PDA

View Full Version : I'm afraid I'm Infected. Can anybody help?



Chicososo
2010-12-30, 02:36
Hi there.

Yesterday, while downloading some music via a file sharing site (not P2P), my computer gave me a notice about some risk of viruses. I run my antivirus program (McAfee Internet Security) and detected 2 infected files and 2 trojans (McAfee's report gave no info regarding what files/what kind of virus) that were theoretically removed.

To my surprise, today, after a long session with the computer, the machine started to malfunction/behave in a totally weird way. Sometimes the desktop seems to disappear, some areas of the screen get white or black, the windows with the running programs and the menu lists appears and disappears randomly, and the Windows Vista taskbar gets momentarily invisible, or appears in the upper side of the scream, although unreachable for the mouse. While this happens, there's no way to access to the functions or programs via the Start in the windows taskbar.

Below and attached are my DDS reports.

Hope somebody can help.

Thanks in advance.

DDS (Ver_10-12-12.02) - NTFSx86
Run by LUIS at 1:04:02,02 on 30.12.2010
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3038.1140 [GMT 1:00]

AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\LEXBCES.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\LEXPPS.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\rundll32.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Sony\Marketing Tools\MarketingTools.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\LUIS\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\McAfee\Core\mchost.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LUIS\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.club-vaio.com
uDefault_Page_URL = hxxp://www.club-vaio.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.club-vaio.com
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101112075510.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\progra~1\google~1\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [googletalk] c:\users\luis\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MarketingTools] c:\program files\sony\marketing tools\MarketingTools.exe
mRun: [AML] c:\program files\sony\vaio launcher\AML.exe InitApp
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\luis\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bttray.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-dd0354fb6bbd}\Icon3E5562ED7.ico
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: An vorhandenes PDF anfügen - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {9A20C17C-5CE3-4B04-AF6E-0E5A675CBB35} = 62.109.123.7 213.191.92.86
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\luis\appdata\roaming\mozilla\firefox\profiles\s4gvgt89.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\luis\appdata\roaming\mozilla\firefox\profiles\s4gvgt89.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\users\luis\appdata\local\yahoo!\browserplus\2.7.0\plugins\npybrowserplus_2.7.0.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Open IT Online: extension@openitonline.com - %profile%\extensions\extension@openitonline.com
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Answers: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} - %profile%\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
FF - Ext: Dictionary Switcher: dictionary-switcher@design-noir.de - %profile%\extensions\dictionary-switcher@design-noir.de
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Diccionario de Español/España: es-es@dictionaries.addons.mozilla.org - %profile%\extensions\es-es@dictionaries.addons.mozilla.org
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-9-29 386840]
R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-9-29 64304]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-9-29 164840]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-11-16 88176]
R2 McMPFSvc;McAfee Personal Firewall-Dienst;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-29 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-29 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-9-29 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-9-29 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-9-29 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-9-29 141792]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2008-8-24 299008]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-8-11 104992]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-8-11 411488]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-6-20 415744]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-9-29 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-9-29 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-9-29 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-9-29 313288]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-4-28 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-11 9344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-11 29736]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-8-24 30192]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-9-29 84264]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-8-24 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-8-24 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-8-24 62752]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-8-24 337184]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-8-24 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-23 19:44:13 -------- d-----w- c:\program files\VideoLAN
2010-12-16 04:50:55 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 04:49:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat

==================== Find3M ====================

2010-11-06 11:10:29 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-06 11:10:13 357376 ----a-w- c:\windows\system32\taskschd.dll
2010-11-06 11:10:13 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-06 11:09:57 603648 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-05 00:53:47 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01:54 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01:31 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26:10 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:02:24 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:03:07 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-18 14:01:05 81920 ----a-w- c:\windows\system32\consent.exe
2010-10-18 13:56:44 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-10-13 21:28:54 141792 ----a-w- c:\windows\system32\mfevtps.exe

============= FINISH: 1:05:08,83 ===============

ken545
2011-01-02, 21:18
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.

File sharing in any shape or form is dangerous as you most likely can tell now. I would never allow any type of file sharing on any of my computers. Your downloading that file from and unknown source.




Please download Malwarebytes from Here (http://www.malwarebytes.org/mbam-download.php) or Here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)


Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
http://i24.photobucket.com/albums/c30/ken545/MBAMCapture.jpg
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.
Post the report please





OTL by OldTimer

Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

Chicososo
2011-01-04, 22:01
Hi Ken545.

Sorry for the delay, but your answer found me travelling.

Following now your instructions. I'll post the reports as soon as I get then.

Thanks a lot for helping out with this!

Chicososo
2011-01-04, 23:12
Malwarebytes report (No malicious items were detected).



Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5460

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

04.01.2011 21:23:42
mbam-log-2011-01-04 (21-23-42).txt

Scan type: Quick scan
Objects scanned: 246283
Time elapsed: 34 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------------------------------


OTL.Txt report.


OTL logfile created on: 04.01.2011 21:40:02 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\LUIS\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,87 Gb Total Space | 79,26 Gb Free Space | 27,63% Space Free | Partition Type: NTFS

Computer Name: LUIS-PC | User Name: LUIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LUIS\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - c:\Programme\McAfee\MSC\mcupdmgr.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\Core\mchost.exe (McAfee, Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Users\LUIS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (SafeList) ==========

MOD - C:\Users\LUIS\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010.11.06 16:06:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010.11.06 16:06:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.12.14 17:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 15:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 15:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.17 07:47:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.06 16:06:05 | 000,000,000 | ---D | M]

[2008.11.16 11:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Extensions
[2011.01.04 05:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions
[2010.06.03 14:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.13 12:58:36 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010.03.12 06:56:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.12.12 09:32:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.11.07 21:19:41 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010.02.12 15:40:08 | 000,000,000 | ---D | M] (Answers) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008.12.02 07:38:31 | 000,000,000 | ---D | M] (Wizz RSS News Reader) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2010.01.22 18:20:15 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010.12.12 09:32:36 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.01.22 18:20:17 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\dictionary-switcher@design-noir.de
[2010.12.12 09:32:29 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.10.13 12:58:36 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (Open IT Online) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\chrome
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\components
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\defaults
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\META-INF
[2010.12.08 13:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.07 06:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.06 05:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.08 13:45:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.12.25 14:41:12 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2008.12.25 14:41:12 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2008.12.25 14:41:12 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.22 05:00:16 | 000,003,996 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\drae.xml
[2010.10.22 05:00:17 | 000,000,751 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-es.xml
[2010.10.22 05:00:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010.10.22 05:00:17 | 000,001,102 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20101112075510.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe File not found
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [googletalk] C:\Users\LUIS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.01.04 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\LUIS\AppData\Roaming\Malwarebytes
[2011.01.04 20:47:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.04 20:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.04 20:47:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.04 20:47:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.01.04 05:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2010.12.30 01:02:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.30 01:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2010.12.30 01:00:51 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.12.16 05:51:26 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 05:51:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 05:51:20 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 05:51:20 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 05:51:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 05:51:13 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 05:51:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 05:51:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 05:51:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 05:51:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.16 05:51:03 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.16 05:51:03 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 05:51:03 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.16 05:51:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.16 05:51:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.16 05:51:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 05:51:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 05:51:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.16 05:51:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.16 05:51:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.16 05:51:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.16 05:51:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.16 05:51:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.16 05:51:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.16 05:51:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.16 05:50:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.08 13:45:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.08 13:45:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.08 13:45:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.01.04 21:37:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.04 21:37:15 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.04 21:35:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.04 21:21:01 | 000,033,178 | ---- | M] () -- C:\Users\LUIS\Desktop\MEDIAS_2_010111.ods
[2011.01.04 20:47:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.04 19:46:04 | 000,042,019 | ---- | M] () -- C:\Users\LUIS\Desktop\PROPUESTAS_9_010111.ods
[2011.01.04 05:37:44 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.04 05:37:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.04 05:37:09 | 3186,663,424 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.03 23:34:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.03 21:08:30 | 000,013,312 | ---- | M] () -- C:\Users\LUIS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.03 21:07:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.03 21:07:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.03 21:07:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.03 21:07:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.30 01:08:45 | 000,003,330 | ---- | M] () -- C:\Users\LUIS\Desktop\Attach.zip
[2010.12.30 01:03:25 | 000,624,128 | ---- | M] () -- C:\Users\LUIS\Desktop\dds.scr
[2010.12.30 01:01:29 | 000,000,913 | ---- | M] () -- C:\Users\LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.12.30 01:00:52 | 000,000,714 | ---- | M] () -- C:\Users\LUIS\Desktop\ERUNT.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 08:52:18 | 000,345,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.12 13:23:03 | 000,018,636 | ---- | M] () -- C:\Users\LUIS\Desktop\DocumentoEnBlanco.odt
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.04 20:47:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.04 05:44:16 | 000,042,019 | ---- | C] () -- C:\Users\LUIS\Desktop\PROPUESTAS_9_010111.ods
[2011.01.04 05:44:06 | 000,033,178 | ---- | C] () -- C:\Users\LUIS\Desktop\MEDIAS_2_010111.ods
[2010.12.30 01:08:45 | 000,003,330 | ---- | C] () -- C:\Users\LUIS\Desktop\Attach.zip
[2010.12.30 01:03:21 | 000,624,128 | ---- | C] () -- C:\Users\LUIS\Desktop\dds.scr
[2010.12.30 01:01:29 | 000,000,913 | ---- | C] () -- C:\Users\LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.12.30 01:00:52 | 000,000,714 | ---- | C] () -- C:\Users\LUIS\Desktop\ERUNT.lnk
[2009.06.14 09:23:36 | 000,000,097 | ---- | C] () -- C:\Windows\RENT2008.INI
[2009.05.14 22:22:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.04.05 12:26:44 | 000,001,184 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.11.22 16:52:48 | 000,013,312 | ---- | C] () -- C:\Users\LUIS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.16 18:28:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.15 23:15:40 | 000,002,032 | ---- | C] () -- C:\Users\LUIS\AppData\Local\d3d9caps.dat
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.08.24 10:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.08.24 10:01:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008.08.24 09:31:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.08.11 19:55:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.09.12 00:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.08.18 15:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2002.11.13 20:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2002.09.13 16:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008.12.25 14:41:14 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\eMusic
[2009.09.23 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Image Zone Express
[2008.11.16 21:30:39 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\InterVideo
[2008.11.16 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\OpenOffice.org
[2009.06.15 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Printer Info Cache
[2009.08.22 08:59:53 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Red Kawa
[2008.11.16 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Thunderbird
[2011.01.03 23:34:18 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Chicososo
2011-01-04, 23:24
Extras.Txt report


OTL Extras logfile created on: 04.01.2011 21:40:02 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\LUIS\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,87 Gb Total Space | 79,26 Gb Free Space | 27,63% Space Free | Partition Type: NTFS

Computer Name: LUIS-PC | User Name: LUIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B6239D-E2CE-4EFA-BFDF-80EC96EF0036}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{25F577E8-CF22-4B4E-8031-5BB99B39D16C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{41D599B8-5309-4644-9D76-08AB82E43562}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{6652B35B-EDC0-4AB7-B7CE-648A86B885F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8BB1708E-C98D-48F0-9CBD-2CF1B7EF6124}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{BCC4BA85-2C54-482B-B653-E9719D46E73B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C5B01E53-102F-435D-ACF2-8919FFB8B49F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C8A8F3E2-A2FC-445B-9EFA-C6C9C571D733}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D3D8971E-7750-48E9-8A14-88E62128968E}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{D4315240-2643-41C5-A331-B9092F135B87}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DF58FB7C-75D8-4CD3-8339-15641BC9E4F8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{FBCF8A0D-CE82-46AA-B7E6-5610DB7129A4}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{018F8F57-B46B-B9B9-C452-DE8F5618434F}" = Catalyst Control Center Graphics Full Existing
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07C93E59-2DE3-1565-28A9-8C848B26D0F5}" = CCC Help German
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{0A6F9244-8C79-1296-3A43-097F67EB666A}" = Catalyst Control Center Localization Dutch
"{0B9B76C9-4967-59FC-C994-191AEA152F04}" = ATI Catalyst Install Manager
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{1316AEF2-E086-46C7-B1FB-8C9A39A2ABF9}" = VAIO Media plus
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15D5C238-4C2E-4AEA-A66D-D6989A4C586B}" = VAIO Launcher
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{1790FDA2-938F-C886-8988-1ECB74E45517}" = Catalyst Control Center Localization Norwegian
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C815731-19F3-0770-8776-D78D6BEBC291}" = Catalyst Control Center Localization Hungarian
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1EC06E70-BE43-DAAA-A217-E5C98869B1F8}" = Catalyst Control Center Localization Greek
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{2018C019-30D9-4240-8C01-0865C10DCF5A}" = Unterstützung für VAIO-Präsentation
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{25BA8D5A-228A-7192-6FA1-890D9F1C679F}" = CCC Help Korean
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi-Software
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{326DC400-1FC4-4D7D-946D-06D1EAB93200}" = VAIO Guide
"{363611D9-1106-41F2-B74E-BD8481C41219}" = Click to Disc
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B311FB9-5B6A-328C-D7AE-2445D639D886}" = CCC Help Norwegian
"{3B659FAD-E772-44A3-B7E7-560FF084669F}" = VAIO Smart Network
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D333C7C-102B-F474-9524-72AAA3F292B8}" = Catalyst Control Center Localization Danish
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{430DD2C5-65FD-9781-F9F2-693CAF05CD10}" = Catalyst Control Center InstallProxy
"{4529BC6B-16AE-6829-4946-36C33DBF8DD1}" = Catalyst Control Center Localization French
"{46D7A7FB-305B-F77D-60F8-8FAE1C432374}" = Catalyst Control Center InstallProxy
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"{4EA55D20-27FB-45D7-8726-147E8A5F6C62}" = VAIO MusicBox
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{527EB2A4-BF51-B1B6-3F09-2032A861548E}" = Catalyst Control Center Graphics Light
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{55C0F7C1-8B6D-CBBD-2B88-EE7261A87254}" = CCC Help Greek
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data Basic
"{5C5EE8F2-0B38-4C13-AE4E-A87A237FE718}" =
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F5867F0-2D23-4338-A206-01A76C823924}" = VAIO Energie Verwaltung
"{629FD96D-5877-0832-2D31-0EFE781F870D}" = CCC Help Portuguese
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{652C5DED-9B9F-93D0-5E94-931B8C38EF0E}" = Catalyst Control Center Localization Thai
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = Click to Disc
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A54CB6A-59D1-6A3A-08F3-E34ECF8905A9}" = Catalyst Control Center Graphics Previews Vista
"{6AA6EEA5-BF09-932B-AC25-0E9CCA4B709A}" = CCC Help Danish
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6C4EF0CA-A9DD-96CF-B722-CCDEB589DD26}" = Catalyst Control Center Localization Chinese Traditional
"{6C50525A-2D77-4C22-B058-9AA2F27ACFF2}" = VAIO Content Metadata Intelligent Analyzing Manager
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}" = VAIO Movie Story Template Data
"{711D43D7-24FE-A2B7-CC52-A48BCAAF3926}" = Catalyst Control Center Graphics Previews Common
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73496381-83C9-7BE6-6EB6-4CF97C00E5FD}" = CCC Help Polish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79BBD55C-9FF6-D496-8AE6-E2EC2829F974}" = Catalyst Control Center Localization Czech
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CC28423-465C-F4B9-9379-343DF715BE62}" = CCC Help Swedish
"{7E823DA5-43A2-46E8-A75E-5A2A0FDE81A1}" = VAIO Content Metadata Manager Setting
"{80828DF5-270E-F8E6-6274-55ACA4C7E229}" = Catalyst Control Center Localization Japanese
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84037798-D63A-F5CA-9FB2-829B362BF712}" = CCC Help Finnish
"{8470A1D9-536E-C7C1-AE2D-24B739B1665A}" = Catalyst Control Center Localization Russian
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{882683C6-8B60-5CBC-38A8-55ED185FD975}" = CCC Help Turkish
"{8843C5E1-51E5-DFA6-1AD8-757C8DCA7E37}" = CCC Help Russian
"{88C596E4-6882-8E76-EBEF-AB739F5A3B69}" = Catalyst Control Center Localization Italian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BD60AEF-3F9D-47AE-B80A-FB7FFCE335A0}" = VAIO Movie Story
"{8C467DE1-6E04-0888-B281-172909C96F37}" = Skins
"{8C7FB08D-7A84-22E0-F553-F6B827023E17}" = CCC Help Chinese Traditional
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{93F32124-BB54-C599-CF55-E1E57565BCE3}" = CCC Help Czech
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96C951BB-47C8-8497-78F0-7D8D328B58E3}" = Catalyst Control Center Localization Portuguese
"{96D0B6C6-5A72-4B47-8583-A87E55F5FE81}" =
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{98FC7A64-774B-49B5-B046-4B4EBC053FA9}" = VAIO MusicBox Sample Music
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{99D8CD4E-A5D2-A9DF-A152-B28EB5A71F85}" = Catalyst Control Center Localization German
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = SonicStage Mastering Studio Plugins
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A01E0232-CA9E-4FA2-BAA1-39358D753353}" = OpenOffice.org 3.1
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A552C4EA-D41E-4C61-A0FB-C0E05440F7D7}" = VAIO Entertainment Platform
"{A63E7492-A0BC-4BB9-89A7-352965222380}" = VAIO Original Function Setting
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = Setting Utility Series
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA75988E-9EC1-EECE-CE00-D5D935974528}" = CCC Help Dutch
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{ACB5FD4A-6C58-972C-180C-9677C037E71D}" = Catalyst Control Center Localization Chinese Standard
"{ADBDB038-FF77-C672-04A1-7A0E67E8C73C}" = Catalyst Control Center Core Implementation
"{ADECE95F-585D-8B33-BF50-53C2BDA1E241}" = Catalyst Control Center Localization Korean
"{AE0FBCB5-3193-4583-C6CB-AA96F307EA70}" = ccc-utility
"{AFF10119-F154-4888-77F3-B149DE987976}" = Catalyst Control Center Localization Polish
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B25563A0-41F4-4A81-A6C1-6DBC0911B1F3}" = VAIO Movie Story
"{B513C7B0-024A-498F-B0F5-00C67E2440A9}" = VAIO Content Metadata Intelligent Analyzing Manager
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7C03E84-AF46-42F4-809D-D4127D9086D0}" = VAIO Edit Components 6.4
"{BACD22AE-5B6B-4F23-B506-3FCFF13AC137}" = VAIO Media plus
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = VAIO Event Service
"{C767EE67-9AA4-1CBF-8FD4-87F52CBB041D}" = CCC Help Italian
"{C8E57F8C-64FE-28D7-0F65-7BE87AF49745}" = Catalyst Control Center Graphics Full New
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C93F4E7C-1B31-449B-A304-EF277CF55E39}" = Catalyst Control Center - Branding
"{CAE07D54-A400-DAF9-912B-306DD941B61C}" = Catalyst Control Center Localization Finnish
"{CB6CF566-E06F-2556-55EF-EE149FC6EE7F}" = CCC Help French
"{CB8A8696-93EC-414E-A752-850AB133F68A}" = VAIO Content Metadata XML Interface Library
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D035FBF6-FDEF-487D-89CA-6F9DD07B783F}" = Dolby Control Center
"{D355ECA7-DBF5-F22E-4E1A-BF69CFC5CED8}" = CCC Help Japanese
"{D44DF260-2D5A-3277-97D6-C97D1A806CF5}" = CCC Help Thai
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}" = VAIO Wallpaper Contents
"{D7019E24-BF07-3690-18C7-3D0DE87D09AB}" = CCC Help Chinese Standard
"{D7FFE7EB-1A15-864C-B335-E768BF623B84}" = Catalyst Control Center Localization Swedish
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE1F799A-0A02-FF3B-8786-195E91D0DE94}" = CCC Help Spanish
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E31010F6-DE18-0E9F-E028-FC709306C6F1}" = Catalyst Control Center Localization Turkish
"{E464702F-5433-46EC-8F65-159276C0A54F}" = WIDCOMM Bluetooth Software 6.2.0.4100
"{E5BD6683-301D-B224-FB7C-320299CD51F9}" = CCC Help Hungarian
"{E6A3770D-C87A-4505-B8C6-A4CF96AC395C}" = SonicStage Mastering Studio
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E9730C7A-E5DA-8222-45FE-2D71E810BE46}" = Catalyst Control Center Localization Spanish
"{EA39F1F5-D4A1-C02A-0865-7F6A95A33A56}" = CCC Help English
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = Benutzerdefinierte Voreinstellungen für SonicStage Mastering Studio Audio Filter
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE59BBF9-415C-45DB-8C4B-EE43CF635FEA}" = VAIO Content Metadata XML Interface Library
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1568757-E564-4cb5-8980-9333119A4384}" = F300
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F570A6CC-53ED-4AA9-8B08-551CD3E38D8B}" =
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FD72E69E-CF34-4071-BFD6-FD081A365E2C}" = VAIO Content Metadata Intelligent Analyzing Manager
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FE697886-F392-4E0D-A0C0-47587BF60992}" = VAIO Content Metadata Manager Setting
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.2.5 Standard
"Adobe Acrobat 8 Standard - English, Français, Deutsch_825" = Adobe Acrobat 8.2.5 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"AviSynth" = AviSynth 2.5
"BFG-Big Fish Games Spiel-Suite" = Big Fish Games Spiel-Suite
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"dt icon module" =
"DVD Decrypter" = DVD Decrypter (Remove Only)
"eMusic Download Manager" = eMusic Download Manager 4.1.4
"ERUNT_is1" = ERUNT 1.1j
"Google Desktop" = Google Desktop
"gtfirstboot Setting Request" =
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD BD for VAIO
"InstallShield_{4DCEA9C1-4D6E-41BF-A854-28CFA8B56DBF}" = Click to Disc Editor
"InstallShield_{C1083DBC-C541-4E8C-91EA-D92397AB9A2C}" = OpenMG Secure Module 5.1.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MarketingTools" = VAIO Marketing Tools
"MFU Module" =
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MSC" = McAfee Internet Security
"Picasa2" = Picasa 2
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"ProInst" = Intel PROSet Wireless
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"VAIO Help and Support" =
"Videora iPod touch Converter" = Videora iPod touch Converter 4.08
"WinRAR archiver" = Compresor WinRAR
"YouTube Downloader App" = YouTube Downloader App 1.03

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.7.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.03.2010 08:38:22 | Computer Name = LUIS-PC | Source = RasClient | ID = 20227
Description =

Error - 15.03.2010 18:01:55 | Computer Name = LUIS-PC | Source = EventSystem | ID = 4621
Description =

Error - 16.03.2010 00:55:14 | Computer Name = LUIS-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 16.03.2010 00:55:14 | Computer Name = LUIS-PC | Source = WinMgmt | ID = 10
Description =

Error - 16.03.2010 07:09:09 | Computer Name = LUIS-PC | Source = RasClient | ID = 20227
Description =

Error - 17.03.2010 01:12:10 | Computer Name = LUIS-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 17.03.2010 01:12:11 | Computer Name = LUIS-PC | Source = WinMgmt | ID = 10
Description =

Error - 17.03.2010 17:09:56 | Computer Name = LUIS-PC | Source = EventSystem | ID = 4621
Description =

Error - 18.03.2010 01:19:41 | Computer Name = LUIS-PC | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 18.03.2010 01:19:43 | Computer Name = LUIS-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 30.12.2010 04:20:27 | Computer Name = LUIS-PC | Source = HTTP | ID = 15016
Description =

Error - 30.12.2010 04:21:40 | Computer Name = LUIS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 02.01.2011 09:53:16 | Computer Name = LUIS-PC | Source = HTTP | ID = 15016
Description =

Error - 02.01.2011 09:53:55 | Computer Name = LUIS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 03.01.2011 09:47:10 | Computer Name = LUIS-PC | Source = HTTP | ID = 15016
Description =

Error - 03.01.2011 09:47:48 | Computer Name = LUIS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04.01.2011 00:37:17 | Computer Name = LUIS-PC | Source = HTTP | ID = 15016
Description =

Error - 04.01.2011 00:38:50 | Computer Name = LUIS-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 04.01.2011 14:25:52 | Computer Name = LUIS-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 04.01.2011 15:09:05 | Computer Name = LUIS-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

ken545
2011-01-04, 23:44
Still nothing bad on your system that I can see and Malwarebytes came back clean.

Scan With RootKitUnHooker


Please choose one link and download Rootkit Unhooker and save it to your desktop.
Link 1 (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE)
Link 2 (http://www.kernelmode.info/ARKs/RKUnhookerLE.zip)
Link 3 (http://www.kernelmode.info/ARKs/RkU3.8.388.590.rar)

Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.


Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Chicososo
2011-01-05, 20:43
Hi ken545.

Here it goes...


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6001 (Service Pack 1)
Number of processors #2
==============================================
>Drivers
==============================================
0x8F20E000 C:\Windows\system32\DRIVERS\atikmdag.sys 4640768 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82E06000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)
0x82E06000 PnpManager 3903488 bytes
0x82E06000 RAW 3903488 bytes
0x82E06000 WMIxWDM 3903488 bytes
0x8F808000 C:\Windows\system32\DRIVERS\NETw5v32.sys 3698688 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x9060C000 C:\Windows\system32\drivers\RTKVHDA.sys 2146304 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x9BA00000 Win32k 2109440 bytes
0x9BA00000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x8B000000 C:\Windows\System32\Drivers\Ntfs.sys 1110016 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x8AE00000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x90855000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x90E0B000 C:\Windows\System32\drivers\tcpip.sys 954368 bytes (Microsoft Corporation, TCP/IP Driver)
0x804C2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Codeintegritätsmodul)
0xA2808000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8EE00000 C:\Windows\System32\Drivers\dump_iaStor.sys 843776 bytes
0x8AC00000 C:\Windows\system32\DRIVERS\iaStor.sys 843776 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x90C09000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x81A04000 C:\Windows\system32\drivers\spsys.sys 716800 bytes (Microsoft Corporation, security processor)
0x8F67B000 C:\Windows\System32\drivers\dxgkrnl.sys 651264 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x9E8E0000 C:\Windows\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0x80608000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x8AD77000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x81B0A000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 393216 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8AD10000 C:\Windows\system32\drivers\mfehidk.sys 380928 bytes (McAfee, Inc., McAfee Link Driver)
0x9E87A000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)
0x8FB8F000 C:\Windows\system32\DRIVERS\yk60x86.sys 311296 bytes (Marvell, Miniport Driver for Marvell Yukon Ethernet Controller.)
0x9097C000 C:\Windows\system32\drivers\mfefirek.sys 307200 bytes (McAfee, Inc., McAfee Core Firewall Engine Driver)
0x8073A000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90D40000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x80691000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x80481000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8EF70000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8F744000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x90818000 C:\Windows\system32\DRIVERS\HSXHWAZL.sys 249856 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x90D9B000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8AF36000 C:\Windows\system32\drivers\NETIO.SYS 237568 bytes (Microsoft Corporation, Network I/O Subsystem)
0x9E801000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8B10F000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x8AFBF000 C:\Windows\system32\DRIVERS\usbhub.sys 212992 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x831BF000 ACPI_HAL 208896 bytes
0x831BF000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8ACCE000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x90F9A000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8EF42000 C:\Windows\system32\DRIVERS\msiscsi.sys 188416 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x807B6000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8EEE9000 C:\Windows\system32\DRIVERS\Apfiltr.sys 180224 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8AF0B000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8AF95000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x81AC3000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x9E852000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8B15F000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x90F28000 C:\Windows\system32\drivers\mfewfpk.sys 159744 bytes (McAfee, Inc., Anti-Virus Mini-Firewall Driver)
0x806E8000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0x805A2000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x90958000 C:\Windows\system32\drivers\mfeavfk.sys 147456 bytes (McAfee, Inc., Anti-Virus File System Filter Driver)
0x8EFD3000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x80794000 C:\Windows\system32\drivers\RtHDMIV.sys 139264 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0x8B197000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x90F65000 C:\Windows\System32\Drivers\usbvideo.sys 135168 bytes (Microsoft Corporation, USB Video Class Driver)
0x90CED000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x81BC2000 C:\Windows\system32\drivers\mrxdav.sys 131072 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x805C7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8EF24000 C:\Windows\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0x81B77000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x90EF4000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x807E3000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x8F7A2000 C:\Windows\system32\DRIVERS\rimsptsk.sys 106496 bytes (REDC, RICOH MS Driver)
0x81B94000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8F7E5000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9E83A000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90DD7000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8EFB1000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x90F0F000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA297E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xA295D000 C:\Windows\system32\drivers\mfeapfk.sys 90112 bytes (McAfee, Inc., Access Protection Filter Driver)
0x90FCC000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS-Paketplaner)
0x90F4F000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x81BAD000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8AF70000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0xA28FE000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x8B1DD000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x90F86000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8F7BC000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0x81AF7000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90D88000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F727000 C:\Windows\system32\DRIVERS\HDAudBus.sys 73728 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA2913000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x8B186000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x8ADE8000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80468000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x8F791000 C:\Windows\system32\DRIVERS\risdptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x8AD00000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x909C7000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x81AB3000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x80784000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8FBDB000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8AF85000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x8EF15000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x909EE000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8B150000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8070F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8B1CE000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8F782000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8072B000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8FBEB000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x9BC40000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90FE2000 C:\Windows\system32\DRIVERS\mfenlfk.sys 57344 bytes (McAfee, Inc., McAfee NDIS Light Filter Driver)
0x90FF0000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x90D29000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x909D7000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x90CBD000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modemgerätetreiber)
0x8B1F1000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8F71A000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x80684000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xA2951000 C:\Windows\system32\drivers\cfwids.sys 49152 bytes (McAfee, Inc., McAfee Personal Firewall IDS Plugin)
0xA28F2000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x90CE1000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8F7CF000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Tastaturklassentreiber)
0xA2973000 C:\Windows\system32\drivers\mfebopk.sys 45056 bytes (McAfee, Inc., Buffer Overflow Protection Driver)
0x8F7DA000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mausklassentreiber)
0x90D1E000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8EFC8000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8F200000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x8EED5000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8F739000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x80721000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x909E4000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8EFF6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x81AED000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90E00000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8AD6D000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xA28E8000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8B1B8000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x90CCA000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x90DEE000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xA29C9000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0x90D37000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9BC20000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8EEE0000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x806D7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x80479000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x80400000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x90C00000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0x806E0000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x90D0E000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90D16000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8B148000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA2925000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x90CDA000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x90DF7000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x90CD3000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8F800000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8FBFC000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x9E970000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x8071E000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0x8FBF9000 C:\Windows\system32\DRIVERS\SFEP.sys 12288 bytes (Sony Corporation, Sony Firmware Extension Parser driver)
0xA28E6000 C:\Windows\system32\drivers\regi.sys 8192 bytes (InterVideo, regi driver)
0x8F806000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x90F26000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x90E0A000 C:\Windows\system32\DRIVERS\DMICall.sys 4096 bytes (Sony Corporation, Windows 2000 DMI Call Kernel Driver)
==============================================
>Stealth
==============================================
0x01A30000 Hidden Image-->SPMgr.resources.dll [ EPROCESS 0xA3940AD8 ] PID: 1404, 28672 bytes
0x00820000 Hidden Image-->HammerProgram.dll [ EPROCESS 0xA3923020 ] PID: 4408, 36864 bytes
0x00A70000 Hidden Image-->SPMDrv.dll [ EPROCESS 0xA3940AD8 ] PID: 1404, 45056 bytes
0x00A20000 Hidden Image-->SPMDam.dll [ EPROCESS 0x9F6C4020 ] PID: 3364, 53248 bytes
0x00970000 Hidden Image-->SPMDam.dll [ EPROCESS 0xA3940AD8 ] PID: 1404, 53248 bytes
0x008B0000 Hidden Image-->SPMCommon.dll [ EPROCESS 0x9F6C4020 ] PID: 3364, 94208 bytes
0x00940000 Hidden Image-->SPMCommon.dll [ EPROCESS 0xA3940AD8 ] PID: 1404, 94208 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)

ken545
2011-01-05, 20:49
Lets run Combofix

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)


* IMPORTANT !!! Save ComboFix.exe to your Desktop


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
See this Link (http://www.bleepingcomputer.com/forums/topic114351.html) for programs that need to be disabled and instruction on how to disable them.
Remember to re-enable them when we're done.


Double click on ComboFix.exe & follow the prompts.


As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.


Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



http://img.photobucket.com/albums/v706/ried7/RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

Chicososo
2011-01-05, 23:50
Here it goes.

As you can see, the program produced the log in German language, i guess as a result of having my operative system in German. I'm pretty sure you know by memory the structure of the log, but in case you had any doubt regarding the German expressions, don't hesitate to ask for a translation.


ComboFix 11-01-05.01 - LUIS 05.01.2011 22:13:22.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.49.1031.18.3038.1650 [GMT 1:00]
ausgeführt von:: c:\users\LUIS\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((( Dateien erstellt von 2010-12-05 bis 2011-01-05 ))))))))))))))))))))))))))))))
.

2011-01-05 21:30 . 2011-01-05 21:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-30 00:00 . 2010-12-30 00:01 -------- d-----w- c:\program files\ERUNT
2010-12-16 04:50 . 2010-10-28 12:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-12-16 04:49 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-13 21:28 . 2010-09-29 04:48 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-10-13 21:28 . 2010-09-29 04:48 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-10-13 21:28 . 2010-09-29 04:48 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-13 21:28 . 2010-09-29 04:48 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-10-13 21:28 . 2010-09-29 04:48 64304 ----a-w- c:\windows\system32\drivers\mfenlfk.sys
2010-10-13 21:28 . 2010-09-29 04:48 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-10-13 21:28 . 2010-09-29 04:48 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-10-13 21:28 . 2010-09-29 04:48 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-13 21:28 . 2010-09-29 04:48 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-10-13 21:28 . 2010-09-29 04:48 164840 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2010-10-13 21:28 . 2010-09-29 04:48 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-08-23 14:36 . 2009-11-12 20:36 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2010-10-13 21:28 . 2010-09-29 04:48 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2008-07-30 262144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-21 39408]
"googletalk"="c:\users\LUIS\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6295552]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2008-02-23 122880]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2010-09-23 624056]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-03 317280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"MarketingTools"="c:\program files\Sony\Marketing Tools\MarketingTools.exe" [2008-08-24 24576]
"AML"="c:\program files\Sony\VAIO Launcher\AML.exe" [2008-06-13 1097728]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

c:\users\LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-1 768552]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
VPN Client.lnk - c:\windows\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico [2009-10-25 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-15 16:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-07-23 29736]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-23 30192]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-13 84264]
R3 SOHCImp;VAIO Media plus Content Importer;c:\program files\Sony\VAIO Media plus\SOHCImp.exe [2008-05-20 103712]
R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\Sony\VAIO Media plus\SOHDms.exe [2008-05-20 353568]
R3 SOHDs;VAIO Media plus Device Searcher;c:\program files\Sony\VAIO Media plus\SOHDs.exe [2008-05-20 62752]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2008-06-11 337184]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2008-06-11 83232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-10-13 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-10-13 164840]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-20 88176]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-13 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-13 141792]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2008-07-30 299008]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 11032]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [2008-07-18 104992]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2008-08-06 411488]
S2 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2008-06-20 415744]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-13 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-13 313288]
S3 NETw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-04-28 3658752]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2008-03-10 9344]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - NORMANDY
*Deregistered* - mfeavfk01
*Deregistered* - Normandy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:09]

2011-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 06:09]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.club-vaio.com
IE: An vorhandenes PDF anfügen - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Auswahl in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Auswahl in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: In Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {9A20C17C-5CE3-4B04-AF6E-0E5A675CBB35} = 62.109.123.7 213.191.92.86
FF - ProfilePath - c:\users\LUIS\AppData\Roaming\Mozilla\Firefox\Profiles\s4gvgt89.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Open IT Online: extension@openitonline.com - %profile%\extensions\extension@openitonline.com
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Answers: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} - %profile%\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
FF - Ext: Dictionary Switcher: dictionary-switcher@design-noir.de - %profile%\extensions\dictionary-switcher@design-noir.de
FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: German Dictionary: de-DE@dictionaries.addons.mozilla.org - %profile%\extensions\de-DE@dictionaries.addons.mozilla.org
FF - Ext: Diccionario de Español/España: es-es@dictionaries.addons.mozilla.org - %profile%\extensions\es-es@dictionaries.addons.mozilla.org
FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Delicious Bookmarks: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9} - %profile%\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-Lexmark X1100 Series - c:\program files\Lexmark X1100 Series\lxbkbmgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-05 22:30
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM5662\5&34892109&0&UID268435457\Device Parameters\MODES]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM5662\5&34892109&0&UID268435457\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\GSM5662\5&34892109&0&UID268435457\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\MS_0000\5&34892109&0&UID268435456\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\MS_0000\5&34892109&0&UID268435456\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
Zeit der Fertigstellung: 2011-01-05 22:33:32
ComboFix-quarantined-files.txt 2011-01-05 21:33

Vor Suchlauf: 10 Verzeichnis(se), 83.811.053.568 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 94.396.063.744 Bytes frei

- - End Of File - - EE3EF20749AB7E89AAC7F0B48AF98374

ken545
2011-01-06, 00:25
I read your log just fine. Your English appears to be fine also. Combofix did not remove anything really bad, no rootkit was found and I dont see anything else bad on the log.


Please download ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1) by Atribune to your desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.





Please run this free online virus scanner from ESET (http://www.eset.com/onlinescan/)

Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Chicososo
2011-01-06, 03:10
nothing found...

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=14c394931fc55e4ea30c9449733a1658
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-01-06 01:05:52
# local_time=2011-01-06 02:05:52 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5121 16777213 100 75 1699950 11445201 0 0
# compatibility_mode=5892 16776574 100 95 93385454 131801091 0 0
# compatibility_mode=8192 67108863 100 0 3839 3839 0 0
# scanned=187963
# found=0
# cleaned=0
# scan_time=7589

ken545
2011-01-06, 03:55
I think your ok, how are things running now ?

Chicososo
2011-01-07, 01:47
Hi ken545.

I was about to answer you this evening saying that everything seemed to be fine when my McAfee antivirus flag me and eliminate an unidentified trojan.

So I decided to run again Malwarebytes. A quick scan didn't find anything. Then I tried a full scan and found one file infected.

I copy below both the reports of Malwarebyte and the new OTL.txt log. No Extra.txt was generated this time, and I'm unable to find it since there is no OTL folder on my C:\ anymore.

By the way, after rebooting my system as demanded by Malwarebytes to complete the deletion of the "infected file", ComboFix seems to be disappeared. The ComboFix folder in C:\ appears to be empty.

suggestions?

-----------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5471

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18999

06.01.2011 22:26:38
mbam-log-2011-01-06 (22-26-38).txt

Scan type: Full scan (C:\|)
Objects scanned: 324496
Time elapsed: 2 hour(s), 21 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\WinRar\KeyGen.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.

-----------------------------------------------------------------------

OTL.Txt log


OTL logfile created on: 07.01.2011 00:15:22 - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\LUIS\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 64,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,87 Gb Total Space | 89,46 Gb Free Space | 31,18% Space Free | Partition Type: NTFS

Computer Name: LUIS-PC | User Name: LUIS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\LUIS\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\NSUService.exe (Sony Corporation)
PRC - C:\Programme\Sony\Network Utility\LANUtil.exe (Sony Corporation)
PRC - C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Event Service\VESMgrSub.exe (Sony Corporation)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
PRC - C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
PRC - C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
PRC - C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Apoint\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Users\LUIS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)


========== Modules (SafeList) ==========

MOD - C:\Users\LUIS\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (VAIO Power Management) -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe (Sony Corporation)
SRV - (NSUService) -- C:\Program Files\Sony\Network Utility\NSUService.exe (Sony Corporation)
SRV - (RtkAudioService) -- C:\Windows\RTKAUDIOSERVICE.EXE (Realtek Semiconductor)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VCFw) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VcmIAlzMgr) -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe (Sony Corporation)
SRV - (VcmXmlIfHelper) -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (SOHDms) -- C:\Program Files\Sony\VAIO Media plus\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Program Files\Sony\VAIO Media plus\SOHDs.exe (Sony Corporation)
SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)
SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (IviRegMgr) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- C:\Windows\System32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\LUIS\AppData\Local\Temp\catchme.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwl2cap) -- C:\Windows\System32\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (DMICall) -- C:\Windows\System32\drivers\DMICall.sys (Sony Corporation)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (risdptsk) -- C:\Windows\System32\drivers\risdptsk.sys (REDC)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (SFEP) -- C:\Windows\System32\drivers\SFEP.sys (Sony Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010.11.06 16:06:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010.11.06 16:06:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.12.14 17:27:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.12 15:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 15:18:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.17 07:47:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.11.06 16:06:05 | 000,000,000 | ---D | M]

[2008.11.16 11:07:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Extensions
[2011.01.06 10:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions
[2010.06.03 14:55:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.10.13 12:58:36 | 000,000,000 | ---D | M] ("Delicious Bookmarks") -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010.03.12 06:56:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.12.12 09:32:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.11.07 21:19:41 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010.02.12 15:40:08 | 000,000,000 | ---D | M] (Answers) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2008.12.02 07:38:31 | 000,000,000 | ---D | M] (Wizz RSS News Reader) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{D5EDC062-A372-4936-B782-BD611DD18D86}
[2010.01.22 18:20:15 | 000,000,000 | ---D | M] (Clipmarks) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2010.12.12 09:32:36 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.01.22 18:20:17 | 000,000,000 | ---D | M] (Dictionary Switcher) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\dictionary-switcher@design-noir.de
[2010.12.12 09:32:29 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2010.10.13 12:58:36 | 000,000,000 | ---D | M] (Diccionario de Español/España) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\es-es@dictionaries.addons.mozilla.org
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (Open IT Online) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\chrome
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\components
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\defaults
[2010.11.02 06:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LUIS\AppData\Roaming\mozilla\Firefox\Profiles\s4gvgt89.default\extensions\extension@openitonline.com\META-INF
[2010.12.08 13:45:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.07 06:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.06 05:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.08 13:45:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008.12.25 14:41:12 | 000,000,000 | ---D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2008.12.25 14:41:12 | 000,000,000 | ---D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2008.12.25 14:41:12 | 000,000,000 | ---D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2010.10.13 22:28:54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.10.22 05:00:16 | 000,003,996 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\drae.xml
[2010.10.22 05:00:17 | 000,000,751 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-es.xml
[2010.10.22 05:00:17 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-es.xml
[2010.10.22 05:00:17 | 000,001,102 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2011.01.05 22:30:05 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20101112075510.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Google BAE\BAE.dll (Your Company Name)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AML] C:\Program Files\Sony\VAIO Launcher\AML.exe (Sony)
O4 - HKLM..\Run: [Apoint] C:\Programme\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Programme\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [googletalk] C:\Users\LUIS\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [NSUFloatingUI] C:\Program Files\Sony\Network Utility\LANUtil.exe (Sony Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.01.06 22:30:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011.01.06 10:40:44 | 000,000,000 | ---D | C] -- C:\Users\LUIS\AppData\Local\Adobe
[2011.01.05 23:55:24 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011.01.05 23:38:39 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\LUIS\Desktop\ATF-Cleaner.exe
[2011.01.05 22:41:09 | 000,000,000 | ---D | C] -- C:\Users\LUIS\Desktop\ComboFix logs
[2011.01.05 22:33:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.01.05 22:08:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.01.05 22:08:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.01.05 22:08:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.01.05 22:08:41 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.01.05 22:06:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.01.05 22:06:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.01.05 19:38:57 | 000,000,000 | ---D | C] -- C:\Users\LUIS\Desktop\Rootkit Unhooker reports
[2011.01.05 09:15:59 | 000,000,000 | ---D | C] -- C:\Users\LUIS\Desktop\Numan - Numan Vol.1 (Free Download)
[2011.01.05 07:40:01 | 000,000,000 | ---D | C] -- C:\Users\LUIS\Desktop\__MACOSX
[2011.01.04 22:26:46 | 000,000,000 | ---D | C] -- C:\Users\LUIS\Desktop\dds logs
[2011.01.04 22:26:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\LUIS\Desktop\OTL.exe
[2011.01.04 21:45:53 | 000,000,000 | ---D | C] -- C:\Users\LUIS\Desktop\OTL logs
[2011.01.04 21:45:37 | 000,000,000 | ---D | C] -- C:\Users\LUIS\Desktop\Malware logs
[2011.01.04 20:47:23 | 000,000,000 | ---D | C] -- C:\Users\LUIS\AppData\Roaming\Malwarebytes
[2011.01.04 20:47:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.01.04 20:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.01.04 20:47:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.01.04 20:47:03 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.12.30 01:02:29 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.30 01:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2010.12.30 01:00:51 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.12.16 05:51:26 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.16 05:51:20 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.16 05:51:20 | 000,345,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.16 05:51:20 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.16 05:51:16 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.16 05:51:13 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.16 05:51:13 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.16 05:51:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.16 05:51:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.16 05:51:04 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.16 05:51:03 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.16 05:51:03 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.16 05:51:03 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.16 05:51:03 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.16 05:51:02 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.16 05:51:02 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.16 05:51:02 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.16 05:51:02 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.16 05:51:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.16 05:51:02 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.16 05:51:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.16 05:51:02 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.16 05:51:02 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.16 05:51:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.16 05:51:02 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.16 05:50:55 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.08 13:45:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.08 13:45:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.08 13:45:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.01.07 00:07:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.01.06 23:35:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.01.06 22:35:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.01.06 22:29:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.01.06 22:29:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.01.06 22:29:18 | 3184,603,136 | -HS- | M] () -- C:\hiberfil.sys
[2011.01.06 22:28:23 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.01.06 18:09:28 | 000,037,233 | ---- | M] () -- C:\Users\LUIS\Desktop\MEDIAS_2_010111.ods
[2011.01.06 18:09:26 | 000,046,490 | ---- | M] () -- C:\Users\LUIS\Desktop\PROPUESTAS_9_010111.ods
[2011.01.06 15:49:45 | 000,034,054 | ---- | M] () -- C:\Users\LUIS\Desktop\DocumentoEnBlanco.odt
[2011.01.06 12:08:59 | 000,026,906 | ---- | M] () -- C:\Users\LUIS\Desktop\Balago_PGM.odt
[2011.01.05 23:38:41 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\LUIS\Desktop\ATF-Cleaner.exe
[2011.01.05 22:30:05 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.01.05 19:25:28 | 000,033,841 | ---- | M] () -- C:\Users\LUIS\Desktop\TwinShadow.odt
[2011.01.04 21:30:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\LUIS\Desktop\OTL.exe
[2011.01.04 20:47:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.03 21:08:30 | 000,013,312 | ---- | M] () -- C:\Users\LUIS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.03 21:07:50 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.01.03 21:07:50 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.01.03 21:07:50 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.01.03 21:07:50 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.30 01:03:25 | 000,624,128 | ---- | M] () -- C:\Users\LUIS\Desktop\dds.scr
[2010.12.30 01:01:29 | 000,000,913 | ---- | M] () -- C:\Users\LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.12.30 01:00:52 | 000,000,714 | ---- | M] () -- C:\Users\LUIS\Desktop\ERUNT.lnk
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.20 08:52:18 | 000,345,456 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.01.06 11:59:28 | 000,026,906 | ---- | C] () -- C:\Users\LUIS\Desktop\Balago_PGM.odt
[2011.01.05 22:08:49 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.01.05 22:08:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.01.05 22:08:49 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.01.05 22:08:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.01.05 22:08:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.01.05 19:32:24 | 000,133,632 | ---- | C] () -- C:\Users\LUIS\Desktop\RKUnhookerLE.EXE
[2011.01.05 19:25:27 | 000,033,841 | ---- | C] () -- C:\Users\LUIS\Desktop\TwinShadow.odt
[2011.01.04 20:47:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.01.04 05:44:16 | 000,046,490 | ---- | C] () -- C:\Users\LUIS\Desktop\PROPUESTAS_9_010111.ods
[2011.01.04 05:44:06 | 000,037,233 | ---- | C] () -- C:\Users\LUIS\Desktop\MEDIAS_2_010111.ods
[2010.12.30 01:03:21 | 000,624,128 | ---- | C] () -- C:\Users\LUIS\Desktop\dds.scr
[2010.12.30 01:01:29 | 000,000,913 | ---- | C] () -- C:\Users\LUIS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.12.30 01:00:52 | 000,000,714 | ---- | C] () -- C:\Users\LUIS\Desktop\ERUNT.lnk
[2009.06.14 09:23:36 | 000,000,097 | ---- | C] () -- C:\Windows\RENT2008.INI
[2009.05.14 22:22:08 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.04.05 12:26:44 | 000,001,184 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.11.22 16:52:48 | 000,013,312 | ---- | C] () -- C:\Users\LUIS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.16 18:28:33 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.11.15 23:15:40 | 000,002,032 | ---- | C] () -- C:\Users\LUIS\AppData\Local\d3d9caps.dat
[2008.08.29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008.08.24 10:09:45 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2008.08.24 10:01:52 | 000,344,064 | ---- | C] () -- C:\Windows\System32\SSMSIppCustom.dll
[2008.08.24 09:31:26 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.08.11 19:55:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.09.12 00:57:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003.08.18 15:46:38 | 000,077,824 | ---- | C] () -- C:\Windows\System32\LXBKLCNP.DLL
[2002.11.13 20:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxbkvs.dll
[2002.09.13 16:40:06 | 000,000,266 | ---- | C] () -- C:\Windows\System32\lxbkcoin.ini
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2008.12.25 14:41:14 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\eMusic
[2009.09.23 17:48:57 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Image Zone Express
[2008.11.16 21:30:39 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\InterVideo
[2008.11.16 18:48:02 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\OpenOffice.org
[2009.06.15 17:37:11 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Printer Info Cache
[2009.08.22 08:59:53 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Red Kawa
[2008.11.16 12:59:27 | 000,000,000 | ---D | M] -- C:\Users\LUIS\AppData\Roaming\Thunderbird
[2011.01.06 22:28:26 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

ken545
2011-01-07, 02:31
Hi,

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)


:Services

:Reg

:Files
c:\program files\WinRar\KeyGen.exe


:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces

Chicososo
2011-01-07, 18:17
ran the OTL. rebooted. here is the log.

what can you see?

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder c:\program files\WinRar\KeyGen.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 198 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LUIS
->Temp folder emptied: 1145212 bytes
->Temporary Internet Files folder emptied: 64565232 bytes
->Java cache emptied: 59051376 bytes
->FireFox cache emptied: 107476485 bytes
->Flash cache emptied: 708657 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 675840 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 621697 bytes
RecycleBin emptied: 321580 bytes

Total Files Cleaned = 224,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.20.1 log created on 01072011_165439

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_k1ZYEfzvW7epaZg not found!

Registry entries deleted on Reboot...

ken545
2011-01-07, 18:32
OTL could not find that file, it may have been removed


Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:


:filefind
KeyGen.exe


Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Chicososo
2011-01-07, 18:47
SystemLook 04.09.10 by jpshortstuff
Log created at 17:44 on 07/01/2011 by LUIS
Administrator - Elevation successful

========== filefind ==========

Searching for "KeyGen.exe"
No files found.

-= EOF =-

ken545
2011-01-07, 19:56
Looks like its gone

Chicososo
2011-01-09, 23:30
Hi ken545.

I haven't felt any strange symptoms in this last two days, and neither my McAfee antivirus, nor Walwarebytes or ESET online scanner have flag me anything as a threat. So I guess is gone.

Any advice regarding the uninstalling of the tools we have been using?

ken545
2011-01-09, 23:52
Great. :bigthumb:

Open OTL and click on Cleanup and it will remove the tools we used to clean your system along with there backups


What I would like you to do is post back in a few days and let me know how your doing if still problems we can dig deeper if need be.



How did I get infected in the first place ?
Read these links and find out how to prevent getting infected again.
Tutorial for System Restore (http://www.bleepingcomputer.com/tutorials/tutorial56.html) <-- Do this first to prevent yourself from being reinfected.
WhattheTech (http://forums.whatthetech.com/So_how_did_I_get_infected_in_the_first_place_t57817.html)
Grinler BleepingComputer (http://www.bleepingcomputer.com/forums/topic2520.html)
GeeksTo Go (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Dslreports (http://www.dslreports.com/faq/10002)




Safe Surfn
Ken

ken545
2011-01-11, 11:26
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.