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5FCB356B-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5F83AEE3-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E4F3C84-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E4F1574-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E4EEE64-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E4EC754-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:29 . 2012-02-12 23:29 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5E4EA044-55D1-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:43 . 2012-02-12 23:43 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5D980AB6-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5CBD321B-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:50 . 2012-02-12 23:50 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{5CBD321A-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:49 . 2012-02-12 23:49 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{4061599D-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:57 . 2012-02-12 23:59 8192 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{405128E2-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:42 . 2012-02-12 23:42 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E2E2EE1-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:42 . 2012-02-12 23:42 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3E2E2EE0-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:49 . 2012-02-12 23:50 4608 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3A1CCB03-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:49 . 2012-02-12 23:49 4096 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3889DD95-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:49 . 2012-02-12 23:52 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{3889DD94-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:42 . 2012-02-12 23:42 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{33AF34AA-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:49 . 2012-02-12 23:49 5632 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2E3108FE-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:56 . 2012-02-12 23:59 8704 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2CC985A8-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:34 . 2012-02-12 23:35 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{2968F324-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:56 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{1CD56975-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:55 . 2012-02-12 23:59 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{151CEC00-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:48 . 2012-02-12 23:52 5120 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{14C69796-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:55 . 2012-02-12 23:59 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0F24A8A2-55D5-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:34 . 2012-02-12 23:37 6144 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0B64B80E-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:48 . 2012-02-12 23:48 7168 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0A453B04-55D4-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-01 01:29 . 2012-02-12 23:56 540672 c:\windows\system32\config\systemprofile\PrivacIE\index.dat
+ 2012-02-12 23:45 . 2012-02-12 23:52 111104 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{A97F27EF-55D3-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:34 . 2012-02-12 23:39 147968 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{218A5013-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2012-02-12 23:34 . 2012-02-12 23:39 148992 c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{218A5012-55D2-11E1-81F0-0014A5746F9D}.dat
+ 2006-04-30 01:31 . 2012-02-12 23:57 1589248 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
.
-- Snapshot reset to current date --
.
 
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-07 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-12-13 507904]
"Adobe Version Cue CS2"="c:\program files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-06 856064]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"IUSACELL_CDU680"="c:\program files\IUSACELL\CDU680DORA\BIN\RDVCHG.EXE" [2007-07-30 316664]
"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10e.exe" [2010-01-27 256280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Inicio rápido de Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1034-4700-7760-100000000002}\SC_Acrobat.exe [2006-5-8 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [15/06/2011 16:33 249648]
R2 PEEK5;PEEK Driver v4.5;c:\windows\system32\drivers\PEEK5.SYS [20/11/2009 23:31 13184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/10/2008 22:06 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [22/08/2005 03:06 231424]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 16:46 135664]
S2 Programador de LiveUpdate automático;Programador de LiveUpdate automático;c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe [31/08/2007 11:49 243064]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [07/07/2011 18:31 195336]
S3 cmusbser;%CMUSBSER%;c:\windows\system32\drivers\cmusbser.sys [22/05/2009 10:47 87040]
S3 gupdatem;Google Update Servicio (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 16:46 135664]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [17/11/2006 10:21 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [17/11/2006 10:21 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [17/11/2006 10:21 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [17/11/2006 10:21 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [17/11/2006 10:21 83344]
S3 SNPP106;PC Camera (6029 CIF);c:\windows\system32\drivers\snpp106.sys [13/05/2006 16:04 239488]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 18:34]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 22:46]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 22:46]
.
2011-10-20 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job
- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-11-30 10:04]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} - hxxp://www.web-a-file.com/webafiledownloader.cab
FF - ProfilePath - c:\documents and settings\carlos\Application Data\Mozilla\Firefox\Profiles\m67w9brq.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=06bca87a-2e5e-11e1-81bc-0014a5746f9d&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-12 18:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????????$????`???? ???B?????????????hLC? ??????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,ee,95,f2,d4,80,46,4a,86,aa,f6,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,36,ee,95,f2,d4,80,46,4a,86,aa,f6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2220)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll
c:\windows\system32\ConnAPI.DLL
c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_spa-co.nlr
c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\progra~1\hpq\Shared\HPQTOA~1.EXE
c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2012-02-12 18:48:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-13 00:47
ComboFix2.txt 2012-02-11 08:16
.
Pre-Run: 15,581,986,816 bytes free
Post-Run: 15,763,591,168 bytes free
.
- - End Of File - - B19D8FCC5F57608C999F11959A31637E
 
OK, the infection won't let us replace those infected files while in Windows so we have to use another way.

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.

P. S. I'll be gone for couple of hours so I'll check on you later or tomorrow.
 
Thanks man, no worry, I know we all have a life

Here is the Log

OTL logfile created on: 2/13/2012 12:01:29 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.00 Mb Total Physical Memory | 685.00 Mb Available Physical Memory | 77.00% Memory free
806.00 Mb Paging File | 720.00 Mb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.11 Gb Total Space | 14.41 Gb Free Space | 21.47% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 0.83 Gb Free Space | 11.24% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2009/09/03 11:53:00 | 000,048,368 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Programador de LiveUpdate automático)
SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/23 07:35:24 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007/03/12 10:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/30 09:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 09:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 14:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/04/12 12:36:56 | 000,176,640 | ---- | M] (Nokia.) [On_Demand] -- C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005/04/06 16:53:02 | 000,163,840 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe -- (Adobe Version Cue CS2)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (SymIMMP)
DRV - File not found [Kernel | On_Demand] -- -- (SymIM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (NSNDIS5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2009/11/03 14:21:56 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/08/31 03:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/12/13 17:31:56 | 000,087,040 | ---- | M] (Cmotech Co.,Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\cmusbser.sys -- (cmusbser)
DRV - [2006/11/30 09:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 09:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 09:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 09:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 09:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 09:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/17 11:21:01 | 000,094,064 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdm.sys -- (k510mdm)
DRV - [2006/11/17 11:21:01 | 000,085,408 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mgmt.sys -- (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM)
DRV - [2006/11/17 11:21:01 | 000,083,344 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510obex.sys -- (k510obex)
DRV - [2006/11/17 11:21:00 | 000,058,288 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510bus.sys -- (k510bus) Sony Ericsson K510 Driver driver (WDM)
DRV - [2006/11/17 11:21:00 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\k510mdfl.sys -- (k510mdfl)
DRV - [2006/03/24 09:32:00 | 000,127,488 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent)
DRV - [2006/03/24 09:32:00 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port)
DRV - [2006/03/24 09:32:00 | 000,013,312 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem)
DRV - [2006/03/24 09:32:00 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic)
DRV - [2005/11/28 04:35:38 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/11/10 17:51:00 | 001,396,224 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/09/30 06:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/09/20 05:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/22 04:06:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2005/08/22 04:06:00 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/08/22 04:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005/08/18 03:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/08/02 05:00:00 | 000,349,312 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/08/02 04:58:00 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2005/05/05 13:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 13:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 18:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2003/09/24 11:23:50 | 000,013,184 | ---- | M] (WildPackets, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\PEEK5.SYS -- (PEEK5)
DRV - [2002/12/05 16:58:58 | 000,239,488 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snpp106.sys -- (SNPP106) PC Camera (6029 CIF)
DRV - [2001/08/17 15:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = about:blank
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/05/23 00:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/05/23 00:08:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/19 19:39:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/24 13:35:33 | 000,000,000 | ---D | M]

[2011/11/28 20:10:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/19 19:39:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/10/27 08:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2012/01/19 19:38:52 | 000,004,080 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\drae.xml
[2012/01/19 19:38:52 | 000,002,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mercadolibre-ar.xml
[2012/01/19 19:38:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/01/19 19:38:52 | 000,000,838 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-ar.xml

O1 HOSTS File: ([2012/02/12 19:39:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Yahoo! IE Suggest) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Search\YSearchSuggest.dll (Yahoo! Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Version Cue CS2] C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe (Adobe Sytems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AutoTask] C:\Program Files\AutoTask\AutoTask.exe (Dura Micro, Inc)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [IUSACELL_CDU680] C:\Program Files\IUSACELL\CDU680DORA\Bin\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OpwareSE2] C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Inicio rápido de Adobe Acrobat.lnk = C:\WINDOWS\Installer\{AC76BA86-1034-4700-7760-100000000002}\SC_Acrobat.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D1792F99-AA90-4D46-8B73-2CE45DADDD3C} http://www.web-a-file.com/webafiledownloader.cab (WAFDownloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.1.100 10.3.1.221
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/12 21:30:03 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\Cookies
[2012/02/12 19:15:00 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/02/11 02:32:27 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/02/11 02:28:13 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/02/11 02:28:13 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/02/11 02:28:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/02/11 02:28:13 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/02/11 02:28:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012/02/11 02:27:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/10 20:30:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Sun
[2012/02/09 20:44:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/09 20:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/09 20:43:54 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/09 20:43:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/02 20:42:43 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/02 20:42:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/01/31 20:56:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Macromedia
[2012/01/31 20:30:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Adobe
[2012/01/31 20:29:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Google
[2012/01/31 20:27:59 | 000,000,000 | -HSD | C] -- C:\WINDOWS\system32\config\systemprofile\PrivacIE
[2010/02/26 19:53:29 | 002,110,728 | ---- | C] (Facebook, Inc.) -- C:\Program Files\Install_Facebook_Plug-In_1.0.3.exe
[2005/09/24 03:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/13 00:48:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/13 00:38:09 | 000,001,020 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/13 00:38:07 | 000,001,024 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/12 23:38:01 | 000,002,359 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Inicio rápido de Adobe Acrobat.lnk
[2012/02/12 23:37:57 | 000,000,297 | ---- | M] () -- C:\hpqp.ini
[2012/02/12 23:37:56 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
[2012/02/12 23:37:39 | 937,676,800 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/12 19:40:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/12 19:39:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/12 19:34:30 | 001,058,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2012/02/11 02:32:40 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/02/10 20:33:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/09 20:44:12 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 20:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/03 15:23:19 | 000,441,096 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120209-174051.backup
[2012/02/03 14:36:11 | 000,007,072 | ---- | M] () -- C:\WINDOWS\carlos8.xlb
[2012/02/02 22:00:26 | 000,004,054 | ---- | M] () -- C:\WINDOWS\WININIT.INI
[4 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/11 02:32:40 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/02/11 02:32:31 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/02/11 02:28:13 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/02/11 02:28:13 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/02/11 02:28:13 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/02/11 02:28:13 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/02/11 02:28:13 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/02/09 20:44:12 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/09 19:10:46 | 937,676,800 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/22 00:32:40 | 000,163,444 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/14 10:10:16 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/12/15 18:03:19 | 000,000,943 | ---- | C] () -- C:\WINDOWS\TATCALL.INI
[2009/12/15 18:03:19 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TATVER.INI
[2009/12/15 18:03:18 | 000,000,260 | ---- | C] () -- C:\WINDOWS\TATUNINS.INI
[2008/05/22 17:22:18 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/12/21 22:07:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/11/25 15:44:22 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2007/06/07 21:37:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/08/04 00:47:11 | 000,001,943 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/07/23 23:17:35 | 000,001,747 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/07/15 13:52:50 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7K.DLL
[2006/07/15 13:49:08 | 000,000,532 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2006/05/15 00:14:58 | 000,000,551 | ---- | C] () -- C:\WINDOWS\CClient.ini
[2006/05/13 21:21:12 | 000,007,917 | ---- | C] () -- C:\WINDOWS\extend.dat
[2006/05/13 17:37:37 | 000,000,617 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/05/13 17:37:27 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/05/13 17:04:26 | 000,120,874 | ---- | C] () -- C:\WINDOWS\usnpp106.exe
[2006/05/13 17:04:26 | 000,028,672 | ---- | C] () -- C:\WINDOWS\vsnpp106.exe
[2006/05/13 17:04:26 | 000,015,494 | ---- | C] () -- C:\WINDOWS\snpp106.ini
[2006/05/13 17:04:25 | 000,239,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\snpp106.sys
[2006/05/13 17:04:25 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsnpp106.dll
[2006/05/13 17:04:25 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\vsnpp106.dll
[2006/05/13 17:04:25 | 000,020,480 | ---- | C] () -- C:\WINDOWS\dsnpp106.exe
[2006/05/10 00:27:26 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2006/05/10 00:15:21 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2006/05/08 20:46:11 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2006/05/08 08:16:49 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2006/05/06 22:05:58 | 000,000,737 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/04/29 20:36:46 | 000,000,128 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\fusioncache.dat
[2006/02/16 05:39:42 | 000,000,166 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/02/16 05:36:04 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/02/16 05:36:03 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/02/16 05:19:18 | 000,004,054 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/02/16 05:04:54 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/16 05:02:30 | 000,087,275 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2005/12/02 05:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 12:49:00 | 000,112,456 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2004/10/04 20:08:00 | 000,055,808 | ---- | C] () -- C:\WINDOWS\System32\zlib1.dll
[2004/08/07 08:16:54 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/07 08:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:10:30 | 000,442,782 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/07 08:10:30 | 000,072,360 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/07 08:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:02:54 | 000,763,712 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/07 07:57:54 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/07 07:54:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/04 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/08/07 15:01:52 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2002/05/28 03:55:42 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/05/28 03:54:40 | 000,004,605 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1996/12/19 00:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\WRKGADM.EXE
[1996/12/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1996/12/19 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1996/12/19 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1996/12/19 00:00:00 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\VAES232.DLL

========== LOP Check ==========

[2008/10/12 23:05:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2011/12/01 22:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aiseesoft Studio
[2006/07/15 13:52:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/02/16 21:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2006/02/16 05:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/02/16 21:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007/05/27 23:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/07/15 13:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2006/07/15 13:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard
[2008/10/12 23:05:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/28 00:35:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/02/18 20:50:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/20 17:42:50 | 000,001,014 | -H-- | M] () -- C:\WINDOWS\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2012/02/12 19:34:30 | 001,058,816 | ---- | M] (Microsoft Corporation) MD5=67DAEC80394AE629F51E86770F34A38B -- C:\WINDOWS\explorer.exe
[2007/06/13 06:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 03:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 19:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 19:12:08 | 000,039,936 | ---- | M] (Microsoft Corporation) MD5=7C4EFFFEC2A73C88EBBFFDBCD369CDE6 -- C:\WINDOWS\system32\svchost.exe
[2004/08/04 03:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 03:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 03:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 19:12:08 | 000,545,280 | ---- | M] (Microsoft Corporation) MD5=D8B309610E34D4E2BFA93CAC940B8317 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 270784 bytes -> C:\WINDOWS\Temp:temp
< End of report >
 
One more thing,
Right before I downloaded OTLPE the computer was really slow and my AV send a warning about a virus named FakeAlert-SecurityTool.ea
Thanks for your time

Carlos
 
Those files seem to be OK but we better double check.

Open Windows Explorer. Go Tools>Folder Options>View tab, put a checkmark next to Show hidden files, and folders, UN-check Hide protected operating system files.
NOTE. Make sure to reverse the above changes, when done with this step.
Upload following files to http://www.virustotal.com/ for security check:
- c:\windows\explorer.exe
- c:\windows\system32\svchost.exe
- c:\windows\system32\winlogon.exe
IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.
Post scan results.
 
Damn virus, still infected...

#Bamital #infected



<p class="codeStyle">more info see http://www.kernelmode.info/forum/viewtopic.php?f=16&p=11413#p11413
Publicado hace 1 semana, 3 días por EP_X0FF
XP SP3 explorer.exe infected with Bamital.Q. Winlogon.exe and svchost.exe are also infected. #7c4efffec2a73c88ebbffdbcd369cde6 #d8b309610e34d4e2bfa93cac940b8317 #malware #bamital #patched

When i did the OTLPE scan, it was just the scan, i didn't click the FIX button, was correct?
 
You must log in or register to reply here.

Similar threads

B
  • Locked
Inactive-A No internet access in normal, safe mode works fine
Replies
20
Views
3K
Broni
Broni
G
Solved Virus scans clean, but many redirects in IE10, and unable to install IE 11
2
Replies
31
Views
5K
Broni
Broni
D
Solved Unable to start Windows (unless in safe mode) (?)
2
Replies
25
Views
11K
Broni
Broni

Latest posts

Back