dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
125
share rss forum feed


TheJoker
Premium,VIP,MVM
join:2001-04-26
Charlottesville, VA
kudos:5

1 recommendation

reply to veryfat

Re: [Virus] Is the computer still infected?

Please download AdwCleaner by Xplode onto your desktop.
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner

- Close all open programs and internet browsers.
- Double click on AdwCleaner.exe to run the tool.
- Click on Delete.
- Follow the prompts to reboot the computer. A text file will open after the restart.
- Please post the content of that logfile with your next answer.
- You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:
»www.bleepingcomputer.com/combofi···combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).
Please go here to see a list of programs that need to be disabled:
»www.bleepingcomputer.com/forums/···351.html

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**
**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please post the logs from AdwCleaner and ComboFix, and note any errors encountered.

--
Proud ASAP member since 2005
Microsoft MVP/Consumer Security 2009-2010

veryfat

join:2013-01-17
BR1 3EW

Thank-you "TheJoker",

Managed to do both tasks, but not quite as you requested. It seems that ComboFix felt that Panda was still working, but I disabled Panda as instructed on the ComboFix webpage (I clicked Close automatic protection and the little Panda symbol disappeared from the lower right of the screen) and when ComboFix detected that the computer had not got Windows Recovery Console and tried to download it, but could not, the computer was connected to the internet.

So, I am very obliged if you could advise me further.

# AdwCleaner v2.106 - Logfile created 01/20/2013 at 08:53:09
# Updated 17/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - COMPAQ-D510-SFF
# Boot Mode : Normal
# Running from : I:\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Administrator\Desktop\Search The Web.url
File Deleted : C:\Documents and Settings\Administrator\Desktop\sweetpcfix.url
Folder Deleted : C:\Documents and Settings\Administrator\Application Data\VideoDownloadConverter_4z
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SweetIM
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Program Files\VideoDownloadConverter_4z
Folder Deleted : C:\WINDOWS\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Folder Deleted : C:\WINDOWS\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Search
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Features\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Classes\Installer\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.HTMLMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.RadioSettings.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SettingsPlugin.1
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher
Key Deleted : HKLM\SOFTWARE\Classes\VideoDownloadConverter_4z.SkinLauncher.1
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\GamesBarSetup
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetIM
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SweetPacks Communicator
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VideoDownloadConverter_4zbar Uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{71144427-1368-4D18-8DC9-2AE3CC4C4F83}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B2FD9C0A5B9838449838816A28001F4B
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{953AA732-9AFB-49C9-84A4-7F96CA0A08DA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Deleted : HKLM\Software\SweetIM
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4a1necbi.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [18400 octets] - [20/01/2013 08:53:09]

########## EOF - C:\AdwCleaner[S1].txt - [18461 octets] ##########

ComboFix 13-01-17.04 - Administrator 01/20/2013 9:13.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.216 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Panda Internet Security 2012 *Enabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2012 *Enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\inst.exe
c:\documents and settings\Administrator\Local Settings\Application Data\bfxwansp.log
c:\documents and settings\Administrator\Local Settings\Application Data\crqixeng.log
c:\documents and settings\Administrator\Local Settings\Application Data\dsratrdd.log
c:\documents and settings\Administrator\Local Settings\Application Data\glsrfgmh.log
c:\documents and settings\Administrator\Local Settings\Application Data\nuvxtded.log
c:\documents and settings\Administrator\Local Settings\Application Data\pnmugcig.log
c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc\ayibhobs.exe
c:\documents and settings\Administrator\Local Settings\Application Data\tcfkllfe.log
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\system32\drivers\Install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-20 to 2013-01-20 )))))))))))))))))))))))))))))))
.
.
2013-01-19 08:52 . 2013-01-19 12:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2013-01-17 23:34 . 2013-01-17 23:34 -------- d-----w- c:\program files\Mozilla Maintenance Service
2013-01-17 23:25 . 2013-01-17 23:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-01-17 22:45 . 2013-01-17 22:45 -------- d-----w- c:\program files\ESET
2013-01-16 21:45 . 2013-01-16 21:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan
2013-01-16 15:31 . 2013-01-16 15:33 -------- d-----w- c:\program files\wellgoodforyou
2013-01-16 13:51 . 2013-01-16 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERSetup
2013-01-16 08:09 . 2013-01-16 08:09 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-01-16 01:10 . 2013-01-16 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-01-16 00:49 . 2013-01-16 00:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2013-01-16 00:36 . 2013-01-16 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2013-01-16 00:36 . 2013-01-16 00:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-16 00:36 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-15 11:04 . 2013-01-15 11:04 -------- d-----w- c:\program files\Rising
2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\windows\system32\LcSkin
2013-01-15 11:00 . 2013-01-15 11:00 -------- d-----w- c:\program files\HAURI
2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\SparkTrust
2013-01-15 10:21 . 2013-01-15 10:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure
2013-01-15 10:20 . 2013-01-15 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\SparkTrust
2013-01-13 23:40 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2013-01-13 23:40 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2013-01-13 11:25 . 2009-09-27 09:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2013-01-13 11:25 . 2005-07-14 12:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2013-01-13 11:25 . 2004-02-22 10:11 719872 ----a-w- c:\windows\system32\devil.dll
2013-01-13 11:25 . 2004-01-25 00:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2013-01-13 11:25 . 2013-01-13 11:25 -------- d-----w- c:\program files\AviSynth 2.5
2013-01-13 10:55 . 2013-01-16 15:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc
2013-01-13 10:50 . 2013-01-13 10:50 -------- d-----w- c:\program files\eRightSoft
2013-01-13 10:30 . 2013-01-13 10:30 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\TrafficSpaceLLC
2013-01-13 10:28 . 2013-01-13 10:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IAC
2013-01-07 07:15 . 2013-01-07 07:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Software
2013-01-06 20:00 . 2013-01-20 09:02 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2013-01-06 19:56 . 2013-01-06 19:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security
2013-01-06 19:51 . 2013-01-13 10:59 243600 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2013-01-06 19:51 . 2009-09-25 14:54 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2013-01-06 19:51 . 2009-09-25 14:54 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2013-01-06 19:51 . 2010-09-09 16:23 193864 ----a-w- c:\windows\system32\drivers\idsflt.sys
2013-01-06 19:51 . 2011-01-31 16:41 83528 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2013-01-06 19:51 . 2009-09-25 14:54 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2013-01-06 19:51 . 2009-09-25 14:54 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2013-01-06 19:50 . 2013-01-06 19:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
2013-01-06 19:50 . 2010-06-22 18:13 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2013-01-06 19:50 . 2007-03-15 19:38 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2013-01-06 19:48 . 2005-04-03 23:02 753664 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2013-01-06 19:48 . 2005-04-03 23:02 69714 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2013-01-06 19:48 . 2005-04-03 23:01 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2013-01-06 19:48 . 2005-04-03 23:00 184320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2013-01-06 19:48 . 2005-04-03 22:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2013-01-06 19:48 . 2013-01-06 19:48 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2013-01-06 19:48 . 2013-01-06 19:48 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2013-01-06 19:48 . 2013-01-06 19:48 -------- d-----w- c:\program files\Common Files\Panda Security
2013-01-06 19:48 . 2011-02-21 14:38 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2013-01-06 19:48 . 2010-05-06 17:11 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys
2012-12-30 18:10 . 2012-12-30 18:10 -------- d-----w- c:\program files\Common Files\Skype
2012-12-30 14:57 . 2002-12-10 17:51 179712 ----a-w- c:\windows\system32\drivers\LVSVF.dll
2012-12-30 14:27 . 2012-12-30 14:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\GoforFiles
2012-12-30 14:27 . 2013-01-02 14:42 -------- d-----w- c:\program files\GoforFiles
2012-12-30 14:16 . 2013-01-02 12:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 23:55 . 2012-04-08 04:30 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-08 23:55 . 2011-06-22 11:11 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 12:23 . 2004-08-04 12:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-13 01:25 . 2004-08-04 12:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 02:01 . 2008-04-14 00:12 1371648 ----a-w- c:\windows\system32\msxml6.dll
2012-11-02 02:02 . 2004-08-04 12:00 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-01-05 03:45 . 2013-01-17 23:34 262704 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-12-14 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"EPSON Stylus C84 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE" [2003-05-27 99840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2012\Inicio.exe" [2011-02-02 70464]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-03-14 198160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 12:55 55552 ----a-w- c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35 946352 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boincmgr]
2010-07-01 13:27 4862720 ----a-w- c:\program files\BOINC\boincmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\boinctray]
2010-07-01 13:27 58112 ----a-w- c:\program files\BOINC\boinctray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
2008-02-27 17:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
2002-12-10 18:32 155648 ----a-w- c:\program files\Logitech\ImageStudio\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
2002-12-10 18:31 61440 ----a-w- c:\program files\Logitech\ImageStudio\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-12-14 18:57 458752 ----a-w- c:\program files\Logitech\Video\ISStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-12-14 18:51 217088 ----a-w- c:\program files\Logitech\Video\LogiTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
2002-12-10 17:54 127022 ----a-w- c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-08-09 14:28 1961984 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 11:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 17:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
2002-04-17 10:42 69632 ----a-w- c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]
2009-12-08 14:51 774144 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 13:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-03-14 18:05 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [1/6/2013 7:50 PM 26696]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [7/29/2012 8:52 PM 65848]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [1/6/2013 7:51 PM 83528]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [1/6/2013 7:51 PM 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [1/6/2013 7:51 PM 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [1/6/2013 7:51 PM 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [1/6/2013 7:51 PM 159112]
R1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2/26/2010 10:09 AM 390528]
R1 RapportCerberus_43926;RapportCerberus_43926;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus32_43926.sys [10/26/2012 9:41 AM 272216]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [1/6/2013 7:48 PM 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [1/6/2013 7:51 PM 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [1/6/2013 7:49 PM 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [1/6/2013 7:48 PM 163848]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2012\psksvc.exe [1/6/2013 7:50 PM 28992]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [1/6/2013 7:49 PM 201032]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/2/2009 10:30 AM 47360]
S1 RapportEI;RapportEI;\??\c:\program files\Trusteer\Rapport\bin\RapportEI.sys --> c:\program files\Trusteer\Rapport\bin\RapportEI.sys [?]
S1 RapportPG;RapportPG;\??\c:\program files\Trusteer\Rapport\bin\RapportPG.sys --> c:\program files\Trusteer\Rapport\bin\RapportPG.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [10/9/2011 11:35 PM 28256]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [1/6/2013 8:00 PM 13880]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 10:09 PM 267568]
S3 RapportIaso;RapportIaso;c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys [5/30/2012 2:17 PM 21520]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [10/10/2010 3:53 PM 86824]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [10/10/2010 3:53 PM 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [10/10/2010 3:53 PM 114728]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [10/10/2010 3:53 PM 106208]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [10/10/2010 3:53 PM 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [10/10/2010 3:53 PM 104744]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [10/10/2010 3:53 PM 109864]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:56]
.
2013-01-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
2013-01-07 c:\windows\Tasks\At1.job
- c:\program files\Panda Security\Panda Internet Security 2012\PAVJOBS.EXE [2013-01-06 20:18]
.
2013-01-20 c:\windows\Tasks\ConfigExec.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09]
.
2012-02-09 c:\windows\Tasks\DataUpload.job
- c:\program files\Microsoft Fix it Center\MatsApi.dll [2011-06-13 22:09]
.
2013-01-19 c:\windows\Tasks\User_Feed_Synchronization-{9E667F2B-B8D3-4366-94D1-B30637EB192A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bbc.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: Free YouTube Download - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\documents and settings\Administrator\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
DPF: {9FAFB576-6933-4CCC-AB3D-B988EC43D04E} - hxxp://rsdownload.rising.com.cn/rs2010/online/ravolctl.cab
DPF: {BA3ED5CB-4935-4B1C-A418-AC9CCE2275C1} - hxxp://hglobal.globalhauri.com/HProduct/LCS2p/globalhauri/CLIENT/LCS2p/web/hLcs2Pre.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://81.174.229.186/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\4a1necbi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-AyiBhobs - c:\documents and settings\Administrator\Local Settings\Application Data\rstoworc\ayibhobs.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-avast - c:\program files\AVAST Software\Avast\avastUI.exe
AddRemove-Replay Media Catcher 4 - g:\applian\Replay Media Catcher 4\uninstall.exe
AddRemove-{8F311E92-C29F-4DF9-8259-B739A1831669}_is1 - e:\programs\Super ©\SUPER\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-20 09:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1409082233-920026266-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,d7,f7,bf,bc,23,28,42,84,ff,aa,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,d7,f7,bf,bc,23,28,42,84,ff,aa,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1460)
c:\windows\system32\avldr.dll
.
- - - - - - - > 'explorer.exe'(6796)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Internet Security 2012\pavoepl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Internet Security 2012\TPSrv.exe
c:\program files\PANDA SECURITY\PANDA INTERNET SECURITY 2012\WebProxy.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Panda Security\Panda Internet Security 2012\PsCtrls.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Internet Security 2012\SRVLOAD.EXE
c:\program files\Panda Security\Panda Internet Security 2012\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2013-01-20 09:41:59 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-20 09:41
.
Pre-Run: 17,344,225,280 bytes free
Post-Run: 18,260,324,352 bytes free
.
- - End Of File - - 3435F1138AE86A58A1C7FA63D10F572A