[Virus] Is the computer still infected?

Author	All Replies
veryfat join:2013-01-17 BR1 3EW	[Virus] Is the computer still infected? Hello, A few days ago the computer started to exhibit a hanging of IE when a second IE window was opened. did not open the Task Manager window and the only way forward seemed to be to click the Start button and Turn Off the computer. The computer restarted ok, but the same problem happened. I suspected an infection and scanned the computer with the resident Panda Security program, but nothing showed. Then a day or so later I noticed that Panda did not load on start-up. I was very convinced, now, there was a big problem. I attempted an online scan, but IE said that it was unable to load ANY webpage that was an online scan page; any other type of page was opening (eg BBC or Yahoo or Google). Being not sure where to go from there I turned off the computer and pondered. Restarted the computer and rolled a ciggie and something happened that confirmed the problem and gave me a way forward; a window opened automatically asking me to donate to a cute puppy (sorry but I can not remember the actual words). Using this cute puppy heading I searched Google on my other computer and did not find anything worthwhile. I did find a mention of how to get the Task Manager using and this worked. I looked at what processes were working and stopped a few I did not recognise, but to no avail. One of the Google listings was for this Group or Forum and on looking at this website I felt that someone might be able to help. So I started following the Mandatory Steps and whilst doing this, the infected computer became "better"; Panda was now loading on startup and no signs of IE hanging on opening of a second window. However was still not working and any attempt to use an online scan failed. So, I felt that the computer was still infected. Hence I completed the Mandatory Steps and would be obliged if someone could confirm if my suspicions are correct. Regards.
	to forum · permalink · 2013-01-17 20:31:13 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2012.12.14.11 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: COMPAQ-D510-SFF [administrator] 1/16/2013 3:34:06 PM MBAM-log-2013-01-16 (15-46-55).txt Scan type: Quick scan Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 202146 Time elapsed: 11 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 20 HKLM\SYSTEM\CurrentControlSet\Services\VideoDownloadConverter_4zService (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{312f84fb-8970-4fd3-bddb-7012eac4afc9} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VideoDownloadConverter_4zbar Uninstall (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{93a3111f-4f74-4ed8-895e-d9708497629e} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{93A3111F-4F74-4ED8-895E-D9708497629E} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{c547c6c2-561b-4169-a2a5-20ba771ca93b} (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken. HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken. HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken. HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> No action taken. HKLM\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> No action taken. Registry Values Detected: 5 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|VideoDownloadConverter_4z Browser Plugin Loader (PUP.MyWebSearch) -> Data: C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zbrmon.exe -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|VideoDownloadConverter Search Scope Monitor (PUP.MyWebSearch) -> Data: "C:\PROGRA~1\VIDEOD~2\bar\1.bin\4zsrchmn.exe" /m=2 /w /h -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\|AyiBhobs (Trojan.Lebag) -> Data: C:\Documents and Settings\Administrator\Local Settings\Application Data\rstoworc\ayibhobs.exe -> No action taken. HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\|{93A3111F-4F74-4ED8-895E-D9708497629E} (PUP.MyWebSearch) -> Data: -> No action taken. HKLM\SOFTWARE\Mozilla\Firefox\extensions\|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files\ClickPotatoLite\bin\10.0.628.0\firefox\extensions -> No action taken. Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center\|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center\|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center\|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 1 C:\Documents and Settings\Administrator\Application Data\SwvUpdater (PUP.Software.Updater) -> No action taken. Files Detected: 16 C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbrmon.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrchMn.exe (PUP.MyWebSearch) -> No action taken. c:\documents and settings\administrator\local settings\application data\rstoworc\ayibhobs.exe (Trojan.Lebag) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbarsvc.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zSrcAs.dll (PUP.MyWebSearch) -> No action taken. C:\Documents and Settings\Administrator\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken. c:\documents and settings\administrator\start menu\programs\startup\ayibhobs.exe (Trojan.Lebag) -> No action taken. c:\documents and settings\administrator\local settings\temp\ayibhobs.exe (Trojan.Lebag) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Temp\regyjqac.exe (Trojan.Lebag) -> No action taken. C:\Documents and Settings\Administrator\Local Settings\Temp\is-HEOD8.tmp$$.exe (Spyware.Banker.Gen) -> No action taken. C:\Documents and Settings\Administrator\5463267.exe (Trojan.Lebag) -> No action taken. C:\Documents and Settings\Administrator\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> No action taken. C:\Documents and Settings\Administrator\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> No action taken. C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken. (end) Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.14.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: COMPAQ-D510-SFF [administrator] 1/16/2013 4:00:45 PM MBAM-log-2013-01-16 (17-47-14).txt Scan type: Full scan (C:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 288741 Time elapsed: 1 hour(s), 37 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 53 HKCR\CLSID\{99e1f6fd-2e94-4cf6-8344-1ba63cd3bd9b} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{fb0e8a09-f08c-44cf-9e15-97adac016248} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{17B10E59-09E1-4C39-A738-6774D7AB7778} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.XMLSessionPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.XMLSessionPlugin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{99E1F6FD-2E94-4CF6-8344-1BA63CD3BD9B} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{dd385519-22e7-4be2-8a8d-35c66df4858e} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{ca723163-6fad-43d4-8b93-0d8c52bd9974} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{7FC87AC5-FA93-476E-A32C-A941229DED0B} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{69407823-3494-4400-8d49-612549e8f4ee} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{886f93ad-3cbb-4424-8442-a7340243540f} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{716E443D-7CAA-44F1-866B-F45D00E712CC} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{6bff4bcb-7a73-45a7-ac4c-389a34e1d1ef} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.DynamicBarButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.DynamicBarButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{8fca5302-6d6d-4645-bf99-d43cf76ce474} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{aa289dbc-59b6-40a5-ac7d-c90df850289c} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{1AD2049E-E483-4425-8555-8E0775ACB631} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.FeedManager.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.FeedManager (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{2a1260c1-2964-453f-b0ba-fa429472eb5f} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{2d3826a1-f3e8-45d6-94b5-c26d8ec0073b} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{47700C35-9E3E-4DAD-934C-0CE28A87237C} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{4128c64d-f0dd-4811-9405-d22294e8151f} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.MultipleButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.MultipleButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{3b41be90-f731-4137-aff3-2ca951e7f0d9} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.Radio.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.Radio (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{363d5c92-10dc-4287-93e5-1832eecc48ec} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.ScriptButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.ScriptButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{1f6f39c1-00a8-4752-a94c-d0ea92d978b6} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{fe8dbb09-c3d3-4477-80cb-d38914b94bb8} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{3E9469AF-E866-4476-B767-810630F1F6E7} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.PseudoTransparentPlugin (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1F6F39C1-00A8-4752-A94C-D0EA92D978B6} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{ed345812-2722-4dca-9976-d01832db44ee} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{f1f328eb-f5a5-432b-a54c-05f3ef5b0bd8} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{72063D77-7590-4DA9-A7F8-F5ECAF3632C4} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.ThirdPartyInstaller (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{ED345812-2722-4DCA-9976-D01832DB44EE} (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{66292684-b2c2-4c7c-b3d2-bf446e30744c} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.UrlAlertButton.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.UrlAlertButton (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{5354d921-3f52-47c5-938d-77a2fb6defe7} (PUP.MyWebSearch) -> No action taken. HKCR\TypeLib\{3ee17dd1-e28b-4aed-a3b2-9c29cb2c19d6} (PUP.MyWebSearch) -> No action taken. HKCR\Interface\{2D73F2D0-2FAB-458E-977D-2F9050E0ED60} (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.HTMLPanel.1 (PUP.MyWebSearch) -> No action taken. HKCR\VideoDownloadConverter_4z.HTMLPanel (PUP.MyWebSearch) -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5354D921-3F52-47C5-938D-77A2FB6DEFE7} (PUP.MyWebSearch) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKLM\SOFTWARE\Microsoft\Security Center\|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center\|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. HKLM\SOFTWARE\Microsoft\Security Center\|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken. Folders Detected: 0 (No malicious items detected) Files Detected: 42 C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmsg.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zauxstb.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdatact.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdlghk.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zdyn.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zfeedmg.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhighin.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhkstub.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zhttpct.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zidle.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zieovr.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zimpipe.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmedint.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zmlbtn.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zradio.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zreghk.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zregiet.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zscript.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskin.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zskplay.exe (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4ztpinst.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zuabtn.dll (PUP.MyWebSearch) -> No action taken. C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\T8HTML.DLL (PUP.MyWebSearch) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP70\A0578020.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP70\A0578031.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP71\A0578568.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP72\A0578641.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP72\A0578611.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP72\A0578621.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP72\A0578657.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP72\A0578682.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578696.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578700.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578705.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578740.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578751.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578762.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578776.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578783.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP73\A0578794.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP74\A0578989.exe (Trojan.Lebag) -> No action taken. C:\System Volume Information\_restore{174671F0-3F15-4EFE-9321-389BB4BDACE5}\RP74\A0578979.exe (Trojan.Lebag) -> No action taken. (end) -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-18 17:22:41 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	reply to veryfat OTL logfile created on: 1/17/2013 10:14:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 503.48 Mb Total Physical Memory \| 266.95 Mb Available Physical Memory \| 53.02% Memory free 1.20 Gb Paging File \| 0.88 Gb Available in Paging File \| 73.14% Paging File free Paging file location(s): c:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 38.15 Gb Total Space \| 16.57 Gb Free Space \| 43.44% Space Free \| Partition Type: NTFS Computer Name: COMPAQ-D510-SFF \| User Name: Administrator \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2013/01/16 14:33:22 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe PRC - [2012/12/13 14:26:20 \| 003,290,896 \| ---- \| M] (Skype Technologies S.A.) -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe PRC - [2012/11/16 11:52:51 \| 000,156,960 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe PRC - [2011/06/13 22:09:22 \| 000,267,568 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe PRC - [2011/04/13 17:06:56 \| 001,000,768 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe PRC - [2010/08/16 14:54:46 \| 000,028,992 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe PRC - [2010/04/22 18:29:12 \| 000,107,776 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\WebProxy.exe PRC - [2010/02/23 12:09:34 \| 000,111,872 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe PRC - [2009/11/26 17:03:56 \| 000,226,560 \| ---- \| M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe PRC - [2009/08/10 14:46:08 \| 000,173,312 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe PRC - [2009/03/14 18:05:49 \| 000,198,160 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008/06/27 13:23:00 \| 000,091,392 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\SrvLoad.exe PRC - [2008/04/14 00:12:19 \| 001,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/02/27 17:56:54 \| 003,072,184 \| ---- \| M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe PRC - [2008/02/04 17:26:48 \| 000,062,768 \| ---- \| M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe PRC - [2004/12/14 18:19:44 \| 000,221,184 \| ---- \| M] (Labtec Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE PRC - [2003/05/27 03:08:00 \| 000,099,840 \| ---- \| M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S10IC2.EXE [color=#E56717]========== Modules (No Company Name) ==========[/color] MOD - [2007/02/14 13:55:12 \| 000,165,424 \| ---- \| M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\MiniCrypto.dll MOD - [2007/02/14 13:55:12 \| 000,099,888 \| ---- \| M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\APIcr.dll MOD - [2004/05/19 11:33:12 \| 000,507,904 \| ---- \| M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\LIBXML2.DLL [color=#E56717]========== Services (SafeList) ==========[/color] SRV - [2013/01/08 23:56:53 \| 000,251,400 \| ---- \| M] (Adobe Systems Incorporated) [On_Demand \| Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/12/13 14:26:20 \| 003,290,896 \| ---- \| M] (Skype Technologies S.A.) [Auto \| Running] -- C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service) SRV - [2012/11/16 11:52:51 \| 000,156,960 \| ---- \| M] (Panda Security, S.L.) [Auto \| Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe -- (TPSrv) SRV - [2012/11/09 11:21:24 \| 000,160,944 \| R--- \| M] (Skype Technologies) [Auto \| Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011/06/13 22:09:22 \| 000,267,568 \| ---- \| M] (Microsoft Corporation) [On_Demand \| Running] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc) SRV - [2010/08/16 14:54:46 \| 000,028,992 \| ---- \| M] (Panda Security, S.L.) [Auto \| Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe -- (PskSvcRetail) SRV - [2009/11/26 17:03:56 \| 000,226,560 \| ---- \| M] (Panda Security International) [Auto \| Running] -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe -- (PSHost) SRV - [2009/08/10 14:46:08 \| 000,173,312 \| ---- \| M] (Panda Security, S.L.) [Auto \| Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe -- (Panda Software Controller) SRV - [2008/02/27 17:56:54 \| 003,072,184 \| ---- \| M] (Kontiki Inc.) [Auto \| Running] -- C:\Program Files\Kontiki\KService.exe -- (KService) SRV - [2008/02/04 17:26:48 \| 000,062,768 \| ---- \| M] (Panda Security, S.L.) [Auto \| Running] -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (WDICA) DRV - File not found [Kernel \| System \| Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG) DRV - File not found [Kernel \| System \| Stopped] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDRELI) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDFRAME) DRV - File not found [Kernel \| On_Demand \| Stopped] -- -- (PDCOMP) DRV - File not found [Kernel \| System \| Stopped] -- -- (PCIDump) DRV - File not found [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\PavTPK.sys -- (PavTPK.sys) DRV - File not found [Kernel \| System \| Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel \| System \| Stopped] -- -- (i2omgmt) DRV - File not found [Kernel \| System \| Stopped] -- -- (Changer) DRV - [2013/01/17 22:06:29 \| 000,013,880 \| ---- \| M] () [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr) DRV - [2012/10/26 09:41:25 \| 000,272,216 \| ---- \| M] () [Kernel \| System \| Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys -- (RapportCerberus_43926) DRV - [2012/07/29 20:52:38 \| 000,065,848 \| ---- \| M] (Trusteer Ltd.) [Kernel \| Boot \| Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL) DRV - [2012/05/30 14:17:54 \| 000,021,520 \| ---- \| M] (Trusteer Ltd.) [Kernel \| On_Demand \| Stopped] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso) DRV - [2011/06/26 00:56:44 \| 000,028,256 \| ---- \| M] (Applian Technologies Inc.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliandMP) DRV - [2011/06/26 00:56:44 \| 000,028,256 \| ---- \| M] (Applian Technologies Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\appliand.sys -- (appliand) DRV - [2011/02/21 14:38:32 \| 000,037,448 \| ---- \| M] (Panda Security, S.L.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv) DRV - [2011/01/31 16:41:28 \| 000,083,528 \| ---- \| M] (Panda Security, S.L.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT) DRV - [2010/09/09 16:23:00 \| 000,193,864 \| ---- \| M] (Panda Security, S.L.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT) DRV - [2010/09/01 11:09:14 \| 000,201,032 \| ---- \| M] (Panda Security, S.L.) [Kernel \| On_Demand \| Running] -- C:\WINDOWS\system32\drivers\neti1644.sys -- (NETIMFLT01060044) DRV - [2010/06/22 18:13:00 \| 000,026,696 \| ---- \| M] (Panda Security, S.L.) [File_System \| Boot \| Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2010/05/21 13:50:26 \| 000,059,080 \| ---- \| M] (Panda Security, S.L.) [File_System \| Auto \| Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM) DRV - [2010/05/06 17:11:58 \| 000,163,848 \| ---- \| M] (Panda Security, S.L.) [Kernel \| Auto \| Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc) DRV - [2010/02/26 10:09:48 \| 000,390,528 \| ---- \| M] (Trusteer Ltd.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\RapportBuka.sys -- (RapportBuka) DRV - [2009/09/25 14:54:08 \| 000,046,856 \| ---- \| M] (Panda Security, S.L.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT) DRV - [2009/09/25 14:54:06 \| 000,159,112 \| ---- \| M] (Panda Security, S.L.) [TDI Layer] [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI) DRV - [2009/09/25 14:54:04 \| 000,022,024 \| ---- \| M] (Panda Security, S.L.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON) DRV - [2009/09/25 14:54:02 \| 000,053,256 \| ---- \| M] (Panda Security, S.L.) [Kernel \| System \| Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT) DRV - [2009/03/25 15:48:00 \| 000,114,728 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\s1018mdm.sys -- (s1018mdm) DRV - [2009/03/25 15:48:00 \| 000,109,864 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\s1018unic.sys -- (s1018unic) DRV - [2009/03/25 15:48:00 \| 000,106,208 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\s1018mgmt.sys -- (s1018mgmt) DRV - [2009/03/25 15:48:00 \| 000,104,744 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\s1018obex.sys -- (s1018obex) DRV - [2009/03/25 15:48:00 \| 000,086,824 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\s1018bus.sys -- (s1018bus) DRV - [2009/03/25 15:48:00 \| 000,026,024 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\s1018nd5.sys -- (s1018nd5) DRV - [2009/03/25 15:48:00 \| 000,015,016 \| ---- \| M] (MCCI Corporation) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\s1018mdfl.sys -- (s1018mdfl) DRV - [2004/10/11 17:22:02 \| 000,211,712 \| R--- \| M] (Labtec Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) DRV - [2004/10/08 01:16:04 \| 000,035,840 \| ---- \| M] (Oak Technology Inc.) [Kernel \| System \| Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2002/12/10 17:53:24 \| 000,236,121 \| ---- \| M] (Logitech Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) DRV - [2002/12/10 17:51:40 \| 000,012,112 \| ---- \| M] (Logitech Inc.) [Kernel \| On_Demand \| Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »search.live.com/results.aspx?q={···source?} IE - HKLM\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = »search.mywebsearch.com/mywebsear···chTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »www.bbc.co.uk/ IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {5AC8668E-4988-41DC-89AA-F8F0007E914E} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = »www.bing.com/search?q={searchTer···M=IE8SRC IE - HKCU\..\SearchScopes\{320A37BD-AC5C-4C92-B5D6-9F0A5362A092}: "URL" = »www.mysearchresults.com/search?&···chTerms} IE - HKCU\..\SearchScopes\{5AC8668E-4988-41DC-89AA-F8F0007E914E}: "URL" = »www.google.com/search?q={searchT···artPage} IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = »www.ask.com/web?q={SEARCHTERMS}&···US&ver=4 IE - HKCU\..\SearchScopes\{cf6e4b1c-dbde-457e-9cef-ab8ecac8a5e8}: "URL" = »search.mywebsearch.com/mywebsear···chTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media ) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) [2009/03/05 17:56:52 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions [2009/03/05 17:56:52 \| 000,000,000 \| ---D \| M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org O1 HOSTS File: ([2004/08/04 12:00:00 \| 000,000,734 \| ---- \| M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock) O3 - HKLM\..\Toolbar: (VideoDownloadConverter) - {48586425-6bb7-4f51-8dc6-38c88e3ebb58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (VideoDownloadConverter) - {48586425-6BB7-4F51-8DC6-38C88E3EBB58} - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\4zbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.) O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [AyiBhobs] C:\Documents and Settings\Administrator\Local Settings\Application Data\rstoworc\ayibhobs.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: &Search - »tbedits.videodownloadconverter.c···305&cv=2 File not found O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} »www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} »download.macromedia.com/pub/shoc···r/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} »download.microsoft.com/download/···trol.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} »quickscan.bitdefender.com/qsax/qsax.cab (Bitdefender QuickScan Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} »fpdownload.macromedia.com/get/fl···shim.cab (Reg Error: Key error.) O16 - DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} »rsdownload.rising.com.cn/rs2010/···lctl.cab (Rising Online Antivirus scanner control) O16 - DPF: {BA3ED5CB-4935-4B1C-A418-AC9CCE2275C1} »hglobal.globalhauri.com/HProduct···2Pre.cab (HLcs2Pre Control) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} »yahoouk.oberon-media.com/Gameshe···Host.cab (Oberon Flash Game Host) O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} »81.174.229.186/activex/AMC.cab (AxisMediaControlEmb Class) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} »l.yimg.com/jh/games/web_games/po···r_v6.cab (PopCapLoader Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} »platformdl.adobe.com/NOS/getPlus···6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{224E3742-D1F3-4243-9C4C-690030D46D69}: DhcpNameServer = 194.168.4.100 194.168.8.100 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (c:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Documents and Settings\Administrator\Local Settings\Application Data\rstoworc\ayibhobs.exe) - File not found O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync) O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/02/23 09:15:34 \| 000,000,000 \| ---- \| M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk ) O35 - HKLM\..comfile [open] -- "%1" % O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2013/01/17 22:08:10 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\LastGood [2013/01/16 21:45:38 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan [2013/01/16 15:47:35 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Documents\logs [2013/01/16 15:31:25 \| 000,000,000 \| ---D \| C] -- C:\Program Files\wellgoodforyou [2013/01/16 15:06:14 \| 010,156,344 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.70.0.1100.exe [2013/01/16 15:06:14 \| 000,602,112 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/01/16 15:06:14 \| 000,448,512 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2013/01/16 15:06:13 \| 007,300,832 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe [2013/01/16 13:51:37 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup [2013/01/16 08:09:40 \| 000,000,000 \| -H-D \| C] -- C:\WINDOWS\System32\GroupPolicy [2013/01/16 01:10:37 \| 000,000,000 \| ---D \| C] -- C:\Program Files\AVAST Software [2013/01/16 01:10:37 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/01/16 00:49:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes [2013/01/16 00:36:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/01/16 00:36:13 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2013/01/16 00:36:10 \| 000,021,104 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013/01/16 00:36:10 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013/01/15 11:04:54 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Rising [2013/01/15 11:00:17 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\LcSkin [2013/01/15 11:00:12 \| 000,000,000 \| ---D \| C] -- C:\Program Files\HAURI [2013/01/15 10:21:02 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\SparkTrust [2013/01/15 10:21:02 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\DriverCure [2013/01/15 10:20:48 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SparkTrust [2013/01/15 10:02:39 \| 000,000,000 \| -HSD \| C] -- C:\WINDOWS\CSC [2013/01/13 23:43:20 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Documents\Pearla jan 13.2013 [2013/01/13 23:40:26 \| 000,005,632 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll [2013/01/13 23:40:25 \| 000,159,232 \| ---- \| C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll [2013/01/13 11:25:16 \| 000,719,872 \| ---- \| C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll [2013/01/13 11:25:16 \| 000,369,152 \| ---- \| C] (The Public) -- C:\WINDOWS\System32\avisynth.dll [2013/01/13 11:25:16 \| 000,070,656 \| ---- \| C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll [2013/01/13 11:25:05 \| 000,000,000 \| ---D \| C] -- C:\Program Files\AviSynth 2.5 [2013/01/13 10:55:35 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rstoworc [2013/01/13 10:54:04 \| 000,327,749 \| ---- \| C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\drvc.dll [2013/01/13 10:54:04 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPER © - by eRightSoft [2013/01/13 10:54:03 \| 000,216,064 \| RHS- \| C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll [2013/01/13 10:54:02 \| 000,031,232 \| RHS- \| C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll [2013/01/13 10:54:01 \| 000,186,880 \| RHS- \| C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax [2013/01/13 10:54:01 \| 000,179,200 \| RHS- \| C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax [2013/01/13 10:54:01 \| 000,163,328 \| RHS- \| C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll [2013/01/13 10:54:01 \| 000,161,792 \| RHS- \| C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax [2013/01/13 10:54:01 \| 000,123,904 \| RHS- \| C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax [2013/01/13 10:54:01 \| 000,092,672 \| RHS- \| C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax [2013/01/13 10:54:01 \| 000,090,112 \| RHS- \| C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax [2013/01/13 10:54:01 \| 000,090,112 \| RHS- \| C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax [2013/01/13 10:54:01 \| 000,067,584 \| RHS- \| C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax [2013/01/13 10:50:22 \| 000,000,000 \| ---D \| C] -- C:\Program Files\eRightSoft [2013/01/13 10:30:06 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\TrafficSpaceLLC [2013/01/13 10:29:49 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\My Documents\Video Download Converter [2013/01/13 10:28:32 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IAC [2013/01/13 10:28:30 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\VideoDownloadConverter_4z [2013/01/13 10:27:20 \| 000,000,000 \| ---D \| C] -- C:\Program Files\VideoDownloadConverter_4z [2013/01/09 18:21:09 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Documents\Phone games [2013/01/07 07:15:41 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Panda Software [2013/01/06 19:56:25 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Panda Security [2013/01/06 19:51:29 \| 000,053,256 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\dsaflt.sys [2013/01/06 19:51:29 \| 000,046,856 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\wnmflt.sys [2013/01/06 19:51:28 \| 000,193,864 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\idsflt.sys [2013/01/06 19:51:02 \| 000,159,112 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NETFLTDI.SYS [2013/01/06 19:51:02 \| 000,083,528 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\APPFLT.SYS [2013/01/06 19:51:02 \| 000,022,024 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\fnetmon.sys [2013/01/06 19:50:57 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Backup [2013/01/06 19:50:51 \| 000,026,696 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys [2013/01/06 19:50:14 \| 000,054,832 \| ---- \| C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl [2013/01/06 19:50:14 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Internet Security 2012 [2013/01/06 19:49:58 \| 000,446,464 \| ---- \| C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll [2013/01/06 19:49:45 \| 000,193,344 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll [2013/01/06 19:49:45 \| 000,107,568 \| ---- \| C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL [2013/01/06 19:49:45 \| 000,087,328 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll [2013/01/06 19:49:44 \| 000,055,616 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll [2013/01/06 19:49:43 \| 000,518,432 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll [2013/01/06 19:49:39 \| 000,201,032 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\neti1644.sys [2013/01/06 19:49:36 \| 000,059,080 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\amm8651.sys [2013/01/06 19:49:36 \| 000,055,552 \| ---- \| C] (On-Access Anti-Malware Scanner Sync) -- C:\WINDOWS\System32\avldr.dll [2013/01/06 19:49:36 \| 000,000,000 \| ---D \| C] -- C:\WINDOWS\System32\PAV [2013/01/06 19:49:33 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Panda Security [2013/01/06 19:49:33 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\Panda Security [2013/01/06 19:49:33 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\Panda Security [2013/01/06 19:48:28 \| 000,163,848 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys [2013/01/06 19:48:28 \| 000,037,448 \| ---- \| C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys [2013/01/06 19:48:28 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Panda Security [2013/01/01 22:57:03 \| 000,000,000 \| ---D \| C] -- C:\Program Files\SweetIM [2013/01/01 22:57:03 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Application Data\SweetIM [2012/12/30 18:10:18 \| 000,000,000 \| ---D \| C] -- C:\Program Files\Common Files\Skype [2012/12/30 18:10:18 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype [2012/12/30 14:57:29 \| 000,179,712 \| ---- \| C] (Logitech Inc.) -- C:\WINDOWS\System32\drivers\LVSVF.dll [2012/12/30 14:41:58 \| 041,334,456 \| ---- \| C] (Logitech Inc. ) -- C:\Documents and Settings\All Users\Documents\is730enu.exe [2012/12/30 14:27:17 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Application Data\GoforFiles [2012/12/30 14:27:16 \| 000,000,000 \| ---D \| C] -- C:\Program Files\GoforFiles [2012/12/30 14:25:51 \| 004,659,424 \| ---- \| C] (»www.goforfiles.com/) -- C:\Documents and Settings\All Users\Documents\logitech_v_uj11_driver_downloader_99076.exe [2012/12/30 14:16:29 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\My Documents\Downloads [2012/12/30 14:16:05 \| 000,000,000 \| ---D \| C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters [2012/12/30 14:05:31 \| 001,987,160 \| ---- \| C] (Driver Tool) -- C:\Documents and Settings\All Users\Documents\DriverTool.exe [2009/11/02 10:30:25 \| 000,047,360 \| ---- \| C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2013/01/17 22:06:29 \| 000,013,880 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys [2013/01/17 22:02:15 \| 000,000,616 \| -H-- \| M] () -- C:\WINDOWS\tasks\ConfigExec.job [2013/01/17 22:00:28 \| 000,000,068 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck [2013/01/17 22:00:28 \| 000,000,068 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt [2013/01/17 22:00:12 \| 000,013,774 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2013/01/17 22:00:08 \| 000,000,282 \| ---- \| M] () -- C:\WINDOWS\tasks\Go for FilesUpdate.job [2013/01/17 22:00:05 \| 000,000,088 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck [2013/01/17 22:00:05 \| 000,000,088 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg [2013/01/17 21:59:46 \| 000,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2013/01/17 21:59:44 \| 528,011,264 \| -HS- \| M] () -- C:\hiberfil.sys [2013/01/17 13:54:12 \| 000,000,830 \| ---- \| M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013/01/17 13:32:49 \| 000,000,438 \| -H-- \| M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{9E667F2B-B8D3-4366-94D1-B30637EB192A}.job [2013/01/16 18:02:41 \| 000,000,036 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2013/01/16 16:50:59 \| 000,008,627 \| ---- \| M] () -- C:\WINDOWS\System32\PAV_FOG.OPC [2013/01/16 14:36:20 \| 000,881,914 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe [2013/01/16 14:33:22 \| 000,602,112 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe [2013/01/16 14:30:32 \| 007,300,832 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-rules.exe [2013/01/16 14:26:28 \| 010,156,344 \| ---- \| M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.70.0.1100.exe [2013/01/16 14:17:30 \| 000,448,512 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\TFC.exe [2013/01/16 12:29:36 \| 000,002,577 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2013/01/16 12:18:27 \| 000,000,211 \| -HS- \| M] () -- C:\boot.ini [2013/01/16 08:13:46 \| 000,000,440 \| RHS- \| M] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/01/16 00:48:51 \| 000,000,784 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/16 00:45:57 \| 000,000,068 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt [2013/01/13 13:27:06 \| 000,140,288 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013/01/13 11:26:45 \| 000,000,069 \| ---- \| M] () -- C:\WINDOWS\NeroDigital.ini [2013/01/13 10:59:28 \| 000,243,600 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2013/01/13 10:59:28 \| 000,243,600 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2013/01/13 10:57:57 \| 000,000,252 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck [2013/01/13 10:57:57 \| 000,000,252 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg [2013/01/13 10:57:57 \| 000,000,068 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck [2013/01/13 10:57:57 \| 000,000,068 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg [2013/01/13 10:57:57 \| 000,000,056 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck [2013/01/13 10:57:57 \| 000,000,056 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg [2013/01/13 10:57:57 \| 000,000,056 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck [2013/01/13 10:57:57 \| 000,000,056 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg [2013/01/13 10:57:56 \| 000,001,132 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2013/01/13 10:57:56 \| 000,001,132 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2013/01/12 14:30:49 \| 000,303,044 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck [2013/01/12 14:30:49 \| 000,303,044 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls [2013/01/11 20:43:02 \| 000,000,241 \| ---- \| M] () -- C:\WINDOWS\QSync.INI [2013/01/11 14:22:28 \| 000,000,068 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck [2013/01/10 18:27:04 \| 000,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013/01/10 04:46:26 \| 002,474,436 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\mb04.wmv [2013/01/09 00:18:32 \| 000,433,108 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2013/01/09 00:18:32 \| 000,067,938 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2013/01/08 23:55:55 \| 000,697,864 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013/01/08 23:55:53 \| 000,074,248 \| ---- \| M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013/01/07 22:07:23 \| 000,000,646 \| ---- \| M] () -- C:\WINDOWS\tasks\At1.job [2013/01/06 20:27:42 \| 000,008,627 \| ---- \| M] () -- C:\Documents and Settings\Administrator\PAV_FOG.OPC [2013/01/06 19:51:47 \| 000,000,262 \| ---- \| M] () -- C:\WINDOWS\System32\PavCPL.dat [2013/01/06 19:51:46 \| 000,001,784 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Internet Security 2012.lnk [2013/01/06 19:50:53 \| 000,002,125 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Install remote access.lnk [2013/01/06 19:47:27 \| 077,384,736 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\PANDAIS12.exe [2013/01/06 19:04:12 \| 000,866,592 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\Norton_Removal_Tool.exe [2013/01/06 13:58:10 \| 347,610,742 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\251c.wmv [2013/01/06 10:50:42 \| 895,780,793 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\WeLikeToSuck_009_ally_style_hd.mp4 [2013/01/05 04:36:09 \| 226,106,727 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_007-fon-1-sp.wmv [2013/01/05 03:15:36 \| 166,137,311 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_006-aom-1-sp.wmv [2013/01/05 01:13:05 \| 203,570,199 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_004-noon-1.wmv [2013/01/04 19:45:12 \| 185,457,773 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_003-nuch-1.wmv [2013/01/01 22:56:35 \| 000,000,218 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Desktop\Search the Web.url [2013/01/01 22:56:35 \| 000,000,212 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Desktop\SweetPcFix.url [2012/12/31 15:00:44 \| 137,480,633 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_002-katie-1.wmv [2012/12/31 07:10:26 \| 284,524,101 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_001-jenny-1.wmv [2012/12/30 18:10:18 \| 000,001,878 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/12/30 14:58:08 \| 000,001,639 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Logitech Gallery.lnk [2012/12/30 14:58:07 \| 000,001,713 \| ---- \| M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Logitech ImageStudio.lnk [2012/12/30 14:58:07 \| 000,001,695 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Logitech ImageStudio.lnk [2012/12/30 14:57:23 \| 000,000,816 \| ---- \| M] () -- C:\WINDOWS\_delis32.ini [2012/12/30 14:30:56 \| 002,003,493 \| ---- \| M] () -- C:\WINDOWS\iis6.BAK [2012/12/30 14:30:56 \| 000,003,920 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2012/12/30 14:25:59 \| 004,659,424 \| ---- \| M] (»www.goforfiles.com/) -- C:\Documents and Settings\All Users\Documents\logitech_v_uj11_driver_downloader_99076.exe [2012/12/30 14:05:42 \| 001,987,160 \| ---- \| M] (Driver Tool) -- C:\Documents and Settings\All Users\Documents\DriverTool.exe [2012/12/29 17:12:30 \| 178,817,611 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_008-gif-1-sp.wmv [2012/12/29 14:39:49 \| 287,516,173 \| ---- \| M] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_009-nana-1-sp.wmv [2012/12/26 14:34:38 \| 000,147,608 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [color=#E56717]========== Files Created - No Company Name ==========[/color] [2013/01/16 18:02:41 \| 000,000,036 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache [2013/01/16 15:06:14 \| 000,881,914 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe [2013/01/16 08:11:22 \| 000,000,440 \| RHS- \| C] () -- C:\Documents and Settings\Administrator\ntuser.pol [2013/01/16 02:33:35 \| 528,011,264 \| -HS- \| C] () -- C:\hiberfil.sys [2013/01/16 00:36:14 \| 000,000,784 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk [2013/01/13 11:25:16 \| 000,032,256 \| ---- \| C] () -- C:\WINDOWS\System32\AVSredirect.dll [2013/01/13 10:54:01 \| 000,227,328 \| RHS- \| C] () -- C:\WINDOWS\System32\ac3DX.ax [2013/01/13 10:54:01 \| 000,195,584 \| RHS- \| C] () -- C:\WINDOWS\System32\MatroskaDX.ax [2013/01/13 10:54:01 \| 000,175,104 \| RHS- \| C] () -- C:\WINDOWS\System32\CoreAAC.ax [2013/01/13 10:54:01 \| 000,121,344 \| RHS- \| C] () -- C:\WINDOWS\System32\TAKDSDecoder.ax [2013/01/13 10:54:01 \| 000,120,832 \| RHS- \| C] () -- C:\WINDOWS\System32\MPCDx.ax [2013/01/13 10:54:01 \| 000,107,520 \| RHS- \| C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2013/01/13 10:54:01 \| 000,107,520 \| RHS- \| C] () -- C:\WINDOWS\System32\RLMPCDec.ax [2013/01/13 10:54:01 \| 000,097,280 \| RHS- \| C] () -- C:\WINDOWS\System32\FLACDX.ax [2013/01/13 10:54:01 \| 000,070,656 \| RHS- \| C] () -- C:\WINDOWS\System32\RLAPEDec.ax [2013/01/13 10:54:01 \| 000,051,712 \| RHS- \| C] () -- C:\WINDOWS\System32\RLSpeexDec.ax [2013/01/13 10:54:00 \| 000,081,920 \| RHS- \| C] () -- C:\WINDOWS\System32\aac_parser.ax [2013/01/10 04:46:25 \| 002,474,436 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\mb04.wmv [2013/01/06 22:22:44 \| 000,000,646 \| ---- \| C] () -- C:\WINDOWS\tasks\At1.job [2013/01/06 20:27:42 \| 000,008,627 \| ---- \| C] () -- C:\Documents and Settings\Administrator\PAV_FOG.OPC [2013/01/06 20:13:55 \| 000,008,627 \| ---- \| C] () -- C:\WINDOWS\System32\PAV_FOG.OPC [2013/01/06 20:00:55 \| 000,013,880 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys [2013/01/06 19:51:47 \| 000,000,262 \| ---- \| C] () -- C:\WINDOWS\System32\PavCPL.dat [2013/01/06 19:51:46 \| 000,001,784 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Panda Internet Security 2012.lnk [2013/01/06 19:51:41 \| 000,243,600 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck [2013/01/06 19:51:41 \| 000,243,600 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT [2013/01/06 19:51:41 \| 000,001,132 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck [2013/01/06 19:51:41 \| 000,001,132 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG [2013/01/06 19:50:53 \| 000,002,125 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Install remote access.lnk [2013/01/06 19:46:43 \| 077,384,736 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\PANDAIS12.exe [2013/01/06 19:03:55 \| 000,866,592 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\Norton_Removal_Tool.exe [2013/01/06 12:32:48 \| 347,610,742 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\251c.wmv [2013/01/06 10:15:58 \| 895,780,793 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\WeLikeToSuck_009_ally_style_hd.mp4 [2013/01/05 04:07:59 \| 226,106,727 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_007-fon-1-sp.wmv [2013/01/05 01:52:00 \| 166,137,311 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_006-aom-1-sp.wmv [2013/01/04 23:36:22 \| 203,570,199 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_004-noon-1.wmv [2013/01/04 19:35:59 \| 185,457,773 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_003-nuch-1.wmv [2013/01/01 22:56:35 \| 000,000,218 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Desktop\Search the Web.url [2013/01/01 22:56:35 \| 000,000,212 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Desktop\SweetPcFix.url [2012/12/31 13:50:14 \| 137,480,633 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_002-katie-1.wmv [2012/12/31 02:46:16 \| 284,524,101 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_001-jenny-1.wmv [2012/12/30 18:10:18 \| 000,001,878 \| ---- \| C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk [2012/12/30 14:58:07 \| 000,001,713 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Logitech ImageStudio.lnk [2012/12/30 14:55:33 \| 000,000,816 \| ---- \| C] () -- C:\WINDOWS\_delis32.ini [2012/12/30 14:27:24 \| 000,000,282 \| ---- \| C] () -- C:\WINDOWS\tasks\Go for FilesUpdate.job [2012/12/29 16:18:46 \| 178,817,611 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_008-gif-1-sp.wmv [2012/12/29 14:03:41 \| 287,516,173 \| ---- \| C] () -- C:\Documents and Settings\All Users\Documents\AsianSuckDolls_009-nana-1-sp.wmv [2011/09/15 17:38:59 \| 000,000,019 \| ---- \| C] () -- C:\WINDOWS\popcinfo.dat [2011/09/15 14:37:05 \| 000,000,069 \| ---- \| C] () -- C:\WINDOWS\NeroDigital.ini [2011/06/15 18:35:38 \| 000,001,940 \| ---- \| C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011/03/30 18:24:20 \| 000,000,376 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2009/11/02 10:30:26 \| 000,087,608 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe [2009/11/02 10:30:26 \| 000,007,887 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat [2009/11/02 10:30:25 \| 000,001,144 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf [2009/02/28 01:17:19 \| 000,140,288 \| ---- \| C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [color=#E56717]========== ZeroAccess Check ==========[/color] [2009/02/28 15:00:43 \| 000,000,227 \| RHS- \| M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 00:12:05 \| 001,499,136 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 12:10:48 \| 000,473,600 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 00:12:08 \| 000,273,920 \| ---- \| M] (Microsoft Corporation) "ThreadingModel" = Both [color=#E56717]========== LOP Check ==========[/color] [2011/11/07 10:19:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\AvniTech [2013/01/15 10:21:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\DriverCure [2012/06/23 02:39:29 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoft [2012/06/23 02:39:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\DVDVideoSoftIEHelpers [2011/11/04 22:56:43 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics [2009/03/02 19:50:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\FotoWire [2011/09/15 17:32:23 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\funkitron [2009/03/02 18:14:15 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo [2012/12/30 14:27:39 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\GoforFiles [2009/03/05 03:20:42 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro [2009/09/10 05:58:16 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn [2009/03/22 04:38:19 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire [2011/08/12 15:13:55 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org [2011/12/12 18:27:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Orbit [2013/01/06 19:49:33 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Panda Security [2013/01/16 21:45:42 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan [2011/10/09 23:57:12 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Replay Media Catcher 4 [2011/12/20 04:03:11 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Simple Adblock [2012/11/28 17:21:15 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Sokoban++ [2013/01/15 10:21:02 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\SparkTrust [2012/08/02 12:17:50 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Tific [2010/02/09 11:45:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Trusteer [2013/01/13 10:28:31 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\VideoDownloadConverter_4z [2009/11/02 10:30:52 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\Administrator\Application Data\Vso [2011/10/09 23:31:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Applian [2013/01/16 12:29:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software [2013/01/06 19:50:57 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Backup [2012/06/23 01:31:16 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\BOINC [2013/01/17 22:19:01 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Kontiki [2013/01/06 19:51:56 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Panda Security [2013/01/07 07:15:41 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Panda Software [2009/02/28 15:07:41 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters [2012/01/31 23:00:37 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2012/11/28 17:16:53 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Sokoban++ [2013/01/15 10:34:01 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SparkTrust [2013/01/16 13:51:37 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SUPERSetup [2013/01/01 23:03:24 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\SweetIM [2012/12/31 07:25:01 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/02/09 11:44:47 \| 000,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Trusteer [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Alternate Data Streams ==========[/color] @Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B793A0BD @Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ACEDBECD -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-18 17:25:50 ·

TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	reply to veryfat OTL Extras logfile created on: 1/17/2013 10:14:21 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 503.48 Mb Total Physical Memory \| 266.95 Mb Available Physical Memory \| 53.02% Memory free 1.20 Gb Paging File \| 0.88 Gb Available in Paging File \| 73.14% Paging File free Paging file location(s): c:\pagefile.sys 756 1512 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 38.15 Gb Total Space \| 16.57 Gb Free Space \| 43.44% Space Free \| Partition Type: NTFS Computer Name: COMPAQ-D510-SFF \| User Name: Administrator \| Logged in as Administrator. Boot Mode: Normal \| Scan Mode: Current user Company Name Whitelist: Off \| Skip Microsoft Files: Off \| No Company Name Whitelist: On \| File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.) .jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.) .vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.) .vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.) .wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.) .wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PAVSCRIP.EXE (Panda Security, S.L.) [color=#E56717]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.) jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.) vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.) wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.) wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAI~1\PavScrip.exe "%1" %* (Panda Security, S.L.) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] "DisableMonitoring" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [color=#E56717]========== System Restore Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP::Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP::Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP::Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP::Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C26CB-6D52-458C-A87F-1EE77F9625C6}" = Intel(R) PRO Network Connections "{212D202D-487D-49C4-8A76-4D3BB91B8471}" = BOINC "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 29 "{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5 "{333ABA95-54AE-443D-8B56-0D72E8A85458}" = Panda Internet Security 2012 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{54B19DCE-232F-45A3-80D9-2141DEDF6D8F}" = Simple Adblock "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns "{5A24DD7E-7B01-41AC-ADA8-F1776177A3BA}" = Logitech ImageStudio "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F7ECD56-E224-4263-9B7E-158E5CECC43B}" = HP Photo and Imaging 2.1 - Scanjet 2400 Series "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2012 "{7BA1FB62-A363-4D24-8870-45131F0D0137}" = EPSON PRINT Image Framer Tool2.0 "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114427150}" = Wonderland Adventures "{864785DF-6D78-4A38-B66F-845BC5741843}" = liteCAM Evaluation "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver "{8A793FC6-6DF5-11DD-BB6A-00018021113F}" = EPSON PhotoQuicker3.4 "{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54 "{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}" = SweetPacks bundle uninstaller "{A0C9DF2B-89B5-4483-8983-18A68200F1B4}" = SweetIM for Messenger 3.7 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP) "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5) "{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5 "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center "{BC8373FC-142C-40B9-AB2A-DA984391A9BD}" = liteCAM "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}" = Internet Explorer Toolbar 4.6 by SweetPacks "{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Labtec WebCam Software "{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime "{c9920352-04e6-469d-bab8-e2b9c7c75415}.sdb" = Microsoft Automated Troubleshooting Services Shim "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager "{E8FB4BF9-4C95-4F39-B26D-33C31A2CEE09}" = PIF DESIGNER2.0 "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}" = Update Manager for SweetPacks 1.1 "{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb "{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13 "{FA0BC743-0C8D-40C1-A074-BD4825A75A77}" = TubeHunter Ultra "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Photoshop 7.0" = Adobe Photoshop 7.0 "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "Allok Video to 3GP Converter_is1" = Allok Video to 3GP Converter 5.1.0814 "Applian Director2.11" = Applian Director "AXIS Media Control Embedded" = AXIS Media Control Embedded "BBC iPlayer Download Manager" = BBC iPlayer Download Manager "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 6_is1" = DVDFab 6.1.2.5 (27/10/2009) "EPSON Printer and Utilities" = EPSON Printer Software "ESC84 Reference Guide" = ESC84 Reference Guide "ESC84 Software Guide" = ESC84 Software Guide "ffdshow_is1" = ffdshow v1.1.3631 [2010-11-15] "Free MOV 2 AVI" = Free MOV 2 AVI "Free Studio_is1" = Free Studio version 5.6.1.608 "GetASFStream" = GetASFStream "HijackThis" = HijackThis 2.0.2 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Imagicon" = Imagicon "ImgBurn" = ImgBurn "InstallShield_{2A1E27FF-BE53-45B4-950F-060236E98E3D}" = TMPGEnc Plus 2.5 "InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.7.0 "LimeWire" = LimeWire PRO 5.1.1 "Logitech Print Service" = Logitech Print Service "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NeroMultiInstaller!UninstallKey" = Nero Suite "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Orbit_is1" = Orbit Downloader "QcDrv" = Labtec® Camera Driver "Rapport_msi" = Rapport "RealPlayer 6.0" = RealPlayer "Replay Media Catcher 4" = Replay Media Catcher 4 (4.3.2) "Sokoban YASC - Yet Another Sokoban Clone_is1" = Sokoban YASC "SokobanPP" = Sokoban++ "ss_is1" = ShowSize "Unknown Device Identifier_is1" = Unknown Device Identifier 6.01 "VLC media player" = VLC media player 0.9.8a "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Xvid_is1" = Xvid 1.2.1 final uninstall "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "YTdetect" = Yahoo! Detect [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "5f48e2ab41c5d005" = RapidShare Manager [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 10/12/2012 11:16:12 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Application Hang \| ID = 1001 Description = Fault bucket 1180947459. Error - 10/12/2012 11:16:31 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Application Hang \| ID = 1001 Description = Fault bucket 1180947459. Error - 12/17/2012 1:12:00 PM \| Computer Name = COMPAQ-D510-SFF \| Source = MatSvc \| ID = 262147 Description = The MATS service encountered a web service failure. hr=0x80072EE7 Error - 12/17/2012 1:12:03 PM \| Computer Name = COMPAQ-D510-SFF \| Source = MatSvc \| ID = 262152 Description = The MATS service encountered a failure when loading SAP. hr=0x80070002 SAP folder: C:\Program Files\Microsoft Fix it Center\SAPFolder\Scheduled\DDA435FA-6E05-4DBF-80FE-C4EBE882E798.32 Error - 12/17/2012 1:12:03 PM \| Computer Name = COMPAQ-D510-SFF \| Source = MatSvc \| ID = 262159 Description = The scheduled MATS task encountered a failure when collecting configuration data. hr=0x80070002 . Error - 12/31/2012 7:03:59 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Application Hang \| ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 12/31/2012 7:04:14 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Application Hang \| ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/1/2013 7:16:33 AM \| Computer Name = COMPAQ-D510-SFF \| Source = Application Hang \| ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/2/2013 7:05:59 AM \| Computer Name = COMPAQ-D510-SFF \| Source = Application Hang \| ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error - 1/2/2013 7:06:47 AM \| Computer Name = COMPAQ-D510-SFF \| Source = Application Hang \| ID = 1002 Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. [ System Events ] Error - 1/16/2013 11:53:30 AM \| Computer Name = COMPAQ-D510-SFF \| Source = sr \| ID = 1 Description = The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume. Error - 1/16/2013 11:54:28 AM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 1/16/2013 11:54:28 AM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: i8042prt PCIIde Error - 1/16/2013 1:52:06 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 1/16/2013 1:52:06 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: i8042prt PCIIde Error - 1/17/2013 9:29:33 AM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 1/17/2013 9:29:33 AM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: i8042prt Error - 1/17/2013 6:01:14 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 1/17/2013 6:01:14 PM \| Computer Name = COMPAQ-D510-SFF \| Source = Service Control Manager \| ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: i8042prt Error - 1/17/2013 6:01:51 PM \| Computer Name = COMPAQ-D510-SFF \| Source = DCOM \| ID = 10016 Description = The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-18 17:27:06 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	reply to veryfat Results of screen317's Security Check version 0.99.57 Windows XP Service Pack 3 x86 [color=red](UAC is disabled!)[/color] Internet Explorer 8 [u]``````````````Antivirus/Firewall Check:``````````````[/u] [color=red]Windows Security Center service is not running! This report may not be accurate![/color] Panda Internet Security 2012 Antivirus up to date! [u]`````````Anti-malware/Other Utilities Check:`````````[/u] [color=red]Out of date HijackThis installed![/color] Malwarebytes Anti-Malware version 1.70.0.1100 HijackThis 2.0.2 Java(TM) 6 Update 29 [color=red]Java version out of Date![/color] Adobe Flash Player 10 [color=red]Flash Player out of Date![/color] Adobe Reader 10.1.5 [color=red]Adobe Reader out of Date![/color] [u]````````Process Check: objlist.exe by Laurent````````[/u] panda security panda internet security 2012 firewall PSHOST.EXE [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C:: 2% [u]````````````````````End of Log``````````````````````[/u] -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-18 17:27:53 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5 1 edit	reply to veryfat Hi veryfat I suggest printing out each set of instructions and reading the entire post before proceeding. It will make following them easier. Please follow the directions in the order listed. In both your MBAM logs, all the detections show that there was no action taken. You need to have MBAM remove everything that was found. Please run MBAM again, update it, run a new Full Scan, have MBAM remove everything found, and post (not attach) the new log in your next reply. This will require access to an uninfected, properly working system. The Kaspersky Rescue Disk is a bootable CD based version of Kaspersky Antivirus. The download is in ISO format. If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn: »www.imgburn.com/ Download the Kaspersky Rescue Disk: »support.kaspersky.com/viruses/re···ownloads - You can find these instructions with graphics at: »support.kaspersky.com/8093 - Burn the Kaspersky Rescue Disk ISO image to CD. - Insert the Kaspersky Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive). - Once the program starts, you will be prompted to press any key to enter the menu. - Select your language. - Press "1" to accept the End User License Agreement - Select Kaspersky Rescue Disk. Graphic Mode - If you have more than one bootable drive, you may be asked to select your operating system, then click OK. - In the "Scan your computer" menu that opens, click the "My Update Center" tab. - Click "Start Update" (it may take a while to complete updating the database). - When the update is finished, click the "Objects Scan" tab. - Select all the hard drives available (Disk boot sectors and Hidden startup objects will already be selected by default). - Click the "Start Objects Scan" button - When finished (you may need to let it run overnight), click "Report" at the top of the window. - Click the "Detailed report" button. - Click the "Save" button, and in the "Save As" window select a drive to save the report to, enter KRD.txt as the file name, and click "Save". - Close the Detailed Report window, click "Close" again, select Exit, and click "Yes" to confirm. - Click the "K" in the far left of the toolbar at the bottom of the screen and click "Restart" and "Yes" to confirm to reboot your system. Please post the contents of KRD.txt in your next reply along with the new log from MBAM, and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-18 18:13:53 ·
veryfat join:2013-01-17 BR1 3EW	Thank-you "TheJoker", I have TRIED to do as you asked. I had miss-understood the preparations regarding Malwarebytes; the found problems were quarantined, but I saved the log before I quarantined (there are 142 items in quarantine). Any way, I re-ran Malwarebytes and I will show the resultant log at the end (no problems found). The reason why I typed tried, is because the Kaspersky Rescue Disk was not able to work using Graphic Mode. After choosing Graphic Mode the VDU showed the loading screen and the bar went to the fill point. Then it went blank and showed the following: "INFORMATION OUT OF RANGE". The DVD drive cycled every 30 seconds or so from spinning very fast to seeming to stop and the data flow light flashed a little when the drive started to spin fast. The c-drive LED did not flash at all. The modem LED lights did not flash at all. I let the computer do this for over an hour. I stopped the computer by pressing the on/off button. I tried it twice more and the same happened. So I tried using the Text Mode. It appeared to work; update and an all objects scan showed alot of different text on the VDU. However I became stuck when it finished, because I could not find where the scan report was. I searched for the suggested KRD, but I think that is just what you wanted me to call the report, because I could not find it. So, I am very obliged if you could advise me further. Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.01.14.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: COMPAQ-D510-SFF [administrator] 1/19/2013 10:07:37 AM mbam-log-2013-01-19 (10-07-37).txt Scan type: Full scan (C:\\|I:\\|) Scan options enabled: Memory \| Startup \| Registry \| File System \| Heuristics/Extra \| Heuristics/Shuriken \| PUP \| PUM Scan options disabled: P2P Objects scanned: 294489 Time elapsed: 1 hour(s), 41 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
	to forum · permalink · 2013-01-19 11:30:39 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	Please download AdwCleaner by Xplode onto your desktop. `http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner` - Close all open programs and internet browsers. - Double click on AdwCleaner.exe to run the tool. - Click on Delete. - Follow the prompts to reboot the computer. A text file will open after the restart. - Please post the content of that logfile with your next answer. - You can find the logfile at C:\AdwCleaner[S1].txt as well. Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool: »www.bleepingcomputer.com/combofi···combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF). Please go here to see a list of programs that need to be disabled: »www.bleepingcomputer.com/forums/···351.html Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall. Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. Please post the logs from AdwCleaner and ComboFix, and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-19 18:45:27 ·
veryfat join:2013-01-17 BR1 3EW	Thank-you "TheJoker", Managed to do both tasks, but not quite as you requested. It seems that ComboFix felt that Panda was still working, but I disabled Panda as instructed on the ComboFix webpage (I clicked Close automatic protection and the little Panda symbol disappeared from the lower right of the screen) and when ComboFix detected that the computer had not got Windows Recovery Console and tried to download it, but could not, the computer was connected to the internet. So, I am very obliged if you could advise me further. # AdwCleaner v2.106 - Logfile created 01/20/2013 at 08:53:09 # Updated 17/01/2013 by Xplode # Operating system : Microsoft Windows XP Service Pack 3 (32 bits) # User : Administrator - COMPAQ-D510-SFF # Boot Mode : Normal # Running from : I:\adwcleaner.exe # Option [Delete] *** [Services] * * [Files / Folders] * File Deleted : C:\Documents and Settings\Administrator\Desktop\Search The Web.url File Deleted : C:\Documents and Settings\Administrator\Desktop\sweetpcfix.url Folder Deleted : C:\Documents and Settings\Administrator\Application Data\VideoDownloadConverter_4z Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM Folder Deleted : C:\Program Files\SweetIM Folder Deleted : C:\Program Files\VideoDownloadConverter_4z Folder Deleted : C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Folder Deleted : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} * [Registry] * Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKCU\Software\SweetIM Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3 Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3 Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F} Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1 Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1 Key Deleted : HKLM\SOFTWARE\Classes\sim-packages Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1 Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1 Key Deleted : HKLM\Software\Default Tab Key Deleted : HKLM\Software\GamesBarSetup Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoDownloadConverter_4zbar Uninstall Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83} Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0} Key Deleted : HKLM\Software\SweetIM Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll] * [Internet Browsers] * -\\ Internet Explorer v8.0.6001.18702 [OK] Registry is clean. -\\ Mozilla Firefox v18.0 (en-US) File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4a1necbi.default\prefs.js [OK] File is clean. *********************** AdwCleaner[S1].txt - [18400 octets] - [20/01/2013 08:53:09] ########## EOF - C:\AdwCleaner[S1].txt - [18461 octets] ########## ComboFix 13-01-17.04 - Administrator 01/20/2013 9:13.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.216 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: Panda Internet Security 2012 Enabled/Updated {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2012 Enabled {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} * Created a new restore point . WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\inst.exe c:\documents and settings\Administrator\Local Settings\Application Data\bfxwansp.log c:\documents and settings\Administrator\Local Settings\Application Data\crqixeng.log c:\documents and settings\Administrator\Local Settings\Application Data\dsratrdd.log c:\documents and settings\Administrator\Local Settings\Application Data\glsrfgmh.log c:\documents and settings\Administrator\Local Settings\Application Data\nuvxtded.log c:\documents and settings\Administrator\Local Settings\Application Data\pnmugcig.log c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc\ayibhobs.exe c:\documents and settings\Administrator\Local Settings\Application Data\tcfkllfe.log c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\windows\Downloaded Program Files\popcaploader.dll c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\EventSystem.log c:\windows\system32\drivers\Install.exe . . ((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 ))))))))))))))))))))))))))))))) . . 2013-01-19 08:52 . 2013-01-19 12:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-01-17 23:34 . 2013-01-17 23:34 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-17 23:25 . 2013-01-17 23:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-17 22:45 . 2013-01-17 22:45 -------- d-----w- c:\program files\ESET 2013-01-16 21:45 . 2013-01-16 21:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2013-01-16 15:31 . 2013-01-16 15:33 -------- d-----w- c:\program files\wellgoodforyou 2013-01-16 13:51 . 2013-01-16 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup 2013-01-16 08:09 . 2013-01-16 08:09 -------- d--h--w- c:\windows\system32\GroupPolicy 2013-01-16 01:10 . 2013-01-16 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2013-01-16 00:49 . 2013-01-16 00:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2013-01-16 00:36 . 2013-01-16 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-16 00:36 . 2013-01-16 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-16 00:36 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-15 11:04 . 2013-01-15 11:04 -------- d-----w- c:\program files\Rising 2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\windows\system32\LcSkin 2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\program files\HAURI 2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\SparkTrust 2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure 2013-01-15 10:20 . 2013-01-15 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust 2013-01-13 23:40 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2013-01-13 23:40 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2013-01-13 11:25 . 2009-09-27 09:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2013-01-13 11:25 . 2005-07-14 12:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll 2013-01-13 11:25 . 2004-02-22 10:11 719872 ----a-w- c:\windows\system32\devil.dll 2013-01-13 11:25 . 2004-01-25 00:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2013-01-13 11:25 . 2013-01-13 11:25 -------- d-----w- c:\program files\AviSynth 2.5 2013-01-13 10:55 . 2013-01-16 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc 2013-01-13 10:50 . 2013-01-13 10:50 -------- d-----w- c:\program files\eRightSoft 2013-01-13 10:30 . 2013-01-13 10:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TrafficSpaceLLC 2013-01-13 10:28 . 2013-01-13 10:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IAC 2013-01-07 07:15 . 2013-01-07 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Software 2013-01-06 20:00 . 2013-01-20 09:02 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2013-01-06 19:56 . 2013-01-06 19:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security 2013-01-06 19:51 . 2013-01-13 10:59 243600 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2013-01-06 19:51 . 2009-09-25 14:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2013-01-06 19:51 . 2009-09-25 14:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2013-01-06 19:51 . 2010-09-09 16:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys 2013-01-06 19:51 . 2011-01-31 16:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2013-01-06 19:51 . 2009-09-25 14:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2013-01-06 19:51 . 2009-09-25 14:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2013-01-06 19:50 . 2013-01-06 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup 2013-01-06 19:50 . 2010-06-22 18:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys 2013-01-06 19:50 . 2007-03-15 19:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl 2013-01-06 19:48 . 2005-04-03 23:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2013-01-06 19:48 . 2005-04-03 23:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2013-01-06 19:48 . 2005-04-03 23:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2013-01-06 19:48 . 2005-04-03 23:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2013-01-06 19:48 . 2005-04-03 22:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2013-01-06 19:48 . 2013-01-06 19:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2013-01-06 19:48 . 2013-01-06 19:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2013-01-06 19:48 . 2013-01-06 19:48 -------- d-----w- c:\program files\Common Files\Panda Security 2013-01-06 19:48 . 2011-02-21 14:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2013-01-06 19:48 . 2010-05-06 17:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys 2012-12-30 18:10 . 2012-12-30 18:10 -------- d-----w- c:\program files\Common Files\Skype 2012-12-30 14:57 . 2002-12-10 17:51 179712 ----a-w- c:\windows\system32\drivers\LVSVF.dll 2012-12-30 14:27 . 2012-12-30 14:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\GoforFiles 2012-12-30 14:27 . 2013-01-02 14:42 -------- d-----w- c:\program files\GoforFiles 2012-12-30 14:16 . 2013-01-02 12:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:55 . 2012-04-08 04:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:55 . 2011-06-22 11:11 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-05 03:45 . 2013-01-17 23:34 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "EPSON Stylus C84 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-14 198160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 12:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr] 2010-07-01 13:27 4862720 ----a-w- c:\program files\BOINC\boincmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray] 2010-07-01 13:27 58112 ----a-w- c:\program files\BOINC\boinctray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] 2002-12-10 18:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] 2002-12-10 18:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2004-12-14 18:57 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2004-12-14 18:51 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 17:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-08-09 14:28 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 17:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2009-12-08 14:51 774144 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-03-14 18:05 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/6/2013 7:50 PM 26696] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [7/29/2012 8:52 PM 65848] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [1/6/2013 7:51 PM 83528] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [1/6/2013 7:51 PM 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [1/6/2013 7:51 PM 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [1/6/2013 7:51 PM 193864] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [1/6/2013 7:51 PM 159112] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2/26/2010 10:09 AM 390528] R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/26/2012 9:41 AM 272216] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/6/2013 7:48 PM 37448] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [1/6/2013 7:51 PM 46856] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [1/6/2013 7:49 PM 59080] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/6/2013 7:48 PM 163848] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [1/6/2013 7:50 PM 28992] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896] R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256] R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [1/6/2013 7:49 PM 201032] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/2/2009 10:30 AM 47360] S1 RapportEI;RapportEI;\??\c:\program files\Trusteer\Rapport\bin\RapportEI.sys --> c:\program files\Trusteer\Rapport\bin\RapportEI.sys [?] S1 RapportPG;RapportPG;\??\c:\program files\Trusteer\Rapport\bin\RapportPG.sys --> c:\program files\Trusteer\Rapport\bin\RapportPG.sys [?] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944] S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256] S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [1/6/2013 8:00 PM 13880] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/30/2012 2:17 PM 21520] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [10/10/2010 3:53 PM 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [10/10/2010 3:53 PM 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [10/10/2010 3:53 PM 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [10/10/2010 3:53 PM 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [10/10/2010 3:53 PM 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [10/10/2010 3:53 PM 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [10/10/2010 3:53 PM 109864] . --- Other Services/Drivers In Memory --- . NewlyCreated - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:56] . 2013-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . 2013-01-07 c:\windows\Tasks\At1.job - c:\program files\Panda Security\Panda Internet Security 2012\PAVJOBS.EXE [2013-01-06 20:18] . 2013-01-20 c:\windows\Tasks\ConfigExec.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09] . 2012-02-09 c:\windows\Tasks\DataUpload.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09] . 2013-01-19 c:\windows\Tasks\User_Feed_Synchronization-{9E667F2B-B8D3-4366-94D1-B30637EB192A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 04:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ uInternet Connection Wizard,ShellNext = iexplore IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab DPF: {BA3ED5CB-4935-4B1C-A418-AC9CCE2275C1} - hxxp://hglobal.globalhauri.com/HProduct/LCS2p/globalhauri/CLIENT/LCS2p/web/hLcs2Pre.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.174.229.186/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4a1necbi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/ . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKCU-Run-AyiBhobs - c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc\ayibhobs.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe AddRemove-Replay Media Catcher 4 - g:\applian\Replay Media Catcher 4\uninstall.exe AddRemove-{8F311E92-C29F-4DF9-8259-B739A1831669}_is1 - e:\programs\Super ©\SUPER\unins000.exe . . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2013-01-20 09:36 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1409082233-920026266-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,d7,f7,bf,bc,23,28,42,84,ff,aa,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,d7,f7,bf,bc,23,28,42,84,ff,aa,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1460) c:\windows\system32\avldr.dll . - - - - - - - > 'explorer.exe'(6796) c:\windows\system32\WININET.dll c:\program files\Panda Security\Panda Internet Security 2012\pavoepl.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Panda Security\Panda Internet Security 2012\TPSrv.exe c:\program files\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kontiki\KService.exe c:\program files\Panda Security\Panda Internet Security 2012\PsCtrls.exe c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE c:\program files\Panda Security\Panda Internet Security 2012\SRVLOAD.EXE c:\program files\Panda Security\Panda Internet Security 2012\PavBckPT.exe . ************************************************************************ . Completion time: 2013-01-20 09:41:59 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-20 09:41 . Pre-Run: 17,344,225,280 bytes free Post-Run: 18,260,324,352 bytes free . - - End Of File - - 3435F1138AE86A58A1C7FA63D10F572A
	to forum · permalink · 2013-01-20 07:14:04 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	reply to veryfat Let's see if we can get the Recovery Console installed before proceeding further. Download ComboFix from one of these locations (each time we run it you will need to download a new copy to ensure that you have the most recent version). `http://download.bleepingcomputer.com/sUBs/ComboFix.exe` `http://www.infospyware.net/antimalware/combofix` With malware infections being as they are today, it's strongly recommended to have the Windows Recovery Console pre-installed on your machine before doing any malware removal. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time. Go to Microsoft's website => »support.microsoft.com/kb/310994 Scroll down to Step 1, and select the download that's appropriate for your Operating System. Download the file & save it as it's originally named. Note: If you have SP3, use the SP2 download. --------------------------------------------------------------------- Transfer all files you just downloaded, to the desktop of the infected computer. -------------------------------------------------------------------- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools - Drag the setup package onto ComboFix.exe and drop it. - Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. - At the next prompt, click 'Yes' to run the full ComboFix scan. - When the tool is finished, it will produce a report for you. Please post the C:\ComboFix.txt in your next reply. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-20 12:00:44 ·
veryfat join:2013-01-17 BR1 3EW	Thank-you "TheJoker", Everything went just as you asked. ComboFix still said that Pnda was working, even though I had stopped it. The computer is still not accepting any online anti-virus scans ans "Ctrl, Alt, Del" is not opening Task Manager window. So, I am very obliged if you could advise me further. ComboFix 13-01-17.04 - Administrator 01/20/2013 19:35:54.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.228 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: Panda Internet Security 2012 Enabled/Updated {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2012 Enabled {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . . ((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 ))))))))))))))))))))))))))))))) . . 2013-01-19 08:52 . 2013-01-19 12:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-01-17 23:34 . 2013-01-17 23:34 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-17 23:25 . 2013-01-17 23:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-17 22:45 . 2013-01-17 22:45 -------- d-----w- c:\program files\ESET 2013-01-16 21:45 . 2013-01-16 21:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2013-01-16 15:31 . 2013-01-16 15:33 -------- d-----w- c:\program files\wellgoodforyou 2013-01-16 13:51 . 2013-01-16 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup 2013-01-16 08:09 . 2013-01-16 08:09 -------- d--h--w- c:\windows\system32\GroupPolicy 2013-01-16 01:10 . 2013-01-16 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2013-01-16 00:49 . 2013-01-16 00:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2013-01-16 00:36 . 2013-01-16 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-16 00:36 . 2013-01-16 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-16 00:36 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-15 11:04 . 2013-01-15 11:04 -------- d-----w- c:\program files\Rising 2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\windows\system32\LcSkin 2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\program files\HAURI 2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\SparkTrust 2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure 2013-01-15 10:20 . 2013-01-15 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust 2013-01-13 23:40 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2013-01-13 23:40 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2013-01-13 11:25 . 2009-09-27 09:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2013-01-13 11:25 . 2005-07-14 12:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll 2013-01-13 11:25 . 2004-02-22 10:11 719872 ----a-w- c:\windows\system32\devil.dll 2013-01-13 11:25 . 2004-01-25 00:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2013-01-13 11:25 . 2013-01-13 11:25 -------- d-----w- c:\program files\AviSynth 2.5 2013-01-13 10:55 . 2013-01-16 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc 2013-01-13 10:50 . 2013-01-13 10:50 -------- d-----w- c:\program files\eRightSoft 2013-01-13 10:30 . 2013-01-13 10:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TrafficSpaceLLC 2013-01-13 10:28 . 2013-01-13 10:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IAC 2013-01-07 07:15 . 2013-01-07 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Software 2013-01-06 20:00 . 2013-01-20 09:41 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2013-01-06 19:56 . 2013-01-06 19:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security 2013-01-06 19:51 . 2013-01-13 10:59 243600 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2013-01-06 19:51 . 2009-09-25 14:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2013-01-06 19:51 . 2009-09-25 14:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2013-01-06 19:51 . 2010-09-09 16:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys 2013-01-06 19:51 . 2011-01-31 16:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2013-01-06 19:51 . 2009-09-25 14:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2013-01-06 19:51 . 2009-09-25 14:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2013-01-06 19:50 . 2013-01-06 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup 2013-01-06 19:50 . 2010-06-22 18:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys 2013-01-06 19:50 . 2007-03-15 19:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl 2013-01-06 19:48 . 2005-04-03 23:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2013-01-06 19:48 . 2005-04-03 23:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2013-01-06 19:48 . 2005-04-03 23:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2013-01-06 19:48 . 2005-04-03 23:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2013-01-06 19:48 . 2005-04-03 22:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2013-01-06 19:48 . 2013-01-06 19:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2013-01-06 19:48 . 2013-01-06 19:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2013-01-06 19:48 . 2013-01-06 19:48 -------- d-----w- c:\program files\Common Files\Panda Security 2013-01-06 19:48 . 2011-02-21 14:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2013-01-06 19:48 . 2010-05-06 17:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys 2012-12-30 18:10 . 2012-12-30 18:10 -------- d-----w- c:\program files\Common Files\Skype 2012-12-30 14:57 . 2002-12-10 17:51 179712 ----a-w- c:\windows\system32\drivers\LVSVF.dll 2012-12-30 14:27 . 2012-12-30 14:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\GoforFiles 2012-12-30 14:27 . 2013-01-02 14:42 -------- d-----w- c:\program files\GoforFiles 2012-12-30 14:16 . 2013-01-02 12:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:55 . 2012-04-08 04:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:55 . 2011-06-22 11:11 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-05 03:45 . 2013-01-17 23:34 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-07 00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "EPSON Stylus C84 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-14 198160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 12:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr] 2010-07-01 13:27 4862720 ----a-w- c:\program files\BOINC\boincmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray] 2010-07-01 13:27 58112 ----a-w- c:\program files\BOINC\boinctray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] 2002-12-10 18:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] 2002-12-10 18:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2004-12-14 18:57 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2004-12-14 18:51 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 17:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-08-09 14:28 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 17:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2009-12-08 14:51 774144 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-03-14 18:05 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/6/2013 7:50 PM 26696] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [7/29/2012 8:52 PM 65848] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [1/6/2013 7:51 PM 83528] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [1/6/2013 7:51 PM 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [1/6/2013 7:51 PM 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [1/6/2013 7:51 PM 193864] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [1/6/2013 7:51 PM 159112] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2/26/2010 10:09 AM 390528] R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/26/2012 9:41 AM 272216] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/6/2013 7:48 PM 37448] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [1/6/2013 7:51 PM 46856] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [1/6/2013 7:49 PM 59080] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/6/2013 7:48 PM 163848] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [1/6/2013 7:50 PM 28992] R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256] R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [1/6/2013 7:49 PM 201032] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/2/2009 10:30 AM 47360] S1 RapportEI;RapportEI;\??\c:\program files\Trusteer\Rapport\bin\RapportEI.sys --> c:\program files\Trusteer\Rapport\bin\RapportEI.sys [?] S1 RapportPG;RapportPG;\??\c:\program files\Trusteer\Rapport\bin\RapportPG.sys --> c:\program files\Trusteer\Rapport\bin\RapportPG.sys [?] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944] S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256] S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [1/6/2013 8:00 PM 13880] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/30/2012 2:17 PM 21520] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [10/10/2010 3:53 PM 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [10/10/2010 3:53 PM 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [10/10/2010 3:53 PM 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [10/10/2010 3:53 PM 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [10/10/2010 3:53 PM 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [10/10/2010 3:53 PM 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [10/10/2010 3:53 PM 109864] . Contents of the 'Scheduled Tasks' folder . 2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:56] . 2013-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . 2013-01-07 c:\windows\Tasks\At1.job - c:\program files\Panda Security\Panda Internet Security 2012\PAVJOBS.EXE [2013-01-06 20:18] . 2013-01-20 c:\windows\Tasks\ConfigExec.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09] . 2012-02-09 c:\windows\Tasks\DataUpload.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09] . 2013-01-20 c:\windows\Tasks\User_Feed_Synchronization-{9E667F2B-B8D3-4366-94D1-B30637EB192A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 04:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ uInternet Connection Wizard,ShellNext = iexplore IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab DPF: {BA3ED5CB-4935-4B1C-A418-AC9CCE2275C1} - hxxp://hglobal.globalhauri.com/HProduct/LCS2p/globalhauri/CLIENT/LCS2p/web/hLcs2Pre.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.174.229.186/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4a1necbi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/ . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2013-01-20 19:52 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1409082233-920026266-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,e8,4d,fd,ca,e6,20,4c,a8,94,f2,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,d7,f7,bf,bc,23,28,42,84,ff,aa,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1412) c:\windows\system32\avldr.dll . - - - - - - - > 'explorer.exe'(19480) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll . Completion time: 2013-01-20 19:56:37 ComboFix-quarantined-files.txt 2013-01-20 19:56 ComboFix2.txt 2013-01-20 09:42 . Pre-Run: 18,229,067,776 bytes free Post-Run: 18,211,356,672 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 3A5DA2DD7D264B2FE78581E993BAF15F
	to forum · permalink · 2013-01-20 15:47:56 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5 1 edit	Do you know what this program is? c:\program files\wellgoodforyou We need to make sure you have the most recent version of ComboFix. Delete your current copy of ComboFix.exe. Download ComboFix© by sUBs from one of these links: `http://download.bleepingcomputer.com/sUBs/ComboFix.exe` `http://www.forospyware.com/sUBs/ComboFix.exe` Save the file to your Desktop. Close any open browsers. Close your AntiVirus and any anti-spyware programs you may be running. For this next step, please ensure that ComboFix.exe is on your desktop: Please open Notepad Do Not Use Wordpad! (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text below between the two lines: Save this as "CFScript.txt" and change the "Save as type" to "All Files" and place it on your desktop. quote: ADS:: C:\Documents and Settings\All Users\Application Data\TEMP Save this as CFScript.txt, in the same location as ComboFix.exe Referring to the picture above, drag CFScript into ComboFix.exe When finished, it will produce a log for you at C:\ComboFix.txt. Please post that log in your next reply. Since you had trouble running Kaspersky Rescude Disk, let's try this instead: Download the Sophos Virus Removal Tool and save it to your desktop: - Be sure to view the 3 short How-to videos on that page. - Double-click Sophos Virus Removal Tool.exe. The installation files will extract and the installer will automatically run. - Follow the prompts to accept the license agreement, and accept the default location. - A message will appear "InstallShield Wizard Completed". - Click 'Finish' to start the program. - After it updates and a "Start Scanning" button appears in the lower right: -- Disconnect from the Internet or physically unplug you Internet cable connection. -- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver. -- Temporarily disable your anti-virus and real-time anti-spyware protection. - Click the "Start Scanning" button in the lower right to start the scan. - After starting the scan, do not use the computer until the scan has completed. - When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish. - When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet. - A log will be in the following location: --Vista and above: C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log --for 64-bit C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log --2000/XP/Server 2003: C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log Please post the log in your next reply, along with the log from ComboFix, and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-20 19:01:02 ·
veryfat join:2013-01-17 BR1 3EW	Thank-you "TheJoker", Oh dear. Yet again all did not go as you requested. However first an apology for the spelling errors in the previous post. The program "wellgoodforyou" is MalwareBytes; changed the name to get MalwareBytes to work. Sophos could not update (as you can see in the log). The computer was connected to the internet. I wondered if Panda was blocking connection, but neither putting Sophos into the whitelist or disabling Panda seemed to allow Sophos to gain access to update. So, I am very obliged if you could advise me further. ComboFix 13-01-17.04 - Administrator 01/21/2013 5:24.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.244 [GMT 0:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt AV: Panda Internet Security 2012 Enabled/Updated {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2012 Enabled {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . . ((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 ))))))))))))))))))))))))))))))) . . 2013-01-21 05:07 . 2013-01-21 05:07 -------- d-----w- c:\windows\LastGood 2013-01-19 08:52 . 2013-01-19 12:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0 2013-01-17 23:34 . 2013-01-17 23:34 -------- d-----w- c:\program files\Mozilla Maintenance Service 2013-01-17 23:25 . 2013-01-17 23:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla 2013-01-17 22:45 . 2013-01-17 22:45 -------- d-----w- c:\program files\ESET 2013-01-16 21:45 . 2013-01-16 21:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2013-01-16 15:31 . 2013-01-16 15:33 -------- d-----w- c:\program files\wellgoodforyou 2013-01-16 13:51 . 2013-01-16 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup 2013-01-16 08:09 . 2013-01-16 08:09 -------- d--h--w- c:\windows\system32\GroupPolicy 2013-01-16 01:10 . 2013-01-16 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2013-01-16 00:49 . 2013-01-16 00:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2013-01-16 00:36 . 2013-01-16 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2013-01-16 00:36 . 2013-01-16 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-16 00:36 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-15 11:04 . 2013-01-15 11:04 -------- d-----w- c:\program files\Rising 2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\windows\system32\LcSkin 2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\program files\HAURI 2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\SparkTrust 2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure 2013-01-15 10:20 . 2013-01-15 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust 2013-01-13 23:40 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll 2013-01-13 23:40 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll 2013-01-13 11:25 . 2009-09-27 09:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2013-01-13 11:25 . 2005-07-14 12:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll 2013-01-13 11:25 . 2004-02-22 10:11 719872 ----a-w- c:\windows\system32\devil.dll 2013-01-13 11:25 . 2004-01-25 00:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2013-01-13 11:25 . 2013-01-13 11:25 -------- d-----w- c:\program files\AviSynth 2.5 2013-01-13 10:55 . 2013-01-16 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc 2013-01-13 10:50 . 2013-01-13 10:50 -------- d-----w- c:\program files\eRightSoft 2013-01-13 10:30 . 2013-01-13 10:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TrafficSpaceLLC 2013-01-13 10:28 . 2013-01-13 10:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IAC 2013-01-07 07:15 . 2013-01-07 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Software 2013-01-06 20:00 . 2013-01-21 05:08 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2013-01-06 19:56 . 2013-01-06 19:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security 2013-01-06 19:51 . 2013-01-13 10:59 243600 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2013-01-06 19:51 . 2009-09-25 14:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2013-01-06 19:51 . 2009-09-25 14:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2013-01-06 19:51 . 2010-09-09 16:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys 2013-01-06 19:51 . 2011-01-31 16:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2013-01-06 19:51 . 2009-09-25 14:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2013-01-06 19:51 . 2009-09-25 14:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2013-01-06 19:50 . 2013-01-06 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup 2013-01-06 19:50 . 2010-06-22 18:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys 2013-01-06 19:50 . 2007-03-15 19:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl 2013-01-06 19:48 . 2005-04-03 23:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll 2013-01-06 19:48 . 2005-04-03 23:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll 2013-01-06 19:48 . 2005-04-03 23:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll 2013-01-06 19:48 . 2005-04-03 23:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll 2013-01-06 19:48 . 2005-04-03 22:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe 2013-01-06 19:48 . 2013-01-06 19:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll 2013-01-06 19:48 . 2013-01-06 19:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll 2013-01-06 19:48 . 2013-01-06 19:48 -------- d-----w- c:\program files\Common Files\Panda Security 2013-01-06 19:48 . 2011-02-21 14:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2013-01-06 19:48 . 2010-05-06 17:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys 2012-12-30 18:10 . 2012-12-30 18:10 -------- d-----w- c:\program files\Common Files\Skype 2012-12-30 14:57 . 2002-12-10 17:51 179712 ----a-w- c:\windows\system32\drivers\LVSVF.dll 2012-12-30 14:27 . 2012-12-30 14:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\GoforFiles 2012-12-30 14:27 . 2013-01-02 14:42 -------- d-----w- c:\program files\GoforFiles 2012-12-30 14:16 . 2013-01-02 12:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-08 23:55 . 2012-04-08 04:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-08 23:55 . 2011-06-22 11:11 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll 2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys 2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll 2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll 2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec 2013-01-05 03:45 . 2013-01-17 23:34 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2006-05-03 11:06 163328 --sha-r- c:\windows\system32\flvDX.dll 2007-02-21 12:47 31232 --sha-r- c:\windows\system32\msfDX.dll 2008-03-16 14:30 216064 --sha-r- c:\windows\system32\nbDX.dll 2010-01-07 00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976] "EPSON Stylus C84 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-14 198160] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 12:55 55552 ----a-w- c:\windows\system32\avldr.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr] 2010-07-01 13:27 4862720 ----a-w- c:\program files\BOINC\boincmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray] 2010-07-01 13:27 58112 ----a-w- c:\program files\BOINC\boinctray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] 2002-12-10 18:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] 2002-12-10 18:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair] 2004-12-14 18:57 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray] 2004-12-14 18:51 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] 2002-12-10 17:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] 2005-08-09 14:28 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-05-26 17:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon] 2002-04-17 10:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion] 2009-12-08 14:51 774144 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2009-03-14 18:05 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= . R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/6/2013 7:50 PM 26696] R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [7/29/2012 8:52 PM 65848] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [1/6/2013 7:51 PM 83528] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [1/6/2013 7:51 PM 53256] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [1/6/2013 7:51 PM 22024] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [1/6/2013 7:51 PM 193864] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [1/6/2013 7:51 PM 159112] R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2/26/2010 10:09 AM 390528] R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/26/2012 9:41 AM 272216] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/6/2013 7:48 PM 37448] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [1/6/2013 7:51 PM 46856] R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [1/6/2013 7:49 PM 59080] R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/6/2013 7:48 PM 163848] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [1/6/2013 7:50 PM 28992] R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256] R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [1/6/2013 8:00 PM 13880] R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [1/6/2013 7:49 PM 201032] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/2/2009 10:30 AM 47360] S1 RapportEI;RapportEI;\??\c:\program files\Trusteer\Rapport\bin\RapportEI.sys --> c:\program files\Trusteer\Rapport\bin\RapportEI.sys [?] S1 RapportPG;RapportPG;\??\c:\program files\Trusteer\Rapport\bin\RapportPG.sys --> c:\program files\Trusteer\Rapport\bin\RapportPG.sys [?] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944] S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568] S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/30/2012 2:17 PM 21520] S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [10/10/2010 3:53 PM 86824] S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [10/10/2010 3:53 PM 15016] S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [10/10/2010 3:53 PM 114728] S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [10/10/2010 3:53 PM 106208] S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [10/10/2010 3:53 PM 26024] S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [10/10/2010 3:53 PM 104744] S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [10/10/2010 3:53 PM 109864] . Contents of the 'Scheduled Tasks' folder . 2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:56] . 2013-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . 2013-01-07 c:\windows\Tasks\At1.job - c:\program files\Panda Security\Panda Internet Security 2012\PAVJOBS.EXE [2013-01-06 20:18] . 2013-01-21 c:\windows\Tasks\ConfigExec.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09] . 2012-02-09 c:\windows\Tasks\DataUpload.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09] . 2013-01-20 c:\windows\Tasks\User_Feed_Synchronization-{9E667F2B-B8D3-4366-94D1-B30637EB192A}.job - c:\windows\system32\msfeedssync.exe [2007-08-13 04:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.bbc.co.uk/ uInternet Connection Wizard,ShellNext = iexplore IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab DPF: {BA3ED5CB-4935-4B1C-A418-AC9CCE2275C1} - hxxp://hglobal.globalhauri.com/HProduct/LCS2p/globalhauri/CLIENT/LCS2p/web/hLcs2Pre.cab DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.174.229.186/activex/AMC.cab FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4a1necbi.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/ . . ************************************************************************ . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »www.gmer.net Rootkit scan 2013-01-21 05:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1409082233-920026266-682003330-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7b,e8,4d,fd,ca,e6,20,4c,a8,94,f2,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,d7,f7,bf,bc,23,28,42,84,ff,aa,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1464) c:\windows\system32\avldr.dll . - - - - - - - > 'explorer.exe'(17200) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll . Completion time: 2013-01-21 05:44:41 ComboFix-quarantined-files.txt 2013-01-21 05:44 ComboFix2.txt 2013-01-20 19:56 ComboFix3.txt 2013-01-20 09:42 . Pre-Run: 17,698,459,648 bytes free Post-Run: 17,684,103,168 bytes free . - - End Of File - - F9B5BD0B0130F43A5BE4878C33FF1F28 2013-01-21 08:04:08 Sophos Virus Removal Tool version 2.3 2013-01-21 08:04:08 Copyright (c) 2009-2012 Sophos Limited. All rights reserved. 2013-01-21 08:04:08 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-01-21 08:04:08 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 2013-01-21 08:04:08 Checking for updates... 2013-01-21 08:04:24 Update progress: proxy server not available 2013-01-21 08:04:27 Update error: failed to read remote metadata (error 4) Cannot locate server for »dci.sophosupd.com/update/0/db/0d···a205.xml 2013-01-21 08:04:36 Option all = no 2013-01-21 08:04:36 Option recurse = yes 2013-01-21 08:04:36 Option archive = no 2013-01-21 08:04:36 Option service = yes 2013-01-21 08:04:36 Option confirm = yes 2013-01-21 08:04:36 Option sxl = yes 2013-01-21 08:04:36 Option max-data-age = 35 2013-01-21 08:04:36 Component SVRTcli.exe version 2.3 2013-01-21 08:04:36 Component control.dll version 2.3 2013-01-21 08:04:36 Component SVRTservice.exe version 2.3 2013-01-21 08:04:36 Component engine\osdp.dll version 1.44.0.2040 2013-01-21 08:04:36 Component engine\veex.dll version 3.39.0.2040 2013-01-21 08:04:36 Component engine\savi.dll version 7.5.11.2040 2013-01-21 08:04:36 Component rkdisk.dll version 1.5.30.0 2013-01-21 08:04:36 Version info: Product version 2.3 2013-01-21 08:04:36 Version info: Detection engine 3.39.0 2013-01-21 08:04:36 Version info: Detection data 4.85 2013-01-21 08:04:36 Version info: Build date 1/7/2013 2013-01-21 08:04:36 Version info: Data files added 333 2013-01-21 08:04:36 Version info: Last successful update (not yet updated) 2013-01-21 08:15:17 Scan completed. 2013-01-21 08:15:17 ------------------------------------------------------------ 2013-01-21 08:15:31 Sophos Virus Removal Tool version 2.3 2013-01-21 08:15:31 Copyright (c) 2009-2012 Sophos Limited. All rights reserved. 2013-01-21 08:15:31 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-01-21 08:15:31 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 2013-01-21 08:15:31 Checking for updates... 2013-01-21 08:15:45 Update progress: proxy server not available 2013-01-21 08:15:48 Update error: failed to read remote metadata (error 4) Cannot locate server for »dci.sophosupd.com/update/0/db/0d···a205.xml 2013-01-21 08:16:00 Option all = no 2013-01-21 08:16:00 Option recurse = yes 2013-01-21 08:16:00 Option archive = no 2013-01-21 08:16:00 Option service = yes 2013-01-21 08:16:00 Option confirm = yes 2013-01-21 08:16:00 Option sxl = yes 2013-01-21 08:16:00 Option max-data-age = 35 2013-01-21 08:16:00 Component SVRTcli.exe version 2.3 2013-01-21 08:16:00 Component control.dll version 2.3 2013-01-21 08:16:00 Component SVRTservice.exe version 2.3 2013-01-21 08:16:00 Component engine\osdp.dll version 1.44.0.2040 2013-01-21 08:16:00 Component engine\veex.dll version 3.39.0.2040 2013-01-21 08:16:00 Component engine\savi.dll version 7.5.11.2040 2013-01-21 08:16:01 Component rkdisk.dll version 1.5.30.0 2013-01-21 08:16:01 Version info: Product version 2.3 2013-01-21 08:16:01 Version info: Detection engine 3.39.0 2013-01-21 08:16:01 Version info: Detection data 4.85 2013-01-21 08:16:01 Version info: Build date 1/7/2013 2013-01-21 08:16:01 Version info: Data files added 333 2013-01-21 08:16:01 Version info: Last successful update (not yet updated) 2013-01-21 08:16:08 Scan completed. 2013-01-21 08:16:08 ------------------------------------------------------------ 2013-01-21 08:16:27 Sophos Virus Removal Tool version 2.3 2013-01-21 08:16:27 Copyright (c) 2009-2012 Sophos Limited. All rights reserved. 2013-01-21 08:16:27 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them. 2013-01-21 08:16:27 Windows version 5.1 SP 3.0 Service Pack 3 build 2600 SM=0x100 PT=0x1 Win32 2013-01-21 08:16:27 Checking for updates... 2013-01-21 08:16:30 Update progress: proxy server not available 2013-01-21 08:16:34 Update error: failed to read remote metadata (error 4) Cannot locate server for »dci.sophosupd.com/update/0/db/0d···a205.xml 2013-01-21 08:16:42 Option all = no 2013-01-21 08:16:42 Option recurse = yes 2013-01-21 08:16:42 Option archive = no 2013-01-21 08:16:42 Option service = yes 2013-01-21 08:16:42 Option confirm = yes 2013-01-21 08:16:42 Option sxl = yes 2013-01-21 08:16:42 Option max-data-age = 35 2013-01-21 08:16:42 Component SVRTcli.exe version 2.3 2013-01-21 08:16:42 Component control.dll version 2.3 2013-01-21 08:16:42 Component SVRTservice.exe version 2.3 2013-01-21 08:16:42 Component engine\osdp.dll version 1.44.0.2040 2013-01-21 08:16:42 Component engine\veex.dll version 3.39.0.2040 2013-01-21 08:16:42 Component engine\savi.dll version 7.5.11.2040 2013-01-21 08:16:42 Component rkdisk.dll version 1.5.30.0 2013-01-21 08:16:42 Version info: Product version 2.3 2013-01-21 08:16:42 Version info: Detection engine 3.39.0 2013-01-21 08:16:42 Version info: Detection data 4.85 2013-01-21 08:16:42 Version info: Build date 1/7/2013 2013-01-21 08:16:42 Version info: Data files added 333 2013-01-21 08:16:42 Version info: Last successful update (not yet updated) 2013-01-21 08:17:41 Couldn't apply option 'SXLLiveProtection' to the detection engine. 2013-01-21 08:31:00 Could not open C:\hiberfil.sys 2013-01-21 09:50:32 Scan completed. 2013-01-21 09:50:32 ------------------------------------------------------------
	to forum · permalink · 2013-01-21 05:30:08 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5 1 edit	Lets try a different bootable antivirus rescue disc. The Bitdefender Rescue Disk is a bootable CD based version of Bitdefender Antivirus. The download is in ISO format. If you are not sure how to burn an image, please read How to write a CD/DVD image or ISO. If you need a FREE utility to burn the ISO image, download and use ImgBurn. There is a tutorial on running Bitdefender rescue disk here: »www.howtogeek.com/howto/36677/ho···cted-pc/ Download the Bitdefender Rescue Disk: `http://download.bitdefender.com/rescue_cd/bitdefender-rescue-cd.iso` - Burn the Bitdefender Rescue Disk ISO image to CD. - Insert the Bitdefender Rescue Disk CD into your CD/DVD drive and boot the computer (you may need to change the boot sequence in your system's BIOS to boot from the CD/DVD drive). - Select "Start Bitdefender Rescue CD in English", then press Enter. - Once the graphical interface starts, select "Continue". - Bitdefender Update will start automatically. - When finished updating, scanning will start automatically. - When finished scanning, if threats were detected, double-click the Desktop icon "Scan Logs". - In the window that opens, double-click the log file and open it with Firefox browser. - To save the log, go to File > Save Page As, enter a file name you will remember such as BDSCAN.TXT, then in the "Save in folder" field select your system drive, and click "Save". - The log will save in the root of your system drive (C:\). - Close the scanner, Restart your system, and post the log in your next reply and note any errors encountered. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-21 12:03:55 ·
veryfat join:2013-01-17 BR1 3EW	I have made the CD and tried it on the computer, but after the prompt screen to choose the language, the program seems to start and the VDU shows an image (difficult to describe, but something like a cross-section of a plane wing with a red honeycomb ventral part and flames covering the outer ventral area with water over the dorsal outer area). There is very little modem LED flickering while the CD spins fast, but then the VDU goes blank and the CD seems to stop spinning. No other signs of "life". Left in this state for around 15 minutes. So I decided to try and close the computer, but the action of a single press to the on/off button does nothing. I needed to press and hold the on/off button to force the computer to stop. I wondered if chatting live could help to solve what to me seems a big hidden problem this computer has. if you agree, then I am not at work Tuesday, so could be available anytime. I am in The United Kingdom and so I am thinking the time difference between us is at least 5 hours.
	to forum · permalink · 2013-01-21 18:12:12 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	quote: I have made the CD and tried it on the computer, but after the prompt screen to choose the language, the program seems to start and the VDU shows an image (difficult to describe, but something like a cross-section of a plane wing with a red honeycomb ventral part and flames covering the outer ventral area with water over the dorsal outer area). That's what it looks like (sort of hard to describe other than as spiffy graphic). I have the same issue with ending the program, having to do a hard boot. After going back and rereading what you said about Kaspersky Rescue Disk when you ran it in text mode, I think you were successful, you just weren't able to find where you saved the log. So we'll move on from the scanning from a bootable CD. Please download tdsskiller.exe and save it to your Desktop `http://support.kaspersky.com/downloads/utils/tdsskiller.exe` Go here for information: »www.bleepingcomputer.com/virus-r···sskiller - Double-click on TDSSKiller.exe to run the application. - Click on the Start Scan button and wait for the scan and disinfection process to be over. - If an infected file is detected, the default action will be Cure, click on Continue - If a suspicious file is detected, the default action will be Skip, click on Continue - If you are asked to reboot the computer to complete the process, click on the Reboot Now button. -- A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). - Please copy and paste the contents of that file in your next reply. - If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-21 18:30:06 ·
veryfat join:2013-01-17 BR1 3EW	Thank-you "TheJoker", Yippppyyyy! Everything went just as you asked and said, for once. To me though, the only bad part is that there was nothing found. So, I am very obliged if you could advise me further. 06:22:08.0703 3332 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 06:22:09.0156 3332 ============================================================ 06:22:09.0156 3332 Current date / time: 2013/01/22 06:22:09.0156 06:22:09.0156 3332 SystemInfo: 06:22:09.0156 3332 06:22:09.0156 3332 OS Version: 5.1.2600 ServicePack: 3.0 06:22:09.0156 3332 Product type: Workstation 06:22:09.0156 3332 ComputerName: COMPAQ-D510-SFF 06:22:09.0156 3332 UserName: Administrator 06:22:09.0156 3332 Windows directory: C:\WINDOWS 06:22:09.0156 3332 System windows directory: C:\WINDOWS 06:22:09.0156 3332 Processor architecture: Intel x86 06:22:09.0156 3332 Number of processors: 1 06:22:09.0156 3332 Page size: 0x1000 06:22:09.0156 3332 Boot type: Normal boot 06:22:09.0156 3332 ============================================================ 06:22:11.0140 3332 Drive \Device\Harddisk0\DR0 - Size: 0x98AA97E00 (38.17 Gb), SectorSize: 0x200, Cylinders: 0x14AD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000054 06:22:11.0156 3332 ============================================================ 06:22:11.0156 3332 \Device\Harddisk0\DR0: 06:22:11.0156 3332 MBR partitions: 06:22:11.0156 3332 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x4C4EE81 06:22:11.0156 3332 ============================================================ 06:22:11.0187 3332 C: \Device\Harddisk0\DR0\Partition1 06:22:11.0187 3332 ============================================================ 06:22:11.0187 3332 Initialize success 06:22:11.0187 3332 ============================================================ 06:22:31.0171 2836 ============================================================ 06:22:31.0171 2836 Scan started 06:22:31.0171 2836 Mode: Manual; 06:22:31.0171 2836 ============================================================ 06:22:31.0843 2836 ================ Scan system memory ======================== 06:22:31.0859 2836 System memory - ok 06:22:31.0875 2836 ================ Scan services ============================= 06:22:32.0000 2836 Abiosdsk - ok 06:22:32.0031 2836 abp480n5 - ok 06:22:32.0093 2836 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys 06:22:32.0109 2836 ACPI - ok 06:22:32.0171 2836 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys 06:22:32.0171 2836 ACPIEC - ok 06:22:32.0250 2836 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe 06:22:32.0250 2836 AdobeFlashPlayerUpdateSvc - ok 06:22:32.0281 2836 adpu160m - ok 06:22:32.0343 2836 [ E696E749BEDCDA8B23757B8B5EA93780 ] aeaudio C:\WINDOWS\system32\drivers\aeaudio.sys 06:22:32.0343 2836 aeaudio - ok 06:22:32.0390 2836 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys 06:22:32.0390 2836 aec - ok 06:22:32.0453 2836 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys 06:22:32.0453 2836 AFD - ok 06:22:32.0531 2836 [ 0EBB674888CBDEFD5773341C16DD6A07 ] AFS2K C:\WINDOWS\system32\drivers\AFS2K.sys 06:22:32.0531 2836 AFS2K - ok 06:22:32.0546 2836 Aha154x - ok 06:22:32.0578 2836 aic78u2 - ok 06:22:32.0593 2836 aic78xx - ok 06:22:32.0656 2836 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll 06:22:32.0656 2836 Alerter - ok 06:22:32.0718 2836 AliIde - ok 06:22:32.0781 2836 [ EF9DD27AA5A3BAAF2FD2B44C08A3E622 ] AmFSM C:\WINDOWS\system32\DRIVERS\amm8651.sys 06:22:32.0781 2836 AmFSM - ok 06:22:32.0796 2836 amsint - ok 06:22:32.0859 2836 [ 6B467E791EC470D010BD50E5E98BF467 ] APPFLT C:\WINDOWS\system32\Drivers\APPFLT.SYS 06:22:32.0859 2836 APPFLT - ok 06:22:32.0968 2836 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliand C:\WINDOWS\system32\DRIVERS\appliand.sys 06:22:32.0968 2836 appliand - ok 06:22:32.0984 2836 [ 69370F2E2827FFBA910D0BFA9E62E484 ] appliandMP C:\WINDOWS\system32\DRIVERS\appliand.sys 06:22:32.0984 2836 appliandMP - ok 06:22:33.0046 2836 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll 06:22:33.0046 2836 AppMgmt - ok 06:22:33.0078 2836 asc - ok 06:22:33.0093 2836 asc3350p - ok 06:22:33.0125 2836 asc3550 - ok 06:22:33.0234 2836 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 06:22:33.0312 2836 aspnet_state - ok 06:22:33.0359 2836 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys 06:22:33.0359 2836 AsyncMac - ok 06:22:33.0421 2836 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys 06:22:33.0421 2836 atapi - ok 06:22:33.0468 2836 Atdisk - ok 06:22:33.0515 2836 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys 06:22:33.0531 2836 Atmarpc - ok 06:22:33.0781 2836 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll 06:22:33.0781 2836 AudioSrv - ok 06:22:33.0828 2836 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys 06:22:33.0843 2836 audstub - ok 06:22:33.0906 2836 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys 06:22:33.0906 2836 Beep - ok 06:22:34.0000 2836 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll 06:22:34.0093 2836 BITS - ok 06:22:34.0156 2836 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll 06:22:34.0156 2836 Browser - ok 06:22:34.0281 2836 catchme - ok 06:22:34.0343 2836 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys 06:22:34.0343 2836 cbidf2k - ok 06:22:34.0390 2836 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 06:22:34.0390 2836 CCDECODE - ok 06:22:34.0421 2836 cd20xrnt - ok 06:22:34.0484 2836 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys 06:22:34.0484 2836 Cdaudio - ok 06:22:34.0546 2836 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys 06:22:34.0546 2836 Cdfs - ok 06:22:34.0609 2836 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys 06:22:34.0625 2836 Cdrom - ok 06:22:34.0640 2836 Changer - ok 06:22:34.0687 2836 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe 06:22:34.0687 2836 CiSvc - ok 06:22:34.0734 2836 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe 06:22:34.0734 2836 ClipSrv - ok 06:22:34.0781 2836 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 06:22:34.0875 2836 clr_optimization_v2.0.50727_32 - ok 06:22:34.0906 2836 CmdIde - ok 06:22:34.0953 2836 [ D9C33E68F61F27D8206F65B0190DC5CF ] ComFiltr C:\WINDOWS\system32\DRIVERS\COMFiltr.sys 06:22:34.0953 2836 ComFiltr - ok 06:22:34.0968 2836 COMSysApp - ok 06:22:35.0015 2836 Cpqarray - ok 06:22:35.0078 2836 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll 06:22:35.0078 2836 CryptSvc - ok 06:22:35.0093 2836 dac2w2k - ok 06:22:35.0125 2836 dac960nt - ok 06:22:35.0218 2836 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll 06:22:35.0250 2836 DcomLaunch - ok 06:22:35.0312 2836 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll 06:22:35.0312 2836 Dhcp - ok 06:22:35.0375 2836 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys 06:22:35.0375 2836 Disk - ok 06:22:35.0406 2836 dmadmin - ok 06:22:35.0484 2836 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys 06:22:35.0531 2836 dmboot - ok 06:22:35.0562 2836 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\DRIVERS\dmio.sys 06:22:35.0562 2836 dmio - ok 06:22:35.0609 2836 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys 06:22:35.0609 2836 dmload - ok 06:22:35.0671 2836 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll 06:22:35.0671 2836 dmserver - ok 06:22:35.0734 2836 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys 06:22:35.0750 2836 DMusic - ok 06:22:35.0796 2836 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll 06:22:35.0812 2836 Dnscache - ok 06:22:35.0890 2836 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll 06:22:35.0890 2836 Dot3svc - ok 06:22:35.0921 2836 dpti2o - ok 06:22:35.0984 2836 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys 06:22:35.0984 2836 drmkaud - ok 06:22:36.0031 2836 [ 5BB0F91FFD84057D094D106D9FF53298 ] DSAFLT C:\WINDOWS\system32\Drivers\DSAFLT.SYS 06:22:36.0031 2836 DSAFLT - ok 06:22:36.0109 2836 [ 83403675CAB29E7A4B885B11E7C855D8 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys 06:22:36.0125 2836 E100B - ok 06:22:36.0187 2836 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll 06:22:36.0187 2836 EapHost - ok 06:22:36.0250 2836 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll 06:22:36.0250 2836 ERSvc - ok 06:22:36.0312 2836 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe 06:22:36.0312 2836 Eventlog - ok 06:22:36.0390 2836 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll 06:22:36.0406 2836 EventSystem - ok 06:22:36.0437 2836 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys 06:22:36.0453 2836 Fastfat - ok 06:22:36.0515 2836 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll 06:22:36.0531 2836 FastUserSwitchingCompatibility - ok 06:22:36.0593 2836 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys 06:22:36.0593 2836 Fdc - ok 06:22:36.0656 2836 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys 06:22:36.0656 2836 Fips - ok 06:22:36.0687 2836 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys 06:22:36.0703 2836 Flpydisk - ok 06:22:36.0765 2836 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys 06:22:36.0765 2836 FltMgr - ok 06:22:36.0828 2836 [ A38B9BA7A4C17F7DCE9EC4E8F7870026 ] FNETMON C:\WINDOWS\system32\Drivers\fnetmon.SYS 06:22:36.0828 2836 FNETMON - ok 06:22:36.0968 2836 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 06:22:36.0968 2836 FontCache3.0.0.0 - ok 06:22:37.0000 2836 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys 06:22:37.0000 2836 Fs_Rec - ok 06:22:37.0031 2836 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys 06:22:37.0046 2836 Ftdisk - ok 06:22:37.0093 2836 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys 06:22:37.0109 2836 Gpc - ok 06:22:37.0203 2836 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll 06:22:37.0203 2836 helpsvc - ok 06:22:37.0265 2836 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll 06:22:37.0265 2836 HidServ - ok 06:22:37.0328 2836 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys 06:22:37.0328 2836 HidUsb - ok 06:22:37.0390 2836 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll 06:22:37.0390 2836 hkmsvc - ok 06:22:37.0421 2836 hpn - ok 06:22:37.0484 2836 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys 06:22:37.0500 2836 HTTP - ok 06:22:37.0546 2836 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll 06:22:37.0562 2836 HTTPFilter - ok 06:22:37.0578 2836 i2omgmt - ok 06:22:37.0609 2836 i2omp - ok 06:22:37.0656 2836 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys 06:22:37.0656 2836 i8042prt - ok 06:22:37.0765 2836 [ 44B7D5A4F2BD9FE21AEA0BB0BACE38C4 ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 06:22:37.0796 2836 ialm - ok 06:22:37.0890 2836 [ C4E887CF7BA2D3624233231AECD34C9D ] IDSFLT C:\WINDOWS\system32\Drivers\IDSFLT.SYS 06:22:37.0906 2836 IDSFLT - ok 06:22:38.0078 2836 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 06:22:38.0156 2836 idsvc - ok 06:22:38.0187 2836 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys 06:22:38.0187 2836 Imapi - ok 06:22:38.0281 2836 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe 06:22:38.0312 2836 ImapiService - ok 06:22:38.0343 2836 ini910u - ok 06:22:38.0390 2836 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys 06:22:38.0390 2836 IntelIde - ok 06:22:38.0437 2836 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys 06:22:38.0453 2836 intelppm - ok 06:22:38.0500 2836 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys 06:22:38.0500 2836 Ip6Fw - ok 06:22:38.0562 2836 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 06:22:38.0562 2836 IpFilterDriver - ok 06:22:38.0609 2836 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys 06:22:38.0609 2836 IpInIp - ok 06:22:38.0656 2836 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys 06:22:38.0671 2836 IpNat - ok 06:22:38.0718 2836 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys 06:22:38.0734 2836 IPSec - ok 06:22:38.0765 2836 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys 06:22:38.0765 2836 IRENUM - ok 06:22:38.0906 2836 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys 06:22:38.0906 2836 isapnp - ok 06:22:39.0046 2836 [ 381B25DC8E958D905B33130D500BBF29 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe 06:22:39.0046 2836 JavaQuickStarterService - ok 06:22:39.0078 2836 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys 06:22:39.0078 2836 Kbdclass - ok 06:22:39.0156 2836 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys 06:22:39.0187 2836 kbdhid - ok 06:22:39.0218 2836 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys 06:22:39.0265 2836 kmixer - ok 06:22:39.0312 2836 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys 06:22:39.0312 2836 KSecDD - ok 06:22:40.0125 2836 [ 70CEEFE43CB746DD04A884C84A7EBAA3 ] KService C:\Program Files\Kontiki\KService.exe 06:22:40.0890 2836 KService - ok 06:22:40.0953 2836 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll 06:22:40.0968 2836 lanmanserver - ok 06:22:41.0015 2836 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll 06:22:41.0031 2836 lanmanworkstation - ok 06:22:41.0046 2836 lbrtfdc - ok 06:22:41.0156 2836 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll 06:22:41.0156 2836 LmHosts - ok 06:22:41.0218 2836 [ BA3A549EF15B18144F2D0BE154308BE7 ] LVUSBSta C:\WINDOWS\system32\drivers\lvusbsta.sys 06:22:41.0281 2836 LVUSBSta - ok 06:22:41.0453 2836 [ DDF15A42E27E8EFE27B18FD403151A86 ] MatSvc C:\Program Files\Microsoft Fix it Center\Matsvc.exe 06:22:41.0484 2836 MatSvc - ok 06:22:41.0593 2836 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll 06:22:41.0593 2836 Messenger - ok 06:22:41.0640 2836 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys 06:22:41.0640 2836 mnmdd - ok 06:22:41.0718 2836 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe 06:22:41.0734 2836 mnmsrvc - ok 06:22:41.0781 2836 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys 06:22:41.0781 2836 Modem - ok 06:22:41.0828 2836 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys 06:22:41.0843 2836 Mouclass - ok 06:22:41.0921 2836 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys 06:22:41.0921 2836 mouhid - ok 06:22:42.0000 2836 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys 06:22:42.0015 2836 MountMgr - ok 06:22:42.0109 2836 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 06:22:42.0109 2836 MozillaMaintenance - ok 06:22:42.0125 2836 mraid35x - ok 06:22:42.0171 2836 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys 06:22:42.0171 2836 MRxDAV - ok 06:22:42.0328 2836 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 06:22:42.0375 2836 MRxSmb - ok 06:22:42.0421 2836 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe 06:22:42.0437 2836 MSDTC - ok 06:22:42.0468 2836 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys 06:22:42.0468 2836 Msfs - ok 06:22:42.0500 2836 MSIServer - ok 06:22:42.0593 2836 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys 06:22:42.0609 2836 MSKSSRV - ok 06:22:42.0671 2836 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys 06:22:42.0671 2836 MSPCLOCK - ok 06:22:42.0703 2836 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys 06:22:42.0718 2836 MSPQM - ok 06:22:42.0750 2836 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys 06:22:42.0750 2836 mssmbios - ok 06:22:42.0828 2836 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys 06:22:42.0843 2836 MSTEE - ok 06:22:42.0968 2836 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys 06:22:42.0984 2836 Mup - ok 06:22:43.0046 2836 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 06:22:43.0062 2836 NABTSFEC - ok 06:22:43.0203 2836 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll 06:22:43.0234 2836 napagent - ok 06:22:43.0312 2836 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys 06:22:43.0343 2836 NDIS - ok 06:22:43.0406 2836 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys 06:22:43.0406 2836 NdisIP - ok 06:22:43.0484 2836 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys 06:22:43.0484 2836 NdisTapi - ok 06:22:43.0546 2836 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys 06:22:43.0546 2836 Ndisuio - ok 06:22:43.0578 2836 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys 06:22:43.0578 2836 NdisWan - ok 06:22:43.0640 2836 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys 06:22:43.0656 2836 NDProxy - ok 06:22:43.0703 2836 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys 06:22:43.0718 2836 NetBIOS - ok 06:22:43.0812 2836 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys 06:22:43.0812 2836 NetBT - ok 06:22:43.0906 2836 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe 06:22:43.0906 2836 NetDDE - ok 06:22:43.0937 2836 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe 06:22:43.0953 2836 NetDDEdsdm - ok 06:22:43.0984 2836 [ D8F44FC13DB193C9379297973EE42272 ] NETFLTDI C:\WINDOWS\system32\Drivers\NETFLTDI.SYS 06:22:44.0000 2836 NETFLTDI - ok 06:22:44.0093 2836 [ 9DEE136C4863D5065437D07262BB5C40 ] NETIMFLT01060044 C:\WINDOWS\system32\DRIVERS\neti1644.sys 06:22:44.0187 2836 NETIMFLT01060044 - ok 06:22:44.0250 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe 06:22:44.0250 2836 Netlogon - ok 06:22:44.0468 2836 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll 06:22:44.0515 2836 Netman - ok 06:22:44.0859 2836 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 06:22:44.0906 2836 NetTcpPortSharing - ok 06:22:44.0984 2836 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll 06:22:45.0000 2836 Nla - ok 06:22:45.0031 2836 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys 06:22:45.0031 2836 Npfs - ok 06:22:45.0171 2836 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys 06:22:45.0203 2836 Ntfs - ok 06:22:45.0250 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe 06:22:45.0250 2836 NtLmSsp - ok 06:22:45.0328 2836 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll 06:22:45.0359 2836 NtmsSvc - ok 06:22:45.0406 2836 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys 06:22:45.0406 2836 Null - ok 06:22:45.0500 2836 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 06:22:45.0515 2836 NwlnkFlt - ok 06:22:45.0609 2836 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 06:22:45.0640 2836 NwlnkFwd - ok 06:22:45.0812 2836 [ 78B7642B0C51F24F0835C0226540D58B ] Panda Software Controller C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe 06:22:45.0859 2836 Panda Software Controller - ok 06:22:45.0906 2836 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys 06:22:45.0937 2836 Parport - ok 06:22:46.0000 2836 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys 06:22:46.0015 2836 PartMgr - ok 06:22:46.0093 2836 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys 06:22:46.0093 2836 ParVdm - ok 06:22:46.0171 2836 [ 55D654258A9C509B671310C314BD30B4 ] pavboot C:\WINDOWS\system32\Drivers\pavboot.sys 06:22:46.0171 2836 pavboot - ok 06:22:46.0250 2836 [ A110035FDC4B8F8F0CD5E71D031274E1 ] PavProc C:\WINDOWS\system32\DRIVERS\PavProc.sys 06:22:46.0265 2836 PavProc - ok 06:22:46.0312 2836 [ 2AE3F6B23448443BBEF5DE207159213B ] PavPrSrv C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe 06:22:46.0312 2836 PavPrSrv - ok 06:22:46.0359 2836 PavTPK.sys - ok 06:22:46.0375 2836 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys 06:22:46.0390 2836 PCI - ok 06:22:46.0406 2836 PCIDump - ok 06:22:46.0437 2836 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys 06:22:46.0453 2836 PCIIde - ok 06:22:46.0484 2836 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys 06:22:46.0500 2836 Pcmcia - ok 06:22:46.0593 2836 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys 06:22:46.0609 2836 pcouffin - ok 06:22:46.0640 2836 PDCOMP - ok 06:22:46.0656 2836 PDFRAME - ok 06:22:46.0687 2836 PDRELI - ok 06:22:46.0703 2836 PDRFRAME - ok 06:22:46.0734 2836 perc2 - ok 06:22:46.0750 2836 perc2hib - ok 06:22:46.0890 2836 [ A2B74F7DC4407BE6A20808D00AECA9DF ] PhilCam8116 C:\WINDOWS\system32\DRIVERS\CamDrL21.sys 06:22:46.0906 2836 PhilCam8116 - ok 06:22:47.0031 2836 [ A2B25662FB5FAF875CCEAD2166B5F9AD ] PID_0928 C:\WINDOWS\system32\DRIVERS\LV561AV.SYS 06:22:47.0031 2836 PID_0928 - ok 06:22:47.0093 2836 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe 06:22:47.0093 2836 PlugPlay - ok 06:22:47.0125 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe 06:22:47.0125 2836 PolicyAgent - ok 06:22:47.0187 2836 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys 06:22:47.0187 2836 PptpMiniport - ok 06:22:47.0218 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe 06:22:47.0218 2836 ProtectedStorage - ok 06:22:47.0250 2836 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys 06:22:47.0250 2836 PSched - ok 06:22:47.0390 2836 [ 532053E8E3BB8FA7166AB4E7685FDDCC ] PSHost c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE 06:22:47.0437 2836 PSHost - ok 06:22:47.0500 2836 [ 341457B79B3FC31A80C346C767045879 ] PskSvcRetail C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe 06:22:47.0500 2836 PskSvcRetail - ok 06:22:47.0546 2836 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys 06:22:47.0546 2836 Ptilink - ok 06:22:47.0625 2836 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys 06:22:47.0640 2836 PxHelp20 - ok 06:22:47.0656 2836 ql1080 - ok 06:22:47.0687 2836 Ql10wnt - ok 06:22:47.0703 2836 ql12160 - ok 06:22:47.0734 2836 ql1240 - ok 06:22:47.0765 2836 ql1280 - ok 06:22:47.0921 2836 [ E2AA111B00F5205FFD52A57F48B4F642 ] RapportBuka C:\WINDOWS\system32\drivers\RapportBuka.sys 06:22:47.0953 2836 RapportBuka - ok 06:22:48.0218 2836 [ 3AF684252780CF87DC2809F85B8F7591 ] RapportCerberus_43926 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys 06:22:48.0296 2836 RapportCerberus_43926 - ok 06:22:48.0328 2836 RapportEI - ok 06:22:48.0421 2836 [ 35199EC35EDC7DCBA71FDA711DFB05C0 ] RapportIaso c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys 06:22:48.0437 2836 RapportIaso - ok 06:22:48.0500 2836 [ 660436FBE447EBC73873EF2B0B2094B4 ] RapportKELL C:\WINDOWS\system32\Drivers\RapportKELL.sys 06:22:48.0500 2836 RapportKELL - ok 06:22:48.0531 2836 RapportPG - ok 06:22:48.0593 2836 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys 06:22:48.0593 2836 RasAcd - ok 06:22:48.0687 2836 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll 06:22:48.0687 2836 RasAuto - ok 06:22:48.0750 2836 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 06:22:48.0765 2836 Rasl2tp - ok 06:22:48.0859 2836 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll 06:22:48.0984 2836 RasMan - ok 06:22:49.0078 2836 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys 06:22:49.0093 2836 RasPppoe - ok 06:22:49.0125 2836 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys 06:22:49.0125 2836 Raspti - ok 06:22:49.0187 2836 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys 06:22:49.0203 2836 Rdbss - ok 06:22:49.0234 2836 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 06:22:49.0250 2836 RDPCDD - ok 06:22:49.0359 2836 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys 06:22:49.0406 2836 rdpdr - ok 06:22:49.0531 2836 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys 06:22:49.0546 2836 RDPWD - ok 06:22:49.0609 2836 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe 06:22:49.0625 2836 RDSessMgr - ok 06:22:49.0671 2836 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys 06:22:49.0671 2836 redbook - ok 06:22:49.0765 2836 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll 06:22:49.0765 2836 RemoteAccess - ok 06:22:49.0859 2836 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll 06:22:49.0859 2836 RemoteRegistry - ok 06:22:49.0906 2836 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe 06:22:49.0937 2836 RpcLocator - ok 06:22:50.0093 2836 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll 06:22:50.0109 2836 RpcSs - ok 06:22:50.0234 2836 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe 06:22:50.0250 2836 RSVP - ok 06:22:50.0359 2836 [ 1C5C2CB892553D2CF3F45A4BB323FCD6 ] s1018bus C:\WINDOWS\system32\DRIVERS\s1018bus.sys 06:22:50.0359 2836 s1018bus - ok 06:22:50.0390 2836 [ 38F5EA219593F19B6B3A1B9C169E3B61 ] s1018mdfl C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys 06:22:50.0406 2836 s1018mdfl - ok 06:22:50.0484 2836 [ 666AF6B64FC7DF92D3CA4819EA91631D ] s1018mdm C:\WINDOWS\system32\DRIVERS\s1018mdm.sys 06:22:50.0500 2836 s1018mdm - ok 06:22:50.0562 2836 [ F4CEDA6E2DDFF2AF8BD745615A7CA9C0 ] s1018mgmt C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys 06:22:50.0593 2836 s1018mgmt - ok 06:22:50.0656 2836 [ 3622D9FF2253DCBE885B10736609A4CA ] s1018nd5 C:\WINDOWS\system32\DRIVERS\s1018nd5.sys 06:22:50.0671 2836 s1018nd5 - ok 06:22:50.0703 2836 [ 49431EFDA842B474531C29FFAE9F5D09 ] s1018obex C:\WINDOWS\system32\DRIVERS\s1018obex.sys 06:22:50.0718 2836 s1018obex - ok 06:22:50.0750 2836 [ AC6B514CB4474F4C867D7CDC9CD54F05 ] s1018unic C:\WINDOWS\system32\DRIVERS\s1018unic.sys 06:22:50.0750 2836 s1018unic - ok 06:22:50.0796 2836 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe 06:22:50.0796 2836 SamSs - ok 06:22:50.0843 2836 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe 06:22:50.0843 2836 SCardSvr - ok 06:22:50.0937 2836 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll 06:22:50.0968 2836 Schedule - ok 06:22:51.0031 2836 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys 06:22:51.0031 2836 Secdrv - ok 06:22:51.0109 2836 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll 06:22:51.0109 2836 seclogon - ok 06:22:51.0187 2836 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll 06:22:51.0203 2836 SENS - ok 06:22:51.0234 2836 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys 06:22:51.0250 2836 serenum - ok 06:22:51.0296 2836 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys 06:22:51.0296 2836 Serial - ok 06:22:51.0390 2836 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys 06:22:51.0390 2836 Sfloppy - ok 06:22:51.0468 2836 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll 06:22:51.0515 2836 SharedAccess - ok 06:22:51.0828 2836 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll 06:22:51.0828 2836 ShellHWDetection - ok 06:22:51.0859 2836 [ 32D6F7632234F0354C79E915CA4613D4 ] ShldDrv C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys 06:22:51.0875 2836 ShldDrv - ok 06:22:51.0890 2836 Simbad - ok 06:22:52.0468 2836 [ 183F04C6742902F33039913A96F5B574 ] Skype C2C Service C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe 06:22:53.0453 2836 Skype C2C Service - ok 06:22:53.0546 2836 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 06:22:53.0562 2836 SkypeUpdate - ok 06:22:53.0656 2836 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys 06:22:53.0671 2836 SLIP - ok 06:22:53.0859 2836 [ FA3368A7039F5ABAA4B933703AC34763 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys 06:22:54.0015 2836 smwdm - ok 06:22:54.0046 2836 Sparrow - ok 06:22:54.0093 2836 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys 06:22:54.0093 2836 splitter - ok 06:22:54.0171 2836 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe 06:22:54.0171 2836 Spooler - ok 06:22:54.0234 2836 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys 06:22:54.0265 2836 sr - ok 06:22:54.0375 2836 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll 06:22:54.0390 2836 srservice - ok 06:22:54.0531 2836 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys 06:22:54.0718 2836 Srv - ok 06:22:54.0796 2836 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll 06:22:54.0812 2836 SSDPSRV - ok 06:22:54.0953 2836 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll 06:22:55.0125 2836 stisvc - ok 06:22:55.0187 2836 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys 06:22:55.0234 2836 streamip - ok 06:22:55.0296 2836 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys 06:22:55.0312 2836 swenum - ok 06:22:55.0359 2836 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys 06:22:55.0390 2836 swmidi - ok 06:22:55.0421 2836 SwPrv - ok 06:22:55.0468 2836 symc810 - ok 06:22:55.0500 2836 symc8xx - ok 06:22:55.0515 2836 sym_hi - ok 06:22:55.0546 2836 sym_u3 - ok 06:22:55.0593 2836 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys 06:22:55.0625 2836 sysaudio - ok 06:22:55.0703 2836 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe 06:22:55.0812 2836 SysmonLog - ok 06:22:56.0031 2836 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll 06:22:56.0046 2836 TapiSrv - ok 06:22:56.0140 2836 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys 06:22:56.0218 2836 Tcpip - ok 06:22:56.0265 2836 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys 06:22:56.0296 2836 TDPIPE - ok 06:22:56.0328 2836 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys 06:22:56.0359 2836 TDTCP - ok 06:22:56.0390 2836 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys 06:22:56.0406 2836 TermDD - ok 06:22:56.0484 2836 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll 06:22:56.0515 2836 TermService - ok 06:22:56.0578 2836 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll 06:22:56.0578 2836 Themes - ok 06:22:56.0640 2836 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe 06:22:56.0656 2836 TlntSvr - ok 06:22:56.0671 2836 TosIde - ok 06:22:56.0781 2836 [ F7F79FCB3331BC2DB57572E33A5A969D ] TPSrv C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe 06:22:56.0812 2836 TPSrv - ok 06:22:56.0890 2836 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll 06:22:56.0890 2836 TrkWks - ok 06:22:56.0968 2836 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys 06:22:57.0000 2836 Udfs - ok 06:22:57.0015 2836 ultra - ok 06:22:57.0343 2836 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys 06:22:57.0468 2836 Update - ok 06:22:57.0718 2836 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll 06:22:57.0734 2836 upnphost - ok 06:22:57.0796 2836 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe 06:22:57.0812 2836 UPS - ok 06:22:57.0906 2836 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys 06:22:57.0906 2836 usbaudio - ok 06:22:57.0984 2836 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys 06:22:58.0000 2836 usbccgp - ok 06:22:58.0062 2836 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys 06:22:58.0062 2836 usbehci - ok 06:22:58.0187 2836 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys 06:22:58.0187 2836 usbhub - ok 06:22:58.0250 2836 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys 06:22:58.0250 2836 usbprint - ok 06:22:58.0312 2836 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys 06:22:58.0343 2836 usbscan - ok 06:22:58.0406 2836 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 06:22:58.0406 2836 USBSTOR - ok 06:22:58.0437 2836 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys 06:22:58.0437 2836 usbuhci - ok 06:22:58.0500 2836 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys 06:22:58.0500 2836 VgaSave - ok 06:22:58.0515 2836 ViaIde - ok 06:22:58.0593 2836 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys 06:22:58.0609 2836 VolSnap - ok 06:22:58.0812 2836 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe 06:22:58.0875 2836 VSS - ok 06:22:58.0984 2836 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll 06:22:59.0000 2836 W32Time - ok 06:22:59.0062 2836 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys 06:22:59.0093 2836 Wanarp - ok 06:22:59.0125 2836 WDICA - ok 06:22:59.0171 2836 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys 06:22:59.0171 2836 wdmaud - ok 06:22:59.0250 2836 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll 06:22:59.0250 2836 WebClient - ok 06:22:59.0375 2836 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll 06:22:59.0375 2836 winmgmt - ok 06:22:59.0484 2836 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll 06:22:59.0515 2836 WmdmPmSN - ok 06:22:59.0609 2836 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll 06:22:59.0640 2836 Wmi - ok 06:22:59.0718 2836 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe 06:22:59.0734 2836 WmiApSrv - ok 06:22:59.0906 2836 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe 06:22:59.0937 2836 WMPNetworkSvc - ok 06:23:00.0015 2836 [ 0411D0433E8C48AD24B2EF32D7C97AE0 ] WNMFLT C:\WINDOWS\system32\Drivers\WNMFLT.SYS 06:23:00.0015 2836 WNMFLT - ok 06:23:00.0093 2836 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys 06:23:00.0109 2836 WpdUsb - ok 06:23:00.0171 2836 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys 06:23:00.0187 2836 WS2IFSL - ok 06:23:00.0250 2836 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll 06:23:00.0250 2836 wscsvc - ok 06:23:00.0312 2836 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 06:23:00.0312 2836 WSTCODEC - ok 06:23:00.0390 2836 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll 06:23:00.0406 2836 wuauserv - ok 06:23:00.0453 2836 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys 06:23:00.0484 2836 WudfPf - ok 06:23:00.0531 2836 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll 06:23:00.0562 2836 WudfSvc - ok 06:23:00.0671 2836 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll 06:23:00.0703 2836 WZCSVC - ok 06:23:00.0765 2836 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll 06:23:00.0781 2836 xmlprov - ok 06:23:00.0828 2836 ================ Scan global =============================== 06:23:00.0890 2836 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll 06:23:00.0937 2836 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 06:23:01.0015 2836 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll 06:23:01.0078 2836 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe 06:23:01.0078 2836 [Global] - ok 06:23:01.0093 2836 ================ Scan MBR ================================== 06:23:01.0140 2836 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0 06:23:01.0609 2836 \Device\Harddisk0\DR0 - ok 06:23:01.0609 2836 ================ Scan VBR ================================== 06:23:01.0640 2836 [ 17B690E82930A7FA4963B078F5210BD9 ] \Device\Harddisk0\DR0\Partition1 06:23:01.0640 2836 \Device\Harddisk0\DR0\Partition1 - ok 06:23:01.0656 2836 ============================================================ 06:23:01.0656 2836 Scan finished 06:23:01.0656 2836 ============================================================ 06:23:01.0687 2416 Detected object count: 0 06:23:01.0687 2416 Actual detected object count: 0
	to forum · permalink · 2013-01-22 01:33:42 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	Please download aswMBR.exe from here and save it to your Desktop. - Double click aswMBR.exe to start the tool. (Vista - Win 7 Rt click to run as Administrator) - Click Scan - Upon completion of the scan, click Save log and save it to your Desktop, and post that log in your next reply. Do NOT attempt any Fix at this time! - This will also create a file on your Desktop named MBR.dat. Please go toVirusTotal and submit the following file for a scan and post the detection results. Please post both the log from aswMBR and the results from scanning the MBR file at Virustotal. -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-22 21:03:03 ·
veryfat join:2013-01-17 BR1 3EW 1 edit	Thank-you "TheJoker", Yippppyyyy! Everything went just as you asked and said, for twice. To me though, the only bad part is that there was nothing found. So, I am very obliged if you could advise me further. aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-01-23 07:58:49 ----------------------------- 07:58:49.812 OS Version: Windows 5.1.2600 Service Pack 3 07:58:49.812 Number of processors: 1 586 0x207 07:58:49.812 ComputerName: COMPAQ-D510-SFF UserName: Administrator 07:58:50.359 Initialize success 07:59:57.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 07:59:57.812 Disk 0 Vendor: Maxtor_4D040H2 DAH017K0 Size: 39082MB BusType: 3 07:59:57.843 Disk 0 MBR read successfully 07:59:57.843 Disk 0 MBR scan 07:59:57.843 Disk 0 Windows XP default MBR code 07:59:57.843 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39069 MB offset 63 07:59:57.859 Disk 0 scanning sectors +80015040 07:59:57.921 Disk 0 scanning C:\WINDOWS\system32\drivers 08:00:10.750 Service scanning 08:00:29.359 Modules scanning 08:00:35.671 Disk 0 trace - called modules: 08:00:35.703 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS 08:00:35.703 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82fcf5e0] 08:00:35.718 3 CLASSPNP.SYS[f8791fd7] -> nt!IofCallDriver -> \Device\0000006d[0x82e9a1a0] 08:00:36.218 5 ACPI.sys[f86f8620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x82fd0d98] 08:00:36.218 Scan finished successfully 08:02:10.437 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat" 08:02:10.453 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt" × Cookies are disabled! This site requires cookies to be enabled to work properly CommunityStatisticsDocumentationFAQAboutJoin our community Sign in Analysis completed. SHA256: b1635f8bb9bdabc80b1b38200a761bb4539c75360ffa432ac99a2997f47e3353 SHA1: dc501ca382e81e2224193235e81f25d1fdf47710 MD5: 6fec7eac396c68b2368c1b9f0eb98571 File size: 512 bytes ( 512 bytes ) File name: MBR.dat File type: unknown Detection ratio: 0 / 46 Analysis date: 2013-01-23 08:20:07 UTC ( 0 minutes ago ) 00Less detailsAnalysis Comments Votes Additional information Antivirus Result Update Agnitum - 20130122 AhnLab-V3 - 20130122 AntiVir - 20130123 Antiy-AVL - 20130122 Avast - 20130123 AVG - 20130123 BitDefender - 20130123 ByteHero - 20130122 CAT-QuickHeal - 20130123 ClamAV - 20130123 Commtouch - 20130123 Comodo - 20130123 DrWeb - 20130123 Emsisoft - 20130123 eSafe - 20130120 ESET-NOD32 - 20130122 F-Prot - 20130122 F-Secure - 20130123 Fortinet - 20130123 GData - 20130123 Ikarus - 20130123 Jiangmin - 20121221 K7AntiVirus - 20130122 Kaspersky - 20130123 Kingsoft - 20130121 Malwarebytes - 20130123 McAfee - 20130123 McAfee-GW-Edition - 20130123 Microsoft - 20130123 MicroWorld-eScan - 20130123 NANO-Antivirus - 20130123 Norman - 20130122 nProtect - 20130122 Panda - 20130122 PCTools - 20130121 Rising - 20130123 Sophos - 20130123 SUPERAntiSpyware - 20130123 Symantec - 20130123 TheHacker - 20130122 TotalDefense - 20130122 TrendMicro - 20130123 TrendMicro-HouseCall - 20130123 VBA32 - 20130121 VIPRE - 20130123 ViRobot - 20130123
	to forum · permalink · 2013-01-23 03:35:19 ·
TheJoker Premium,VIP,MVM join:2001-04-26 Ruckersville, VA kudos:5	As I mentioned earlier, it sounded like you were able to successfully run Kaspersky Rescue Disk, and I don't see a sign of malware, to include your scan of the MBR. The previous scan problems may simply have been related to your connectivity after booting from the Linux based discs. Are you currently having any symptoms of an infection, such as being redirected to strange sites in your search results, or anything else? -- Proud ASAP member since 2005 Microsoft MVP/Consumer Security 2009-2010
	to forum · permalink · 2013-01-23 22:48:50 ·

Broadband Tech > Security > Security Cleanup > [Virus] Is the computer still infected?