Solved Trojan c-05 . please help me..

Status
Not open for further replies.
E

emanmorga

Posts: 44   +0
Hello ,

im david , i' m young architect.

I' ve been adviced by a friend to get in touch with your site...and is the most helped site i see.....

So, i hope to have help from you here....And whatever i can help too....I' m available.

Salute to all

The problem i had>

I had a problem today. I get a virus Trojan c-05. So this i think......

I get to manage all the steps in -UPDATED 8-step Viruses/Spyware/Malware Preliminary Removal Instructions-]

And i have already the >
* Malwarebytes Anti-Malware log
* GMER log
* DDS logs: both DDS.txt and Attach.txt

Can you help me please...
p.s. my pc is a
sony vaio- MS windows vista home premium 32-bit SP2
Intel Core2 Duo CPU P8400 @ 2.26GHz, 4,0GB RAM, AATY Mobility Radeon HD 3470.

Please help me to fix my pc.

David
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Versão da base de dados: 5264

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

08/12/2010 3:33:38
mbam-log-2010-12-08 (03-33-38).txt

Tipo de pesquisa: Rápida
Objectos verificados: 169371
Tempo decorrido: 4 minuto(s), 34 segundo(s)

Processos de memória infectados: 0
módulos de Memória infectados: 0
Chaves do Registo Infectadas: 1
Valores do Registo infectados: 0
Itens de dados do Registo Infectados: 0
Pastas Infectadas: 0
Ficheiros Infectados: 5

Processos de memória infectados:
(Nenhum item malicioso detectado)

módulos de Memória infectados:
(Nenhum item malicioso detectado)

Chaves do Registo Infectadas:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Valores do Registo infectados:
(Nenhum item malicioso detectado)

Itens de dados do Registo Infectados:
(Nenhum item malicioso detectado)

Pastas Infectadas:
(Nenhum item malicioso detectado)

Ficheiros Infectados:
c:\Users\JAHMEKA\AppData\Local\Temp\Acu.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\JAHMEKA\downloads\setuppoker_407fae.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\Users\JAHMEKA\downloads\keygen_autodesk.3ds.max.design.2010.x32.45376.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\Atiwaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\Atiwab.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
 
c:\Users\JAHMEKA\downloads\keygen_autodesk.3ds.max.design.2010.x32.45376.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\Atiwaa.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\Atiwab.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
 
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-08 03:46:17
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.LV01
Running: 0zibvsxl.exe; Driver: C:\Windows\TEMP\uflyypoc.sys


---- System - GMER 1.0.15 ----

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8B5E6BAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0x8B5E69D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8B5E6B0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor \Device\Ide\iaStor0 [8B4CDEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [8B4CDEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 [8B4CDEB0] \SystemRoot\system32\DRIVERS\iaStor.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 866F41F8

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- EOF - GMER 1.0.15 ----
 
DDS (Ver_10-12-05.01) - NTFSx86
Run by JAHMEKA at 3:52:08,76 on 08/12/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.3038.1591 [GMT 2:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\JAHMEKA\Downloads\dds(2).scr
 
============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
TB: Nero Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [pdfw] c:\program files\amic utilities\pdf writer pro\pdfwload.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\users\jahmeka\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\drspaw~1.lnk - c:\programdata\asgvis\drspawner\DRSpawner.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com
 
================= FIREFOX ===================

FF - ProfilePath - c:\users\jahmeka\appdata\roaming\mozilla\firefox\profiles\btviiidd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=NRO&o=101913&locale=pt_IT&q=
FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veetle\vlcbroadcast\npvbp.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\jahmeka\appdata\roaming\mozilla\firefox\profiles\btviiidd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\jahmeka\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\jahmeka\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\tvuax\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\real\realplayer\browserrecordplugin\firefox\Ext
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\nokia\nokia pc suite 7\bkmrksync
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\jahmeka\appdata\roaming\mozilla\firefox\profiles\btviiidd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: TVU Web Player: firefox@tvunetworks.com - c:\users\jahmeka\appdata\roaming\mozilla\firefox\profiles\btviiidd.default\extensions\firefox@tvunetworks.com
FF - Extension: vShare: vshare@toolbar - c:\users\jahmeka\appdata\roaming\mozilla\firefox\profiles\btviiidd.default\extensions\vshare@toolbar
 
============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-20 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-20 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-20 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-20 40384]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;c:\program files\autodesk\3ds max design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-3-12 86016]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-25 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-14 104992]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-10-11 1153368]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-14 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-25 337184]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-20 40384]
R3 NETw5v32;Controlador del adaptador Intel(R) Wireless WiFi Link para Windows Vista de 32 bits;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-4-6 24368]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-14 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Servicio Google Update (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-14 29736]
S3 FontCache;Servicio de caché de fuentes de Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-25 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-25 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-25 62752]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-25 83232]
S3 VUAgent;VUAgent;c:\program files\sony\vaio update 5\VUAgent.exe [2010-6-21 673136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
 
=============== Created Last 30 ================

2010-12-08 01:27:36 -------- d-----w- c:\users\jahmeka\appdata\roaming\Malwarebytes
2010-12-08 01:27:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 01:27:23 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-08 01:27:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 01:27:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-08 00:41:33 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-12-08 00:41:33 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-12-08 00:41:33 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-12-08 00:41:33 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-12-08 00:41:33 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-12-08 00:41:32 -------- d-----w- c:\program files\Trojan Remover
2010-12-08 00:17:20 -------- d-----w- c:\progra~2\FileCure
2010-12-08 00:13:40 -------- d-----w- c:\users\jahmeka\appdata\local\PackageAware
2010-12-07 23:50:50 -------- d-----w- c:\windows\pss
2010-12-07 07:33:38 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{7e9677eb-4e3b-4c84-a471-24cb490d1489}\mpengine.dll
2010-11-24 07:18:16 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-21 08:42:23 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-11-21 08:41:42 -------- d-----w- c:\program files\common files\xing shared
2010-11-21 08:40:45 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-11-21 08:40:04 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-11-10 08:47:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-10-19 08:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 17:01:16 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-15 01:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL

============= FINISH: 3:52:39,23 ===============
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-05.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 15/05/2009 20:16:09
System Uptime: 08/12/2010 3:39:56 (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | N/A | 2267/266mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 287 GiB total, 126,856 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
G: is CDROM ()
J: is CDROM (UDF)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP639: 02/11/2010 9:22:32 - Windows Update
RP640: 03/11/2010 16:29:38 - Punto de control programado
RP641: 04/11/2010 9:40:17 - Windows Update
RP642: 05/11/2010 2:42:26 - Punto de control programado
RP643: 05/11/2010 23:45:27 - Windows Update
RP644: 07/11/2010 16:29:57 - Punto de control programado
RP645: 08/11/2010 11:22:14 - Punto de control programado
RP646: 09/11/2010 2:34:12 - Punto de control programado
RP647: 09/11/2010 9:15:19 - Windows Update
RP648: 10/11/2010 16:11:28 - Punto de control programado
RP649: 10/11/2010 23:05:23 - Windows Update
RP650: 12/11/2010 11:02:20 - Windows Update
RP651: 14/11/2010 3:04:30 - Punto de control programado
RP652: 16/11/2010 9:41:32 - Windows Update
RP653: 19/11/2010 9:15:31 - Windows Update
RP654: 23/11/2010 9:08:43 - Windows Update
RP655: 24/11/2010 3:02:50 - Punto de control programado
RP656: 24/11/2010 10:12:50 - Windows Update
RP657: 27/11/2010 19:12:31 - Windows Update
RP658: 30/11/2010 1:55:49 - Punto de control programado
RP659: 30/11/2010 9:39:27 - Windows Update
RP660: 02/12/2010 16:09:06 - Punto de control programado
RP661: 03/12/2010 11:12:59 - Windows Update
RP662: 04/12/2010 18:28:33 - Punto de control programado
RP663: 06/12/2010 14:25:28 - Punto de control programado
RP664: 07/12/2010 9:32:56 - Windows Update
RP666: 07/12/2010 14:45:12 - Se ha instalado DirectX
RP667: 08/12/2010 3:19:04 - Removed ooVoo
v
 
==== Installed Programs ======================

Adobe Acrobat 8 Standard - English, Français, Deutsch
Adobe Acrobat 8.2.5 - CPSID_83708
Adobe Acrobat 8.2.5 Standard
Adobe Flash Player 10 Plugin
Ask Toolbar
Autodesk 3ds Max Design 2010 32-bit
Autodesk 3ds Max Design 2010 32-bit Components
Autodesk 3ds Max Design 2010 Tutorials Files
Autodesk FBX Plugin 2009.4 - 3ds Max Design 2010
avast! Free Antivirus
DWG to PDF Converter MX v4.6
Google Talk Plugin
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Instalación de DivX
Java Auto Updater
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Home and Student 2007
Microsoft Office PowerPoint Viewer 2007 (Spanish)
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.6.12)
MSVC80_x86_v2
Nokia Connectivity Cable Driver
Nokia PC Suite
Paquete de compatibilidad para 2007 Office system
Paquete de controladores de Windows - Nokia Modem (06/09/2010 4.5)
Paquete de controladores de Windows - Nokia Modem (06/09/2010 7.01.0.7)
Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
PC Connectivity Solution
PDF to DWG Converter
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
VAIO Update 5
Veetle TV 0.9.18
 
==== Event Viewer Messages From Past Week ========

08/12/2010 3:40:46, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
08/12/2010 3:17:42, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
08/12/2010 3:14:41, Error: Service Control Manager [7034] - El servicio Ati External Event Utility se terminó de manera inesperada. Esto ha sucedido 1 veces.
07/12/2010 9:28:02, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
07/12/2010 20:48:57, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
07/12/2010 20:47:50, Error: EventLog [6008] - El cierre anterior del sistema a las 20:45:18 del 07/12/2010 resultó inesperado.
07/12/2010 18:52:14, Error: Service Control Manager [7009] - Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Windows Search.
07/12/2010 18:52:14, Error: Service Control Manager [7000] - El servicio Windows Search no pudo iniciarse debido al siguiente error: El servicio no respondió a tiempo a la solicitud de inicio o de control.
07/12/2010 18:52:01, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
07/12/2010 16:09:39, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
07/12/2010 14:59:18, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
06/12/2010 11:02:19, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
05/12/2010 10:56:15, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
04/12/2010 22:51:53, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
04/12/2010 10:57:00, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
03/12/2010 11:08:19, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
02/12/2010 9:32:56, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.
01/12/2010 9:51:47, Error: Service Control Manager [7000] - El servicio Parallel port driver no pudo iniciarse debido al siguiente error: No se puede iniciar el servicio, porque está deshabilitado o porque no tiene dispositivos habilitados asociados a él.

==== End Of File ===========================
 
Uninstall Ask Toolbar, known adware.

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

==================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VGN-FW21E
Logical Drives Mask: 0x0000027c

Kernel Drivers (total 160):
0x83218000 \SystemRoot\system32\ntkrnlpa.exe
0x835D1000 \SystemRoot\system32\hal.dll
0x8040D000 \SystemRoot\system32\kdcom.dll
0x80414000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80484000 \SystemRoot\system32\PSHED.dll
0x80495000 \SystemRoot\system32\BOOTVID.dll
0x8049D000 \SystemRoot\system32\CLFS.SYS
0x804DE000 \SystemRoot\system32\CI.dll
0x805BE000 \SystemRoot\System32\drivers\hhlpl.sys
0x8060D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067E000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\System32\Drivers\spmv.sys
0x8077F000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x80788000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x807AE000 \SystemRoot\system32\drivers\acpi.sys
0x807F4000 \SystemRoot\system32\drivers\msisadrv.sys
0x805CC000 \SystemRoot\system32\drivers\pci.sys
0x8B403000 \SystemRoot\System32\drivers\partmgr.sys
0x8B412000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8B415000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8B41F000 \SystemRoot\system32\drivers\volmgr.sys
0x8B42E000 \SystemRoot\System32\drivers\volmgrx.sys
0x8B478000 \SystemRoot\System32\drivers\mountmgr.sys
0x8B488000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x8B556000 \SystemRoot\system32\drivers\fltmgr.sys
0x8B588000 \SystemRoot\system32\drivers\fileinfo.sys
0x8B598000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8B60A000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B67B000 \SystemRoot\system32\drivers\ndis.sys
0x8B786000 \SystemRoot\system32\drivers\msrpc.sys
0x8B7B1000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B80B000 \SystemRoot\System32\drivers\tcpip.sys
0x8B8F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8BA07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8BB17000 \SystemRoot\system32\drivers\volsnap.sys
0x8BB50000 \SystemRoot\System32\Drivers\spldr.sys
0x8BB58000 \SystemRoot\System32\Drivers\mup.sys
0x8BB67000 \SystemRoot\System32\drivers\ecache.sys
0x8BB8E000 \SystemRoot\system32\drivers\disk.sys
0x8BB9F000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8BBC0000 \SystemRoot\system32\drivers\crcdisk.sys
0x8BBD6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8BBE1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8FA0A000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x9020C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x902AD000 \SystemRoot\System32\drivers\watchdog.sys
0x902B9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x90346000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90351000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9038F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x90409000 \SystemRoot\system32\DRIVERS\NETw5v32.sys
0x90790000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x907DC000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x907EC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x9039E000 \SystemRoot\system32\DRIVERS\risdptsk.sys
0x903AF000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x903C9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x907FA000 \SystemRoot\System32\drivers\pxkbf.sys
0x903DC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8FFA1000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x903E7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90400000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x8FFCD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8FFE5000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x90403000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8B5A2000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90A0D000 \SystemRoot\system32\DRIVERS\storport.sys
0x90A4E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90A59000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90A70000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90A7B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90A9E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90AAD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90AC1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x90AD6000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90AE6000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x90B03000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90B05000 \SystemRoot\system32\DRIVERS\ks.sys
0x90B2F000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90B39000 \SystemRoot\system32\DRIVERS\umbus.sys
0x90B46000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x90B7B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90B8C000 \SystemRoot\system32\drivers\RtHDMIV.sys
0x90BAE000 \SystemRoot\system32\drivers\portcls.sys
0x90BDB000 \SystemRoot\system32\drivers\drmk.sys
0x9160C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91818000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x91855000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x91A02000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x91AB6000 \SystemRoot\system32\drivers\modem.sys
0x91AC3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91ACC000 \SystemRoot\System32\Drivers\Null.SYS
0x91AD3000 \SystemRoot\System32\Drivers\Beep.SYS
0x91ADA000 \SystemRoot\System32\drivers\vga.sys
0x91AE6000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91B07000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91B0F000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91B17000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91B22000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91B30000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91B39000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91B4F000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x91B59000 \SystemRoot\system32\DRIVERS\smb.sys
0x91B6D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91B9F000 \SystemRoot\system32\drivers\afd.sys
0x91BE7000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x91958000 \SystemRoot\system32\DRIVERS\pacer.sys
0x91BEC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9196E000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x91981000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x9198E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x919CA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x919D4000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x91BFA000 \SystemRoot\system32\DRIVERS\DMICall.sys
0x8B9DE000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B5D1000 \SystemRoot\System32\Drivers\aswSP.SYS
0x9280F000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x92826000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x92828000 \SystemRoot\System32\Drivers\usbvideo.sys
0x92849000 \SystemRoot\system32\DRIVERS\udfs.sys
0x92884000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92891000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x9295F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92968000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92978000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9297F000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x94E50000 \SystemRoot\System32\win32k.sys
0x92987000 \SystemRoot\System32\drivers\Dxapi.sys
0x92991000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95070000 \SystemRoot\System32\TSDDD.dll
0x95090000 \SystemRoot\System32\cdd.dll
0x929A0000 \SystemRoot\system32\drivers\luafv.sys
0x929BB000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x929F2000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8B910000 \SystemRoot\system32\drivers\WudfPf.sys
0x8B92A000 \SystemRoot\system32\drivers\spsys.sys
0x919EA000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA0401000 \SystemRoot\system32\DRIVERS\nwifi.sys
0xA042B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA0435000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA0448000 \SystemRoot\system32\drivers\HTTP.sys
0xA04B5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA04D2000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA04EB000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA0500000 \SystemRoot\system32\drivers\mrxdav.sys
0xA0521000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA0540000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA0579000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA0591000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2E07000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2E6D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA2E71000 \SystemRoot\system32\drivers\peauth.sys
0xA2F4F000 \??\C:\Windows\system32\drivers\regi.sys
0xA2F51000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA2F5D000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA2F65000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA2F86000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA2F9C000 \??\C:\Windows\TEMP\uflyypoc.sys
0xA2FB4000 \??\C:\Windows\TEMP\mbr.sys
0x77B10000 \Windows\System32\ntdll.dll
 
Processes (total 81):
0 System Idle Process
4 System
556 C:\Windows\System32\smss.exe
692 csrss.exe
752 C:\Windows\System32\wininit.exe
764 csrss.exe
800 C:\Windows\System32\services.exe
816 C:\Windows\System32\lsass.exe
828 C:\Windows\System32\lsm.exe
864 C:\Windows\System32\winlogon.exe
1016 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
1128 C:\Windows\System32\svchost.exe
1224 C:\Windows\System32\Ati2evxx.exe
1268 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1328 C:\Windows\System32\svchost.exe
1404 C:\Windows\System32\audiodg.exe
1432 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\SLsvc.exe
1488 C:\Windows\System32\svchost.exe
1652 C:\Windows\RTKAUDIOSERVICE.EXE
1712 C:\Windows\System32\Ati2evxx.exe
1744 C:\Windows\System32\svchost.exe
1868 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1896 C:\Windows\System32\wlanext.exe
1740 C:\Windows\System32\spoolsv.exe
2032 C:\Windows\System32\svchost.exe
2136 C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
2188 C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
2216 C:\Windows\System32\svchost.exe
2236 C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
2340 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
2376 C:\Program Files\Canon\IJPLM\ijplmsvc.exe
2412 C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
2540 C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe
2552 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
2584 C:\Program Files\Sony\Network Utility\NSUService.exe
2616 C:\Windows\System32\svchost.exe
2688 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
2732 C:\Windows\System32\svchost.exe
2816 C:\Windows\System32\dwm.exe
2868 C:\Windows\System32\taskeng.exe
2904 C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
2944 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
2972 C:\Windows\explorer.exe
3016 dllhost.exe
3088 C:\Windows\System32\taskeng.exe
3244 C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
3460 C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
3484 C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
3500 dllhost.exe
3512 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
3536 C:\Windows\System32\svchost.exe
3596 C:\Windows\System32\SearchIndexer.exe
3664 C:\Windows\System32\drivers\XAudio.exe
3720 C:\Windows\System32\taskeng.exe
3808 WUDFHost.exe
4024 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
4048 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
3084 WmiPrvSE.exe
3956 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
4072 C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
4444 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
4452 C:\Program Files\Common Files\Java\Java Update\jusched.exe
4608 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
5480 C:\Program Files\Windows Defender\MSASCui.exe
980 C:\Windows\System32\SearchProtocolHost.exe
5264 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4356 C:\Program Files\Sony\Network Utility\LANUtil.exe
5988 C:\Windows\System32\msiexec.exe
636 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
4928 C:\Program Files\CCleaner\CCleaner.exe
5352 C:\Windows\System32\VSSVC.exe
5068 C:\Windows\System32\svchost.exe
6076 WmiPrvSE.exe
4260 C:\Program Files\Mozilla Firefox\firefox.exe
4492 C:\Windows\System32\SearchFilterHost.exe
2980 dllhost.exe
3120 dllhost.exe
5204 C:\Users\JAHMEKA\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`c6f00000 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK3252GSX, Rev: LV010A

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!
 
ComboFix 10-12-07.01 - JAHMEKA 08/12/2010 5:34.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.34.3082.18.3038.1516 [GMT 2:00]
Running from: c:\users\JAHMEKA\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\JAHMEKA\AppData\Local\ggoahih.dat
c:\users\JAHMEKA\AppData\Local\ggoahih.exe
c:\users\JAHMEKA\AppData\Local\ggoahih_navps.dat
c:\users\JAHMEKA\AppData\Local\zgrvboa.dat
c:\users\JAHMEKA\AppData\Local\zgrvboa_nav.dat
c:\users\JAHMEKA\AppData\Local\zgrvboa_navps.dat

.
((((((((((((((((((((((((( Files Created from 2010-11-08 to 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-08 03:43 . 2010-12-08 03:43 -------- d-----w- c:\users\JAHMEKA\AppData\Local\temp
2010-12-08 03:43 . 2010-12-08 03:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-08 03:30 . 2010-12-08 03:30 -------- d-----w- C:\%APPDATA%
2010-12-08 01:27 . 2010-12-08 01:27 -------- d-----w- c:\users\JAHMEKA\AppData\Roaming\Malwarebytes
2010-12-08 01:27 . 2010-12-08 01:27 -------- d-----w- c:\programdata\Malwarebytes
2010-12-08 01:27 . 2010-11-29 15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 01:27 . 2010-12-08 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-08 01:27 . 2010-11-29 15:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 00:41 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-12-08 00:41 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-12-08 00:41 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-12-08 00:41 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-12-08 00:41 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-12-08 00:41 . 2010-12-08 01:11 -------- d-----w- c:\program files\Trojan Remover
2010-12-08 00:17 . 2010-12-08 00:17 -------- d-----w- c:\programdata\FileCure
2010-12-08 00:13 . 2010-12-08 00:13 -------- d-----w- c:\users\JAHMEKA\AppData\Local\PackageAware
2010-12-07 07:33 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E9677EB-4E3B-4C84-A471-24CB490D1489}\mpengine.dll
2010-11-24 07:18 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-21 08:42 . 2010-11-21 08:42 11776 ----a-w- c:\program files\Mozilla Firefox\plugins\nprjplug.dll
2010-11-21 08:41 . 2010-11-21 08:41 -------- d-----w- c:\program files\Common Files\xing shared
2010-11-21 08:40 . 2010-11-21 08:40 151776 ----a-w- c:\program files\Mozilla Firefox\plugins\nppl3260.dll
2010-11-21 08:40 . 2010-11-21 08:40 100352 ----a-w- c:\program files\Mozilla Firefox\plugins\nprpjplug.dll
2010-11-21 08:39 . 2010-11-21 08:41 -------- d-----w- c:\program files\real
2010-11-10 08:47 . 2010-10-07 11:37 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
 
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 08:41 . 2009-10-03 12:05 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-24 17:01 . 2010-09-24 17:01 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-09-15 01:50 . 2010-04-24 07:27 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56 . 2010-10-15 20:24 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{930f1200-f5f1-4870-bac6-e233ec8e7023}]
2009-11-09 15:38 2331672 ----a-w- c:\program files\Softonic_English\tbSoft.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{930f1200-f5f1-4870-bac6-e233ec8e7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{930F1200-F5F1-4870-BAC6-E233EC8E7023}"= "c:\program files\Softonic_English\tbSoft.dll" [2009-11-09 2331672]

[HKEY_CLASSES_ROOT\clsid\{930f1200-f5f1-4870-bac6-e233ec8e7023}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"pdfw"="c:\program files\Amic Utilities\PDF Writer Pro\pdfwload.exe" [2004-03-24 32768]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2010-11-21 274608]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-11-29 963976]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]
DRSpawner.lnk - c:\programdata\ASGvis\DRSpawner\DRSpawner.exe [2010-4-1 2076672]

c:\users\JAHMEKA\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-3-8 575488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Servicio Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R2 mi-raysat_3dsmax2010_32;mental ray 3.7 Satellite for Autodesk 3ds Max Design 2010 32-bit 32-bit;c:\program files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe [2009-03-12 86016]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-23 29736]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2009-12-08 673136]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-04-17 691696]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-18 104992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
S3 NETw5v32;Controlador del adaptador Intel(R) Wireless WiFi Link para Windows Vista de 32 bits;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2010-04-06 24368]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - UFLYYPOC
*Deregistered* - uflyypoc

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:54]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 08:54]

2010-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353991411-4194868037-1116243252-1000Core.job
- c:\users\JAHMEKA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 21:31]

2010-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3353991411-4194868037-1116243252-1000UA.job
- c:\users\JAHMEKA\AppData\Local\Google\Update\GoogleUpdate.exe [2009-09-17 21:31]
 
------ Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
FF - ProfilePath - c:\users\JAHMEKA\AppData\Roaming\Mozilla\Firefox\Profiles\btviiidd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.pt/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\JAHMEKA\AppData\Roaming\Mozilla\Firefox\Profiles\btviiidd.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\JAHMEKA\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\JAHMEKA\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Extension: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files\Nokia\Nokia PC Suite 7\bkmrksync
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\users\JAHMEKA\AppData\Roaming\Mozilla\Firefox\Profiles\btviiidd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: TVU Web Player: firefox@tvunetworks.com - c:\users\JAHMEKA\AppData\Roaming\Mozilla\Firefox\Profiles\btviiidd.default\extensions\firefox@tvunetworks.com
FF - Extension: vShare: vshare@toolbar - c:\users\JAHMEKA\AppData\Roaming\Mozilla\Firefox\Profiles\btviiidd.default\extensions\vshare@toolbar
FF - Extension: Corrector para Português Europeu: pt-PT@dictionaries.addons.mozilla.org - c:\users\JAHMEKA\AppData\Roaming\Mozilla\Firefox\Profiles\btviiidd.default\extensions\pt-PT@dictionaries.addons.mozilla.org
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-08 05:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0
 
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3353991411-4194868037-1116243252-1000\Software\SecuROM\License information*]
"datasecu"=hex:24,31,9c,fe,99,b9,03,15,86,a6,bb,04,07,73,d9,50,51,b4,02,26,41,
3b,81,52,14,6f,cf,5d,6a,af,a0,5d,3f,65,49,4f,dd,66,fe,3f,38,24,c0,34,41,87,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000a0

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-08 05:45:16
ComboFix-quarantined-files.txt 2010-12-08 03:45

Pre-Run: 137.013.432.320 bytes libres
Post-Run: 137.152.765.952 bytes libres

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 2A80D73E0FE0665850069FC44EFE398E
 
Looks good :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
the pc is going good... hope and wish to be perfect .
im making the download now of this and i will post it .

thanks again -)
 
OTL logfile created on: 08/12/2010 6:04:22 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\JAHMEKA\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: | Country: | Language: | Date Format:

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,98 Gb Total Space | 127,05 Gb Free Space | 44,27% Space Free | Partition Type: NTFS
Drive J: | 3,50 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JAHMEKA1 | User Name: JAHMEKA | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/08 06:00:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\JAHMEKA\Desktop\OTL.exe
PRC - [2010/10/28 09:31:07 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Archivos de programa\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 17:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Archivos de programa\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/09/01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Archivos de programa\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Archivos de programa\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009/07/01 00:03:12 | 000,085,096 | ---- | M] (Autodesk) -- C:\Archivos de programa\Common Files\Autodesk Shared\Service\AdskScSrv.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () -- C:\Archivos de programa\Canon\IJPLM\ijplmsvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Archivos de programa\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/08/06 18:06:44 | 001,771,360 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Sony\VAIO Power Management\SPMgr.exe
PRC - [2008/08/06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Sony\VAIO Power Management\SPMService.exe
PRC - [2008/07/30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Sony\Network Utility\NSUService.exe
PRC - [2008/07/30 16:05:22 | 000,262,144 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Sony\Network Utility\LANUtil.exe
PRC - [2008/07/18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RTKAUDIOSERVICE.EXE
PRC - [2008/07/15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Sony\VAIO Event Service\VESMgr.exe
PRC - [2008/07/15 18:04:08 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2008/07/01 08:56:38 | 000,768,552 | ---- | M] (Broadcom Corporation.) -- C:\Archivos de programa\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/06/20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2008/06/19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2008/06/11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2008/05/22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Archivos de programa\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2008/04/30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Archivos de programa\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Defender\MSASCui.exe
PRC - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () -- C:\Archivos de programa\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Archivos de programa\Common Files\InterVideo\RegMgr\iviRegMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/12/08 06:00:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\JAHMEKA\Desktop\OTL.exe
MOD - [2010/11/21 10:41:20 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/01/20 16:59:10 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcr90.dll
MOD - [2010/01/20 16:59:10 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2\msvcp90.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 17:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/06/14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/08 20:04:34 | 000,673,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Archivos de programa\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/08/28 16:13:09 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/07/01 00:03:12 | 000,085,096 | ---- | M] (Autodesk) [Auto | Running] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2009/03/12 17:36:24 | 000,086,016 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Autodesk\3ds Max Design 2010\mentalray\satellite\raysat_3dsmax2010_32server.exe -- (mi-raysat_3dsmax2010_32)
SRV - [2009/02/10 18:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Archivos de programa\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/06 18:06:42 | 000,411,488 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2008/07/30 16:05:22 | 000,299,008 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\Network Utility\NSUService.exe -- (NSUService)
SRV - [2008/07/18 13:14:24 | 000,104,992 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Windows\RTKAUDIOSERVICE.EXE -- (RtkAudioService)
SRV - [2008/07/15 18:04:08 | 000,182,112 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Archivos de programa\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2008/06/20 08:56:44 | 000,415,744 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2008/06/19 08:55:48 | 000,279,848 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2008/06/11 23:13:24 | 000,337,184 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2008/06/11 23:10:48 | 000,083,232 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2008/05/22 14:23:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2008/05/22 14:21:44 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2008/05/20 19:05:40 | 000,353,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe -- (SOHDms)
SRV - [2008/05/20 19:05:40 | 000,103,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe -- (SOHCImp)
SRV - [2008/05/20 19:05:40 | 000,062,752 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe -- (SOHDs)
SRV - [2008/05/20 01:51:34 | 000,077,824 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2008/05/20 01:49:04 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2008/05/20 01:29:06 | 000,053,248 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2008/04/30 19:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 19:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/09/11 00:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Archivos de programa\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/01/04 19:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/09/07 16:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 16:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 16:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 16:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 16:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/04/17 19:51:08 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/06 16:25:45 | 000,024,368 | ---- | M] (Prevx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pxkbf.sys -- (pxkbf)
DRV - [2010/02/26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/30 02:12:26 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/07/28 17:19:28 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/07/23 02:03:19 | 000,018,088 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2008/07/23 02:03:18 | 000,108,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2008/07/23 02:03:18 | 000,084,008 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2008/07/23 02:02:56 | 000,029,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2008/07/18 13:14:13 | 002,149,912 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/07/11 16:42:58 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2008/06/28 02:33:45 | 000,068,608 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2008/06/28 02:11:39 | 000,143,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2008/06/21 02:03:04 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\risdptsk.sys -- (risdptsk)
DRV - [2008/06/12 08:28:49 | 000,056,108 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2008/06/07 02:02:55 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/04/28 06:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Controlador del adaptador Intel(R)
DRV - [2008/04/22 02:20:41 | 000,312,344 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2008/04/19 06:05:22 | 000,103,936 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2008/03/27 02:54:41 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2008/03/17 11:05:30 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/10 13:01:26 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2008/02/26 13:07:54 | 000,073,728 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Archivos de programa\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2008/02/23 02:38:50 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/01/25 04:14:25 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/25 04:14:16 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/01/25 04:14:12 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/01/25 04:14:12 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/17 20:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Archivos de programa\Softonic_English\tbSoft.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010/07/28 16:41:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/21 10:41:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/08 03:22:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/21 10:42:24 | 000,000,000 | ---D | M]

[2010/10/22 14:38:14 | 000,000,000 | ---D | M] -- C:\Archivos de programa\Mozilla Firefox\extensions
[2010/04/24 09:28:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/22 13:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/22 14:38:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Archivos de programa\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Archivos de programa\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/28 00:41:57 | 000,002,196 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\babylon.xml
[2010/03/12 11:14:03 | 000,003,996 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\drae.xml
[2010/03/12 11:14:03 | 000,000,751 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\eBay-es.xml
[2010/03/12 11:14:04 | 000,001,178 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010/03/24 10:13:55 | 000,001,102 | ---- | M] () -- C:\Archivos de programa\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2010/12/08 05:43:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Archivos de programa\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Archivos de programa\Softonic_English\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Archivos de programa\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Archivos de programa\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Softonic English Toolbar) - {930f1200-f5f1-4870-bac6-e233ec8e7023} - C:\Archivos de programa\Softonic_English\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Archivos de programa\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic English Toolbar) - {930F1200-F5F1-4870-BAC6-E233EC8E7023} - C:\Archivos de programa\Softonic_English\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [pdfw] C:\Archivos de programa\Amic Utilities\PDF Writer Pro\pdfwload.exe (Bastea, Inc.)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Archivos de programa\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Archivos de programa\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Archivos de programa\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img27.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/11 13:33:27 | 000,000,000 | ---D | M] - C:\AUTOCAD2009 -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/03/12 20:04:40 | 000,000,043 | R--- | M] () - J:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Archivos de programa\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/12/08 05:46:01 | 000,000,000 | -HSD | C] -- C:\Users\JAHMEKA\%APPDATA%
[2010/12/08 05:45:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/12/08 05:45:21 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2010/12/08 05:32:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/12/08 05:32:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/12/08 05:32:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/12/08 05:31:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/12/08 05:31:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/12/08 05:31:52 | 000,000,000 | ---D | C] -- \ComboFix
[2010/12/08 05:31:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/12/08 05:30:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/08 05:30:15 | 000,000,000 | ---D | C] -- \Qoobox
[2010/12/08 05:30:02 | 000,000,000 | ---D | C] -- C:\%APPDATA%
[2010/12/08 05:30:02 | 000,000,000 | ---D | C] -- \%APPDATA%
[2010/12/08 03:27:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/08 03:27:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/08 03:27:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/12/08 03:27:19 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Malwarebytes' Anti-Malware
[2010/12/08 02:41:32 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Trojan Remover
[2010/12/08 02:17:20 | 000,000,000 | ---D | C] -- C:\ProgramData\FileCure
[2010/12/08 01:50:50 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/11/21 10:41:42 | 000,000,000 | ---D | C] -- C:\Archivos de programa\Common Files\xing shared
[2010/11/21 10:39:53 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2010/11/21 10:39:36 | 000,000,000 | ---D | C] -- C:\Archivos de programa\real

========== Files - Modified Within 30 Days ==========

[2010/12/08 05:59:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3353991411-4194868037-1116243252-1000UA.job
[2010/12/08 05:43:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/08 05:40:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/08 05:40:24 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/08 05:19:00 | 000,001,074 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/12/08 05:14:49 | 000,001,559 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2009.lnk
[2010/12/08 03:40:41 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/12/08 03:40:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/08 03:40:17 | 3184,582,656 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/08 03:34:54 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/08 03:27:23 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/07 18:49:32 | 000,000,609 | ---- | M] () -- C:\Windows\wininit.ini
[2010/12/07 14:50:51 | 000,001,930 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 32-bit.lnk
[2010/12/07 14:47:23 | 000,017,592 | ---- | M] () -- C:\Windows\System32\drivers\etc\services
[2010/12/07 09:59:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3353991411-4194868037-1116243252-1000Core.job
[2010/12/06 22:49:15 | 000,425,916 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101207-211801.backup
[2010/12/05 15:41:21 | 000,425,916 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101206-224915.backup
[2010/12/05 14:56:21 | 000,425,916 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101205-154121.backup
[2010/12/03 01:13:16 | 000,676,836 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2010/12/03 01:13:16 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/03 01:13:16 | 000,133,270 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2010/12/03 01:13:16 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/21 10:39:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2010/11/11 21:46:23 | 000,380,983 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101205-145621.backup

========== Files Created - No Company Name ==========

[2010/12/08 05:45:16 | 000,018,247 | ---- | C] () -- \ComboFix.txt
[2010/12/08 05:32:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/08 05:32:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/08 05:32:00 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/08 05:32:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/08 05:32:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/12/08 03:27:23 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/08 02:41:33 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010/12/08 02:41:33 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010/12/08 02:41:33 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010/12/08 02:41:33 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010/12/07 14:50:51 | 000,001,930 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 3ds Max Design 2010 32-bit.lnk
[2010/06/25 12:33:01 | 000,001,024 | -HS- | C] () -- C:\ProgramData\dwg2pdf.dll
[2010/06/25 12:32:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2010/06/04 12:17:18 | 000,001,293 | ---- | C] () -- \vraylog.txt
[2010/04/17 19:51:08 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010/01/02 02:59:15 | 000,000,438 | ---- | C] () -- \startvrlservice_log.txt
[2010/01/02 02:59:14 | 000,000,108 | ---- | C] () -- \VRSpawner.log
[2009/11/19 19:50:51 | 000,000,015 | ---- | C] () -- C:\Archivos de programa\plugin.ini
[2009/11/17 10:52:41 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/11/17 10:52:41 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/11/17 02:20:55 | 000,000,609 | ---- | C] () -- C:\Windows\wininit.ini
[2009/11/11 13:50:01 | 000,139,776 | ---- | C] () -- C:\Archivos de programa\vraydummy90.max
[2009/11/11 13:50:01 | 000,006,213 | ---- | C] () -- C:\Archivos de programa\vraydummy90.xml
[2009/10/20 22:43:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/18 22:11:24 | 000,000,000 | ---- | C] () -- \Tech_Vista.log
[2009/05/15 22:54:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/05/15 19:11:50 | 3184,582,656 | -HS- | C] () --
[2009/05/15 19:11:47 | 3500,269,568 | -HS- | C] () --
[2008/11/05 14:42:45 | 000,062,400 | ---- | C] () -- C:\Windows\System32\IFC.dll
[2008/11/05 14:41:56 | 000,422,848 | ---- | C] () -- C:\Windows\System32\PPL.dll
[2008/10/22 04:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2008/08/25 11:38:04 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008/08/25 11:30:13 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008/08/25 11:13:10 | 000,000,187 | ---- | C] () -- \Installer_Setup.log
[2008/08/25 11:07:37 | 000,386,428 | ---- | C] () -- \vcredist_x86.log
[2008/08/25 11:00:08 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/08/14 20:22:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/08/14 20:20:13 | 000,008,192 | R-S- | C] () -- \BOOTSECT.BAK
[2008/08/14 20:20:12 | 000,333,257 | RHS- | C] () -- \bootmgr
[2007/12/12 14:44:44 | 000,466,944 | ---- | C] () -- C:\Windows\System32\RemoveDevice.dll
[2007/09/12 01:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:23:09 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:08 | 000,000,010 | ---- | C] () -- \config.sys
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/12/08 03:34:54 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/08/14 20:20:13 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010/12/08 05:45:16 | 000,018,247 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/12/08 03:40:17 | 3184,582,656 | -HS- | M] () -- C:\hiberfil.sys
[2008/08/25 11:14:22 | 000,000,187 | ---- | M] () -- C:\Installer_Setup.log
[2009/11/17 10:52:41 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/11/17 10:52:41 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/12/08 03:40:14 | 3500,269,568 | -HS- | M] () -- C:\pagefile.sys
[2010/01/02 02:59:15 | 000,000,438 | ---- | M] () -- C:\startvrlservice_log.txt
[2009/07/27 23:21:36 | 000,000,000 | ---- | M] () -- C:\Tech_Vista.log
[2008/08/25 11:07:38 | 000,386,428 | ---- | M] () -- C:\vcredist_x86.log
[2010/06/22 19:59:27 | 000,001,293 | ---- | M] () -- C:\vraylog.txt
[2010/01/02 02:59:15 | 000,000,108 | ---- | M] () -- C:\VRSpawner.log

< %systemroot%\Fonts\*.com >
[2006/11/02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/11/21 22:08:44 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2010/04/24 04:00:00 | 000,027,648 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9X.DLL
[2010/04/24 04:00:00 | 000,070,656 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9X.DLL
[2006/11/02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/09/07 17:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

< %systemroot%\*._sy >

Invalid Environment Variable: APPDATA

< %ALLUSERSPROFILE%\Favorites\*.* >

Invalid Environment Variable: APPDATA

< %PROGRAMFILES%\*.* >
[2008/01/21 04:43:21 | 000,000,174 | -HS- | M] () -- C:\Archivos de programa\desktop.ini
[2010/04/06 17:17:39 | 000,000,015 | ---- | M] () -- C:\Archivos de programa\plugin.ini
[2010/04/06 17:17:39 | 000,139,776 | ---- | M] () -- C:\Archivos de programa\vraydummy90.max
[2010/04/06 17:17:39 | 000,006,213 | ---- | M] () -- C:\Archivos de programa\vraydummy90.xml

Invalid Environment Variable: APPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

Invalid Environment Variable: APPDATA

< %USERPROFILE%\Desktop\*.exe >
[2010/12/08 05:24:56 | 003,986,114 | R--- | M] () -- C:\Users\JAHMEKA\Desktop\ComboFix.exe
[2010/12/08 06:00:30 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\JAHMEKA\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

Invalid Environment Variable: APPDATA

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2009/11/21 22:23:03 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
[2009/11/21 22:22:34 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
[2009/05/15 19:15:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
[2009/05/15 19:15:50 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
[2009/11/21 22:22:34 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/12/07 20:49:23 | 000,000,402 | -HS- | M] () -- C:\Users\JAHMEKA\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/06/25 14:21:29 | 000,001,024 | -HS- | M] () -- C:\ProgramData\dwg2pdf.dll

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

Invalid Environment Variable: AppData

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2009/09/05 20:22:45 | 000,000,000 | ---D | M](C:\Users\JAHMEKA\Favorites\??rcadores sin clasificar) -- C:\Users\JAHMEKA\Favorites\껸Ɠrcadores sin clasificar

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
 
Status
Not open for further replies.

Similar threads

D
Solved Malwarebyte pop-up at random times showing "Website blocked due to Trojan" Type: Outbound, c/windows/syswows64/dllhost.exe
2
Replies
25
Views
5K
allant
A
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni
ravisunny2
Solved Need help with possible infection
Replies
11
Views
3K
Broni
Broni

Latest posts

Back