Jump to content

Build Theme!
  •  
  • Infected?

Welcome Guest to What the Tech - Register now for FREE

We specialize in the removal of malicious software (malware), but here you'll find free help and support for all your tech questions. We invite you to ask questions, share experiences, and learn. Explore our message boards, or register now to post messages of your own. Please Start Here. Register today (registration removes advertising)

Create an Account Login to Account


Photo

Virus scanner not scanning - IE very slow then freezes


  • This topic is locked This topic is locked
19 replies to this topic

#1 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 10:08 AM

Please if anyone can help, I think I have some sort of virus, my Panda virus scanner won't scan and also IE goes very slow and then just freezes. It also won't let me download any files in IE, it gets to 99% and just hangs there.

I have run malwarebytes and it came back clean and I have also run ad-aware and it picked up a panda file called Borindmm.dll which it does not like.

Below is a copy of my HiJackThis report.

Thank you for any help you can give me.

Cheers.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:08:19, on 21/07/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrv51.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PAVJOBS.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\PAVJOBS.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: KTBho Class - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Kaboodle Toolbar - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\PROGRA~1\kaboodle\KABOOD~1\KTBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com (file missing)
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1172259541828
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.ad...Plus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Unknown owner - C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (file missing)
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Unknown owner - c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe

--
End of file - 14927 bytes




OTL Log

OTL logfile created on: 21/07/2010 17:37:41 - Run 4
OTL by OldTimer - Version 3.1.17.0 Folder = C:\Documents and Settings\adam\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 0.67 Gb Available Physical Memory | 33.31% Memory free
3.85 Gb Paging File | 2.33 Gb Available in Paging File | 60.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 106.89 Gb Free Space | 45.90% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 223.87 Gb Free Space | 96.13% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM-464QH60QYD
Current User Name: adam
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/01 12:07:20 | 01,361,128 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2010/07/01 12:07:18 | 00,840,936 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2010/06/28 09:49:36 | 00,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 09:49:32 | 00,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/09 09:06:33 | 00,976,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010/04/17 12:12:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/02/18 11:43:18 | 00,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010/02/04 21:09:13 | 01,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/27 15:09:30 | 01,643,272 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
PRC - [2010/01/27 15:09:28 | 00,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/12/27 14:25:41 | 00,160,592 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2009/12/15 14:25:04 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adam\Desktop\OTL.exe
PRC - [2009/09/25 13:51:04 | 00,906,496 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
PRC - [2009/09/25 13:51:04 | 00,201,984 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\pavjobs.exe
PRC - [2009/09/17 13:17:26 | 00,291,584 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PAVSRV51.EXE
PRC - [2009/09/07 17:40:04 | 00,198,400 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
PRC - [2009/08/25 14:28:20 | 00,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\psksvc.exe
PRC - [2009/08/10 14:46:08 | 00,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrlS.exe
PRC - [2009/08/10 14:45:52 | 00,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
PRC - [2009/08/10 14:45:48 | 00,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
PRC - [2009/04/23 13:31:16 | 00,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\WebProxy.exe
PRC - [2009/04/17 18:01:12 | 00,247,152 | ---- | M] () -- C:\Program Files\CyberLink\Shared files\RichVideo.exe
PRC - [2009/04/17 11:17:24 | 00,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe
PRC - [2009/04/08 11:56:24 | 00,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Global Protection 2010\FIREWALL\PSHOST.EXE
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/06/27 14:23:00 | 00,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\SrvLoad.exe
PRC - [2008/06/19 13:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
PRC - [2008/04/14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 22:44:07 | 00,039,936 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2006/12/18 14:34:36 | 00,868,352 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/09/11 19:59:28 | 00,172,032 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2006/09/11 19:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/09/11 19:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2006/04/13 16:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005/10/10 14:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2005/07/12 08:55:26 | 00,081,920 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005/01/17 07:43:46 | 00,084,480 | R--- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvraidservice.exe
PRC - [2004/06/03 09:51:27 | 00,172,032 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliType Pro\type32.exe
PRC - [2004/06/03 09:50:07 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft IntelliPoint\point32.exe
PRC - [2002/08/29 13:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe


========== Modules (SafeList) ==========

MOD - [2010/06/07 18:07:08 | 00,541,928 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/12/15 14:25:04 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\adam\Desktop\OTL.exe
MOD - [2009/08/10 14:45:54 | 00,095,488 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Global Protection 2010\PavOEpl.dll
MOD - [2009/03/30 19:22:58 | 00,518,400 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2007/02/08 11:53:40 | 00,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006/11/10 19:49:42 | 00,499,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp71.dll
MOD - [2006/11/10 19:49:42 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll
MOD - [2002/08/29 13:00:00 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\serwvdrv.dll
MOD - [2002/08/29 13:00:00 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\umdmxfrm.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (PavPrSrv)
SRV - [2010/07/01 12:07:18 | 00,840,936 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2010/04/17 12:12:42 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2010/02/04 21:09:13 | 01,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/09/17 13:17:26 | 00,291,584 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrv51.exe -- (PAVSRV)
SRV - [2009/08/25 14:28:20 | 00,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe -- (PskSvcRetail)
SRV - [2009/08/10 14:46:08 | 00,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/08/10 14:45:52 | 00,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2009/04/18 01:36:45 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/04/17 18:01:12 | 00,247,152 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2009/04/17 11:17:24 | 00,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe -- (TPSrv)
SRV - [2009/04/08 11:56:24 | 00,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE -- (PSHost)
SRV - [2008/07/02 15:09:36 | 00,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Global Protection 2010\GWMsrv.dll -- (Gwmsrv)
SRV - [2008/06/19 13:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/03/12 13:49:46 | 00,271,920 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/07 22:44:07 | 00,039,936 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2007/02/24 10:18:52 | 00,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/09/11 19:59:28 | 00,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/09/11 19:56:02 | 00,135,227 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/09/11 19:55:42 | 00,065,599 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/04/13 16:14:26 | 00,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe -- (ForcewareWebInterface)
SRV - [2005/10/10 14:49:00 | 00,131,139 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2010/07/21 16:17:16 | 00,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2010/07/01 12:07:30 | 00,166,632 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2010/07/01 12:07:30 | 00,059,240 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys -- (RapportKELL)
DRV - [2010/02/11 13:02:15 | 00,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/10/01 08:44:52 | 00,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2009/10/01 00:07:44 | 00,075,016 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2009/09/23 13:55:23 | 00,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/09/09 11:29:18 | 00,199,432 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\neti1639.sys -- (NETIMFLT01060039)
DRV - [2009/07/23 12:57:22 | 00,102,528 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/06/30 11:37:16 | 00,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2009/06/16 14:33:02 | 00,046,728 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/06/16 14:33:00 | 00,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/06/16 14:32:58 | 00,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2009/06/16 14:32:58 | 00,053,128 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2009/05/09 01:14:20 | 00,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/04/28 19:09:46 | 00,051,072 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ikhlayer.sys -- (ikhlayer)
DRV - [2008/04/28 19:09:45 | 00,030,592 | ---- | M] (PCTools Research Pty Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ikhfile.sys -- (ikhfile)
DRV - [2008/04/28 18:35:14 | 00,084,024 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2008/04/13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 19:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 17:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/28 12:25:06 | 00,022,072 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2007/11/15 21:30:48 | 00,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2007/11/13 11:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/10/12 14:07:10 | 00,055,808 | ---- | M] (The SHVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2007/01/31 14:33:46 | 00,005,632 | ---- | M] (GRISOFT, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\avgarkt.sys -- (AVG Anti-Rootkit)
DRV - [2007/01/18 13:00:28 | 00,003,968 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgArCln.sys -- (AvgArCln)
DRV - [2007/01/16 02:09:06 | 00,293,888 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2006/09/11 12:45:38 | 00,019,968 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/09/11 12:45:36 | 00,057,856 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/09/11 12:45:26 | 00,110,592 | R--- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2006/08/21 11:24:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006/08/06 23:57:30 | 00,093,952 | R--- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aeaudio.sys -- (AEAudio)
DRV - [2006/03/17 10:18:58 | 00,392,960 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2005/10/10 14:49:00 | 03,530,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005/07/15 10:40:36 | 03,640,000 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/05/17 18:45:12 | 00,076,288 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce™
DRV - [2005/05/17 10:45:08 | 00,092,800 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)
DRV - [2004/08/13 03:56:20 | 00,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004/08/03 23:41:56 | 00,011,868 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004/06/03 09:50:07 | 00,020,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\point32.sys -- (Point32)
DRV - [2002/11/18 15:29:26 | 00,399,700 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dumant.sys -- (DumaNT)
DRV - [2002/08/29 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2002/06/26 10:06:50 | 00,875,191 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WINACHCF.sys -- (Winachcf)
DRV - [2002/04/11 15:21:38 | 00,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2001/08/17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: fireaw@digitalwindow.com:1.3.2
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {a880aeee-06f6-48e7-87c5-876fb64a2a56}:0.70
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.6.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}:1.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.0.17
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.4.95


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2009/04/19 14:00:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/21 16:10:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/21 16:10:52 | 00,000,000 | ---D | M]

[2009/12/14 16:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Extensions
[2009/12/14 16:26:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/20 23:28:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions
[2009/12/19 20:34:55 | 00,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/12/19 20:35:08 | 00,000,000 | ---D | M] (SeoQuake) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
[2009/06/20 11:47:29 | 00,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010/05/31 18:08:12 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2010/06/10 14:43:52 | 00,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/06/16 20:42:33 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{a880aeee-06f6-48e7-87c5-876fb64a2a56}
[2009/03/05 12:23:38 | 00,000,000 | ---D | M] (Google Global) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{B97F57B9-1B42-4aed-9475-0022600C62DC}
[2009/05/24 14:25:02 | 00,000,000 | ---D | M] (Article Marketing Impact) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{BFB5F154-9212-46F3-B547-AC6106030A54}
[2010/03/17 16:48:15 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294}
[2009/09/22 09:05:20 | 00,000,000 | ---D | M] (Clipmarks) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{e1170235-2845-420c-acc3-42261a29dd46}
[2009/06/16 13:36:46 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{ec9CEB59-8266-438b-91D9-82F56D595E15}
[2010/04/17 00:17:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b}
[2009/12/19 20:34:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\fireaw@digitalwindow.com
[2009/12/16 02:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\firefox@tvunetworks.com
[2008/11/05 20:30:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\highlightmysite@miguel.cruz
[2009/03/06 23:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\info@linkdiagnosis.com
[2010/03/08 10:46:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\rankchecker@seobook.com
[2009/06/20 11:47:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\seoquake-plugin-seolinx@seoquake.com
[2010/05/15 14:43:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\seotoolbar@seobook.com
[2010/07/20 16:35:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/17 12:12:54 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/17 12:12:42 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/01/16 01:55:13 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/01/16 01:55:13 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/01/16 01:55:13 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/01/16 01:55:13 | 00,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (KTBho Class) - {25EDC164-41A6-47C3-80BD-5E4FBE1BA7AB} - C:\Program Files\kaboodle\Kaboodle IE Toolbar\KTBar.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Kaboodle Toolbar) - {92857633-2441-4A14-8236-DFCB97AD3E87} - C:\Program Files\kaboodle\Kaboodle IE Toolbar\KTBar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [type32] C:\Program Files\Microsoft IntelliType Pro\type32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - File not found
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra 'Tools' menuitem : Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\Program Files\Nuclear Coffee\VideoGet\Plugins\VideoGet_IE.dll (Nuclear Coffee Software)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} http://download.micr...helpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} http://dl.tvunetworks.com/TVUAx.cab (CTVUAxCtrl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1172259541828 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Security, S.L.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/02/23 19:46:58 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{43792500-3684-11df-94d4-001e8c709532}\Shell - "" = AutoRun
O33 - MountPoints2\{43792500-3684-11df-94d4-001e8c709532}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{43792500-3684-11df-94d4-001e8c709532}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{43792501-3684-11df-94d4-001e8c709532}\Shell - "" = AutoRun
O33 - MountPoints2\{43792501-3684-11df-94d4-001e8c709532}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{43792501-3684-11df-94d4-001e8c709532}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{b11f0d38-36d7-11df-94d5-001e8c709532}\Shell - "" = AutoRun
O33 - MountPoints2\{b11f0d38-36d7-11df-94d5-001e8c709532}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b11f0d38-36d7-11df-94d5-001e8c709532}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O33 - MountPoints2\{b11f0d39-36d7-11df-94d5-001e8c709532}\Shell - "" = AutoRun
O33 - MountPoints2\{b11f0d39-36d7-11df-94d5-001e8c709532}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b11f0d39-36d7-11df-94d5-001e8c709532}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/21 17:13:36 | 00,000,000 | RHSD | C] -- C:\WINDOWS\PSICache
[2010/07/21 16:11:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2010/07/20 20:32:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adam\Desktop\Virus Removal Tool
[2010/07/14 07:56:51 | 00,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/07/08 09:17:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adam\Application Data\acccore
[2010/07/08 09:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adam\Local Settings\Application Data\AOL
[2010/07/08 09:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\adam\Local Settings\Application Data\AIM
[2010/07/08 09:17:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/07/08 09:17:22 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2010/07/08 09:17:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2010/07/08 09:17:18 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2010/07/01 08:18:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/04/21 12:45:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Trusteer
[2010/03/29 11:56:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Trusteer
[2010/03/23 15:00:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone
[2009/10/01 08:44:52 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\adam\Application Data\pcouffin.sys
[2009/01/07 10:37:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Panda Software
[2008/02/08 00:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/26 09:00:54 | 00,594,800 | ---- | C] (Softnik Technologies ) -- C:\Program Files\gkwv2_setup.exe
[2007/05/24 21:04:34 | 14,279,822 | ---- | C] (SoftwareClub.ws ) -- C:\Program Files\scvc6000.exe
[2007/03/06 09:50:42 | 02,683,984 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup137.exe
[2007/03/06 09:39:12 | 11,352,928 | ---- | C] (PC Tools ) -- C:\Program Files\spydocsetup.exe
[2007/02/25 10:52:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/02/24 20:25:45 | 33,170,212 | ---- | C] ( ) -- C:\Program Files\klmcodec165.exe
[2007/02/24 10:52:20 | 01,145,896 | ---- | C] (Google) -- C:\Program Files\GoogleToolbarInstaller.exe
[2007/02/24 08:55:26 | 25,755,448 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wmp11-windowsxp-x86-enu.exe
[2007/02/23 21:40:06 | 24,265,736 | ---- | C] (Microsoft) -- C:\Program Files\dotnetfx.exe
[2007/02/23 21:00:11 | 21,822,168 | ---- | C] ( ) -- C:\Program Files\AdbeRdr80_en_US.exe
[2007/02/23 20:56:15 | 36,808,256 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\iTunesSetup.exe
[2007/02/23 20:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/02/23 19:51:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2007/02/23 19:46:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010/07/21 17:19:27 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2010/07/21 17:13:47 | 00,348,452 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/07/21 17:13:47 | 00,348,452 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/07/21 17:07:54 | 00,002,445 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\HiJackThis.lnk
[2010/07/21 16:45:32 | 00,000,522 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\pfdnnt.act
[2010/07/21 16:20:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/07/21 16:20:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/07/21 16:20:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/07/21 16:20:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/07/21 16:20:30 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/07/21 16:19:23 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{CF5E3D8D-1EED-4D74-931D-56B0FEE9941C}.job
[2010/07/21 16:17:31 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010/07/21 16:17:31 | 00,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010/07/21 16:17:31 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2010/07/21 16:17:31 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2010/07/21 16:17:31 | 00,000,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt.bck
[2010/07/21 16:17:31 | 00,000,152 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetLoc.wlt
[2010/07/21 16:17:31 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2010/07/21 16:17:31 | 00,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2010/07/21 16:17:31 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2010/07/21 16:17:31 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2010/07/21 16:17:31 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2010/07/21 16:17:31 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2010/07/21 16:17:30 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2010/07/21 16:17:30 | 00,447,324 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2010/07/21 16:17:16 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2010/07/21 16:16:36 | 00,039,291 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/07/21 16:15:38 | 00,000,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg.bck
[2010/07/21 16:15:38 | 00,000,120 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAdapt.cfg
[2010/07/21 16:15:38 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2010/07/21 16:15:38 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2010/07/21 16:15:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/21 16:13:26 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/21 16:13:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/21 15:36:22 | 00,008,627 | ---- | M] () -- C:\Documents and Settings\adam\PAV_FOG.OPC
[2010/07/21 09:56:44 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/07/21 00:17:16 | 00,485,302 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/21 00:17:16 | 00,089,450 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/21 00:10:52 | 00,000,262 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/07/21 00:10:47 | 00,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Basic clean-up.job
[2010/07/19 19:52:52 | 09,957,376 | ---- | M] () -- C:\Documents and Settings\adam\ntuser.dat
[2010/07/19 18:43:36 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/07/19 14:59:59 | 00,000,668 | ---- | M] () -- C:\Documents and Settings\adam\Application Data\vso_ts_preview.xml
[2010/07/19 13:48:55 | 00,185,344 | ---- | M] () -- C:\Documents and Settings\adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/19 13:34:15 | 00,000,699 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\Shortcut to scrapebox.lnk
[2010/07/17 11:05:44 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/07/12 23:08:59 | 00,000,695 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/12 23:08:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/12 23:08:59 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2010/07/08 11:24:40 | 20,434,768 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\Images.zip
[2010/07/08 09:17:36 | 00,000,361 | -H-- | M] () -- C:\IPH.PH
[2010/07/08 09:17:27 | 00,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/06/29 20:21:27 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\adam\Desktop\Microsoft Office Word 2003.lnk
[2010/06/24 08:38:49 | 00,564,552 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2010/07/21 00:10:52 | 00,000,262 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2010/07/21 00:10:46 | 00,000,492 | ---- | C] () -- C:\WINDOWS\tasks\Basic clean-up.job
[2010/07/19 19:52:51 | 09,957,376 | ---- | C] () -- C:\Documents and Settings\adam\ntuser.dat
[2010/07/19 13:34:15 | 00,000,699 | ---- | C] () -- C:\Documents and Settings\adam\Desktop\Shortcut to scrapebox.lnk
[2010/07/10 12:00:26 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/07/10 12:00:26 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/07/08 11:20:07 | 20,434,768 | ---- | C] () -- C:\Documents and Settings\adam\Desktop\Images.zip
[2010/07/08 09:17:27 | 00,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2010/07/08 09:17:06 | 00,000,361 | -H-- | C] () -- C:\IPH.PH
[2010/04/14 20:46:08 | 00,011,774 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2754096141
[2010/04/14 20:46:08 | 00,011,774 | -HS- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\2754096141
[2010/04/14 20:46:07 | 00,011,782 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3769731055
[2010/04/14 20:46:07 | 00,011,782 | -HS- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\3769731055
[2010/04/14 20:41:08 | 00,011,750 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6Y5qPA2XU80
[2010/04/14 20:41:08 | 00,011,750 | -HS- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\6Y5qPA2XU80
[2010/01/08 13:08:45 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2009/11/17 14:46:46 | 00,000,091 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/16 08:51:23 | 00,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009/10/01 08:45:18 | 00,000,668 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\vso_ts_preview.xml
[2009/10/01 08:44:58 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\pcouffin.log
[2009/10/01 08:44:52 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\inst.exe
[2009/10/01 08:44:52 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\pcouffin.cat
[2009/10/01 08:44:52 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\adam\Application Data\pcouffin.inf
[2008/09/04 20:51:02 | 01,069,056 | ---- | C] () -- C:\WINDOWS\System32\libmySQL.dll
[2008/07/12 01:29:13 | 00,000,082 | ---- | C] () -- C:\WINDOWS\DeliveryReader.INI
[2008/03/31 17:19:19 | 00,032,834 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/31 13:31:36 | 00,000,804 | R--- | C] () -- C:\WINDOWS\System32\AsusSetup.ini
[2008/02/04 18:23:10 | 00,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/01/04 17:16:38 | 00,888,832 | ---- | C] () -- C:\WINDOWS\System32\securenet.dll
[2007/11/11 16:20:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2007/05/25 15:42:18 | 14,659,071 | ---- | C] () -- C:\Program Files\KE_setup13143.exe
[2007/05/25 15:40:47 | 01,585,247 | ---- | C] () -- C:\Program Files\SEOE_setup4081.exe
[2007/05/24 21:09:26 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/05/23 16:27:32 | 09,389,672 | ---- | C] () -- C:\Program Files\winzip111.exe
[2007/05/21 18:54:06 | 64,625,683 | ---- | C] () -- C:\Program Files\xsiteprosetup.exe
[2007/03/10 10:04:48 | 00,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/07 23:00:47 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2007/03/07 23:00:47 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2007/03/07 22:48:04 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2007/03/07 22:40:06 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/03/07 22:39:10 | 00,000,025 | ---- | C] () -- C:\WINDOWS\CDE P242580EF.ini
[2007/03/02 21:47:51 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/02/28 01:03:19 | 19,987,4112 | ---- | C] () -- C:\Program Files\Nero-7.7.5.1_eng_trial.exe
[2007/02/24 20:26:50 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007/02/24 20:26:50 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007/02/24 20:26:49 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/02/24 20:26:49 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007/02/24 20:26:48 | 00,084,480 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/02/24 19:20:59 | 00,411,509 | ---- | C] () -- C:\Program Files\GSpot270a.zip
[2007/02/24 18:52:16 | 06,241,753 | ---- | C] () -- C:\Program Files\XP-Codec-Pack-2.0.6.zip
[2007/02/24 18:47:43 | 00,185,344 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/24 18:41:27 | 05,134,848 | ---- | C] () -- C:\Program Files\SVCD2DVDv2.msi
[2007/02/24 18:38:27 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\adam\Local Settings\Application Data\fusioncache.dat
[2007/02/24 11:46:28 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/24 09:24:54 | 00,060,640 | ---- | C] () -- C:\Program Files\AC3ACM.zip
[2007/02/24 09:23:39 | 01,045,001 | ---- | C] () -- C:\Program Files\VirtualDub-MPEG2.zip
[2007/02/24 09:07:07 | 01,094,021 | ---- | C] () -- C:\Program Files\dvdshrink32setup1.zip
[2007/02/23 21:44:50 | 01,201,041 | ---- | C] () -- C:\Program Files\winrar.exe
[2007/02/23 21:38:59 | 05,968,384 | ---- | C] () -- C:\Program Files\SVCD2DVD.msi
[2007/02/23 20:25:06 | 00,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5m.DLL
[2007/02/23 20:20:55 | 00,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2007/02/23 20:18:46 | 00,000,269 | R--- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2007/02/23 20:18:31 | 00,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007/02/23 20:18:28 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007/02/23 20:08:19 | 00,009,728 | R--- | C] () -- C:\WINDOWS\System32\sysinfoX64.sys
[2007/02/23 20:08:19 | 00,008,192 | R--- | C] () -- C:\WINDOWS\System32\sysinfo.sys
[2006/05/02 23:38:24 | 00,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2006/04/23 00:00:10 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/10/10 14:49:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/10/10 14:49:00 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/10/10 14:49:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/10/10 14:49:00 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/10/10 14:49:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/10/10 14:49:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/10/10 14:49:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/11/18 15:29:28 | 00,368,640 | ---- | C] () -- C:\WINDOWS\System32\nvimage.dll
[2002/11/18 15:29:28 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\stereoi.dll
[2002/08/29 13:00:00 | 01,287,680 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2002/08/29 13:00:00 | 00,498,205 | ---- | C] () -- C:\WINDOWS\System32\dxmasf(2).dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B63300D1
< End of report >

Edited by tobyjones, 21 July 2010 - 10:44 AM.


#2 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 July 2010 - 02:58 PM

Posted Image


DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.



Did you have all 7 of the browser windows open when you ran HJT?

C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe

#3 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 03:04 PM

Ah, Yes I did. Do I need to run it again without anything?

#4 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 July 2010 - 03:07 PM

Ah, Yes I did. Do I need to run it again without anything?

No. We have been seeing a new infection that keeps opening IE.

You do realize the more browser windows you have open, the slower the pc will be.

Lets have a look.


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step



Download TDSSKiller and save it to your Desktop.
Once completed it will create a log in your C:\ drive called TDSSKiller_*** (*** denotes version & date)
  • Make sure all other windows are closed and to let it run uninterrupted.
  • Extract the file and run it.
  • Reboot your machine and see if the infection is gone
please post the contents of that log TDSSKiller and GooredFix log.

#5 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 03:20 PM

Hi there, here is the goordedfix log: GooredFix by jpshortstuff (03.07.10.1) Log created at 22:18 on 21/07/2010 (adam) Firefox version 3.6.6 (en-GB) ========== GooredScan ========== ========== GooredLog ========== C:\Program Files\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd} [16:40 21/06/2008] {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [13:50 17/12/2009] {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [11:12 17/04/2010] C:\Documents and Settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\ fireaw@digitalwindow.com [19:34 19/12/2009] firefox@tvunetworks.com [01:11 16/12/2009] highlightmysite@miguel.cruz [19:30 05/11/2008] info@linkdiagnosis.com [22:01 06/03/2009] rankchecker@seobook.com [09:46 08/03/2010] seoquake-plugin-seolinx@seoquake.com [10:47 20/06/2009] seotoolbar@seobook.com [13:43 15/05/2010] {0b457cAA-602d-484a-8fe7-c1d894a011ba} [19:34 19/12/2009] {20a82645-c095-46ed-80e3-08825760534b} [13:43 10/06/2010] {3112ca9c-de6d-4884-a869-9855de68056c} [09:58 02/05/2010] {317B5128-0B0B-49b2-B2DB-1E7560E16C74} [19:35 19/12/2009] {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [10:47 20/06/2009] {7CEA821D-3DAB-4238-B424-BF7324531750} [17:08 31/05/2010] {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [13:43 10/06/2010] {a880aeee-06f6-48e7-87c5-876fb64a2a56} [19:42 16/06/2009] {B97F57B9-1B42-4aed-9475-0022600C62DC} [11:23 05/03/2009] {BFB5F154-9212-46F3-B547-AC6106030A54} [13:25 24/05/2009] {c2b1f3ae-5cd5-49b7-8a0c-2c3bcbbbb294} [15:48 17/03/2010] {e1170235-2845-420c-acc3-42261a29dd46} [08:05 22/09/2009] {ec9CEB59-8266-438b-91D9-82F56D595E15} [12:36 16/06/2009] {fae5bcbc-dd73-439a-a15e-5b9ff39c0e9b} [23:17 16/04/2010] [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:22 15/08/2009] "{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox" [13:00 19/04/2009] "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [11:12 17/04/2010] ---------- Old Logs ---------- -=E.O.F=-

#6 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 03:23 PM

22:20:56:531 6184 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49 22:20:56:531 6184 ================================================================================ 22:20:56:531 6184 SystemInfo: 22:20:56:531 6184 OS Version: 5.1.2600 ServicePack: 3.0 22:20:56:531 6184 Product type: Workstation 22:20:56:531 6184 ComputerName: ADAM-464QH60QYD 22:20:56:531 6184 UserName: adam 22:20:56:531 6184 Windows directory: C:\WINDOWS 22:20:56:531 6184 System windows directory: C:\WINDOWS 22:20:56:531 6184 Processor architecture: Intel x86 22:20:56:531 6184 Number of processors: 2 22:20:56:531 6184 Page size: 0x1000 22:20:56:531 6184 Boot type: Normal boot 22:20:56:531 6184 ================================================================================ 22:20:56:906 6184 Initialize success 22:20:56:906 6184 22:20:56:906 6184 Scanning Services ... 22:20:56:968 6184 Raw services enum returned 383 services 22:20:56:984 6184 22:20:56:984 6184 Scanning Drivers ... 22:20:59:093 6184 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 22:20:59:156 6184 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 22:20:59:265 6184 ADIHdAudAddService (0158f4027c0808ff65ed3b3d683339c9) C:\WINDOWS\system32\drivers\ADIHdAud.sys 22:20:59:359 6184 AEAudio (358063ab6c1c4173b735525cdfa65f94) C:\WINDOWS\system32\drivers\AEAudio.sys 22:20:59:625 6184 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 22:20:59:703 6184 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys 22:20:59:906 6184 ALCXWDM (69dee6c352f8dcb1725bd0f974c76f79) C:\WINDOWS\system32\drivers\ALCXWDM.SYS 22:21:00:218 6184 APPFLT (2fc5d743822771fb40a053ac38b10012) C:\WINDOWS\system32\Drivers\APPFLT.SYS 22:21:00:531 6184 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 22:21:01:000 6184 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 22:21:01:609 6184 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 22:21:02:109 6184 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 22:21:02:734 6184 AVG Anti-Rootkit (e8054a423e5d2bdae6062bab6da159c4) C:\WINDOWS\system32\DRIVERS\avgarkt.sys 22:21:03:234 6184 AvgArCln (ec08d1625f5c6cf2a57b79eb35186f8c) C:\WINDOWS\system32\DRIVERS\AvgArCln.sys 22:21:03:734 6184 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 22:21:04:406 6184 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 22:21:05:234 6184 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 22:21:05:718 6184 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 22:21:06:343 6184 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 22:21:06:796 6184 ComFiltr (d9c33e68f61f27d8206f65b0190dc5cf) C:\WINDOWS\system32\DRIVERS\COMFiltr.sys 22:21:07:109 6184 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 22:21:07:562 6184 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 22:21:08:062 6184 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys 22:21:08:343 6184 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 22:21:08:500 6184 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 22:21:08:546 6184 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 22:21:09:187 6184 DSAFLT (c64c790e8a752b001a6b08ac194e5e5b) C:\WINDOWS\system32\Drivers\DSAFLT.SYS 22:21:09:359 6184 DumaNT (5b40d257176b7c1ed4367532c737e8a7) C:\WINDOWS\system32\DRIVERS\dumant.sys 22:21:09:703 6184 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 22:21:09:796 6184 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 22:21:09:921 6184 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 22:21:10:046 6184 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 22:21:10:125 6184 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 22:21:10:281 6184 FNETMON (72a4e942508abe5803ded728a2799d0f) C:\WINDOWS\system32\Drivers\fnetmon.SYS 22:21:10:437 6184 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 22:21:10:500 6184 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 22:21:10:546 6184 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys 22:21:10:640 6184 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 22:21:10:671 6184 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 22:21:10:718 6184 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 22:21:10:843 6184 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 22:21:10:906 6184 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 22:21:10:968 6184 hwdatacard (60aec3f4ec355d9f46d545a0fa08ce87) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 22:21:11:015 6184 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 22:21:11:046 6184 IDSFLT (c4cfc85c311a9e1a8a50baeb080343e1) C:\WINDOWS\system32\Drivers\IDSFLT.SYS 22:21:11:156 6184 ikhfile (f24866ee5c0819e9b1b58f2c00af078e) C:\WINDOWS\system32\drivers\ikhfile.sys 22:21:11:234 6184 ikhlayer (9a2cff8e3ef0a35f23f544fab915c060) C:\WINDOWS\system32\drivers\ikhlayer.sys 22:21:11:265 6184 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 22:21:11:328 6184 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 22:21:11:406 6184 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 22:21:11:437 6184 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 22:21:11:468 6184 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 22:21:11:531 6184 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 22:21:11:546 6184 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 22:21:11:562 6184 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 22:21:11:625 6184 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 22:21:11:750 6184 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 22:21:11:796 6184 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys 22:21:11:906 6184 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 22:21:11:953 6184 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 22:21:12:000 6184 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys 22:21:12:218 6184 mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 22:21:12:265 6184 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 22:21:12:328 6184 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 22:21:12:406 6184 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 22:21:12:437 6184 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 22:21:12:453 6184 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 22:21:12:468 6184 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 22:21:12:546 6184 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 22:21:12:593 6184 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 22:21:12:718 6184 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 22:21:12:765 6184 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 22:21:12:828 6184 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 22:21:12:843 6184 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 22:21:12:875 6184 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 22:21:12:921 6184 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys 22:21:12:968 6184 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys 22:21:13:031 6184 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys 22:21:13:093 6184 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 22:21:13:171 6184 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 22:21:13:187 6184 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 22:21:13:203 6184 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 22:21:13:218 6184 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys 22:21:13:250 6184 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 22:21:13:281 6184 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 22:21:13:328 6184 NETFLTDI (c530477bb0e1c7b978cbc2a45f300887) C:\WINDOWS\system32\Drivers\NETFLTDI.SYS 22:21:13:609 6184 NETIMFLT01060039 (1aeacdf5a0b9d43b9b942d2d738d1ffb) C:\WINDOWS\system32\DRIVERS\neti1639.sys 22:21:13:812 6184 npf (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys 22:21:13:859 6184 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 22:21:14:046 6184 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 22:21:14:171 6184 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys 22:21:14:218 6184 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 22:21:14:671 6184 nv (9e1f2f09e34c92a96b9900b6a45d5026) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 22:21:14:843 6184 nvata (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\DRIVERS\nvata.sys 22:21:14:906 6184 nvatabus (dce353985c988bfb7e84fd942068151f) C:\WINDOWS\system32\drivers\nvatabus.sys 22:21:14:953 6184 NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 22:21:15:000 6184 nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 22:21:15:046 6184 nvraid (9c8a8e00648eaf7a1d794f7cfb25a6b4) C:\WINDOWS\system32\drivers\nvraid.sys 22:21:15:078 6184 NVTCP (c0e7437765a694328579c4674ef3ab20) C:\WINDOWS\system32\DRIVERS\NVTcp.sys 22:21:15:125 6184 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 22:21:15:234 6184 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 22:21:15:281 6184 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 22:21:15:296 6184 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 22:21:15:343 6184 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 22:21:15:390 6184 pavboot (3adb8bd6154a3ef87496e8fce9c22493) C:\WINDOWS\system32\Drivers\pavboot.sys 22:21:15:453 6184 PAVDRV (831acdb182529bd9d153b141f28b1cb0) C:\WINDOWS\system32\DRIVERS\pavdrv51.sys 22:21:15:578 6184 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 22:21:15:625 6184 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 22:21:15:671 6184 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 22:21:15:703 6184 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys 22:21:15:812 6184 Point32 (3b6973d60bde757c53bb76842d31318e) C:\WINDOWS\system32\DRIVERS\point32.sys 22:21:15:843 6184 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 22:21:15:843 6184 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys 22:21:15:859 6184 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 22:21:15:921 6184 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 22:21:16:203 6184 RapportKELL (915b82d664cd38743a59b3a3524a5d3a) C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys 22:21:16:234 6184 RapportPG (25f126fdd8df81a71ff518c914055cd8) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys 22:21:16:296 6184 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 22:21:16:312 6184 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 22:21:16:328 6184 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 22:21:16:468 6184 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 22:21:16:500 6184 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 22:21:16:546 6184 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 22:21:16:578 6184 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 22:21:16:656 6184 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 22:21:16:687 6184 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 22:21:16:734 6184 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 22:21:16:937 6184 SenFiltService (b6a6b409fda9d9ebd3aadb838d3d7173) C:\WINDOWS\system32\drivers\Senfilt.sys 22:21:16:968 6184 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 22:21:16:968 6184 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 22:21:17:000 6184 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 22:21:17:046 6184 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 22:21:17:062 6184 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 22:21:17:156 6184 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys 22:21:17:234 6184 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 22:21:17:265 6184 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 22:21:17:312 6184 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 22:21:17:390 6184 tap0801 (f6587c800ce0ad14e755c4605febf3f9) C:\WINDOWS\system32\DRIVERS\tap0801.sys 22:21:17:484 6184 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 22:21:17:562 6184 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys 22:21:17:703 6184 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 22:21:17:750 6184 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 22:21:17:796 6184 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 22:21:17:906 6184 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys 22:21:17:953 6184 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 22:21:18:031 6184 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 22:21:18:078 6184 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys 22:21:18:078 6184 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 22:21:18:109 6184 usbcm (a31c1f4b2448eeeff7c0d4e4d58bd9b3) C:\WINDOWS\system32\DRIVERS\usbcm.sys 22:21:18:218 6184 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 22:21:18:281 6184 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 22:21:18:328 6184 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys 22:21:18:406 6184 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 22:21:18:484 6184 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 22:21:18:750 6184 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 22:21:18:843 6184 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 22:21:18:890 6184 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 22:21:18:921 6184 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 22:21:18:984 6184 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 22:21:19:078 6184 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 22:21:19:156 6184 Winachcf (41e8a037c8dfe81a1f31b2fe04ae1afe) C:\WINDOWS\system32\DRIVERS\winachcf.sys 22:21:19:203 6184 WNMFLT (5229193dac40312f1b9fad5fa0f57774) C:\WINDOWS\system32\Drivers\WNMFLT.SYS 22:21:19:296 6184 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 22:21:19:328 6184 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 22:21:19:375 6184 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 22:21:19:375 6184 22:21:19:375 6184 Completed 22:21:19:375 6184 22:21:19:375 6184 Results: 22:21:19:375 6184 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 22:21:19:375 6184 File objects infected / cured / cured on reboot: 0 / 0 / 0 22:21:19:375 6184 22:21:19:375 6184 KLMD(ARK) unloaded successfully

#7 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 July 2010 - 03:25 PM

Good :thumbup:

Lets try another tool.

Download ComboFix from one of these locations:

Link 1
Link 2 If using this link, Right Click and select Save As.


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs

  • Double click on ComboFix.exe & follow the prompts.

    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.

    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.


Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

#8 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 03:30 PM

I've just rebooted from the last gooredfix and an runtime error has come up for my panda virus ending in TPSrv.exe

#9 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 July 2010 - 03:34 PM

There are a lot of Google hits for TPSrv.exe issues.
http://support.panda...e...?f=2&t=2064

Lets continue on and see if that goes away.

#10 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 04:16 PM

Combofix seemed to run through everything ok, it rebooted then the box came back up saying preparing log report and not to run any programmes, except it's been like this for over 25 mins and I don't think anything is happening now.

#11 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 July 2010 - 04:30 PM

If you're sure it's hung up, open Taskmanager (Alt Ctrl Del) keys at same time. Kill * Any process with cfexe file extensions * FindStr.exe * Regsvr32.exe Look for C:\combofix.txt and open with NotePad and copy paste the results.

#12 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 04:32 PM

ComboFix 10-07-21.01 - adam 21/07/2010 22:42:37.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1464 [GMT 1:00] Running from: C:\Documents and Settings\adam\Desktop\ComboFix.exe AV: Panda Global Protection 2010 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595} FW: Panda Personal Firewall 2010 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\adam\Application Data\Explorer C:\Documents and Settings\adam\Application Data\inst.exe C:\Program Files\WinPCap C:\Program Files\WinPCap\rpcapd.exe C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\favicon.ico C:\WINDOWS\system32\mssfc.dll C:\WINDOWS\system32\Packet.dll C:\WINDOWS\system32\pthreadVC.dll C:\WINDOWS\system32\WanPacket.dll C:\WINDOWS\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Legacy_SFC -------\Service_npf -------\Service_sfc ((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 ))))))))))))))))))))))))))))))) . 2010-07-21 21:27:41 . 2010-07-21 21:27:41 105088 ----a-w- C:\WINDOWS\system32\drivers\av5flt.sys 2010-07-21 16:13:36 . 2010-07-21 16:30:15 -------- d-sh--r- C:\WINDOWS\PSICache 2010-07-21 15:11:42 . 2010-07-21 15:11:42 -------- d-----w- C:\WINDOWS\system32\wbem\Repository 2010-07-21 15:11:01 . 2010-07-21 15:11:15 -------- d-----w- C:\Program Files\Common Files\Panda Security 2010-07-20 23:10:52 . 2010-07-20 23:10:52 262 ----a-w- C:\WINDOWS\system32\PavCPL.dat 2010-07-14 06:56:51 . 2010-06-14 14:31:20 744448 -c----w- C:\WINDOWS\system32\dllcache\helpsvc.exe 2010-07-08 08:17:38 . 2010-07-08 08:19:47 -------- d-----w- C:\Documents and Settings\adam\Application Data\acccore 2010-07-08 08:17:36 . 2010-07-08 08:17:37 -------- d-----w- C:\Documents and Settings\adam\Local Settings\Application Data\AIM 2010-07-08 08:17:36 . 2010-07-08 08:17:36 -------- d-----w- C:\Documents and Settings\adam\Local Settings\Application Data\AOL 2010-07-08 08:17:28 . 2010-07-08 08:17:28 -------- d-----w- C:\Documents and Settings\All Users\Application Data\AIM 2010-07-08 08:17:22 . 2010-07-08 08:17:26 -------- d-----w- C:\Program Files\AIM 2010-07-08 08:17:19 . 2010-07-08 08:17:19 -------- d-----w- C:\Program Files\Common Files\Software Update Utility 2010-07-08 08:17:18 . 2010-07-08 08:17:18 -------- d-----w- C:\Program Files\Common Files\AOL 2010-07-01 07:18:03 . 2010-07-01 07:18:03 -------- d-----w- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-21 21:53:51 . 2010-01-08 12:04:33 346280 ----a-w- C:\WINDOWS\system32\drivers\APPFCONT.DAT.bck 2010-07-21 21:53:51 . 2010-01-08 12:04:33 346280 ----a-w- C:\WINDOWS\system32\drivers\APPFCONT.DAT 2010-07-21 21:53:50 . 2010-01-08 12:04:33 1132 ----a-w- C:\WINDOWS\system32\drivers\APPFLTR.CFG.bck 2010-07-21 21:53:50 . 2010-01-08 12:04:33 1132 ----a-w- C:\WINDOWS\system32\drivers\APPFLTR.CFG 2010-07-21 21:53:01 . 2010-01-08 12:08:45 13880 ----a-w- C:\WINDOWS\system32\drivers\COMFiltr.sys 2010-07-21 21:25:27 . 2007-03-06 08:39:43 -------- d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP 2010-07-21 16:13:15 . 2010-01-08 12:03:46 -------- d-----w- C:\Program Files\Panda Security 2010-07-21 10:19:50 . 2010-06-10 12:27:15 -------- d-----w- C:\Documents and Settings\adam\Application Data\OpenOffice.org2 2010-07-19 14:00:02 . 2009-10-01 07:44:51 -------- d-----w- C:\Documents and Settings\adam\Application Data\Vso 2010-07-12 22:08:59 . 2010-07-21 16:59:35 695 ----a-w- C:\WINDOWS\win.tmp 2010-07-12 22:08:59 . 2010-07-21 16:59:35 227 ----a-w- C:\WINDOWS\system.tmp 2010-06-25 07:32:51 . 2009-07-10 16:08:52 -------- d-----w- C:\Documents and Settings\All Users\Application Data\NOS 2010-06-01 07:20:54 . 2010-06-01 07:20:45 -------- d-----w- C:\Program Files\Common Files\DVDVideoSoft 2010-06-01 07:20:45 . 2010-06-01 07:20:45 -------- d-----w- C:\Program Files\DVDVideoSoft 2010-05-31 14:01:33 . 2010-05-31 13:59:57 -------- d-----w- C:\Documents and Settings\All Users\Application Data\CyberLink 2010-05-31 14:00:03 . 2007-02-23 19:03:07 70152 ----a-w- C:\Documents and Settings\adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-05-31 14:00:00 . 2010-05-31 13:59:01 -------- d-----w- C:\Documents and Settings\adam\Application Data\CyberLink 2010-05-31 13:58:13 . 2007-02-23 19:13:59 -------- d--h--w- C:\Program Files\InstallShield Installation Information 2010-05-31 13:51:29 . 2010-05-31 13:47:35 -------- d-----w- C:\Program Files\CyberLink 2010-05-31 11:49:53 . 2010-05-31 11:40:53 -------- d-----w- C:\Program Files\Nuclear Coffee 2010-05-06 10:41:53 . 2002-08-29 12:00:00 916480 ----a-w- C:\WINDOWS\system32\wininet.dll 2010-05-02 05:22:50 . 2002-08-29 12:00:00 1851264 ----a-w- C:\WINDOWS\system32\win32k.sys 2007-05-26 08:01:00 . 2007-05-26 08:00:54 594800 ----a-w- C:\Program Files\gkwv2_setup.exe 2007-05-25 14:42:21 . 2007-05-25 14:42:18 14659071 ----a-w- C:\Program Files\KE_setup13143.exe 2007-05-25 14:40:56 . 2007-05-25 14:40:47 1585247 ----a-w- C:\Program Files\SEOE_setup4081.exe 2007-05-24 20:07:36 . 2007-05-24 20:04:34 14279822 ----a-w- C:\Program Files\scvc6000.exe 2007-05-23 15:28:59 . 2007-05-23 15:27:32 9389672 ----a-w- C:\Program Files\winzip111.exe 2007-05-21 17:54:16 . 2007-05-21 17:54:06 64625683 ----a-w- C:\Program Files\xsiteprosetup.exe 2007-03-06 08:50:53 . 2007-03-06 08:50:42 2683984 ----a-w- C:\Program Files\ccsetup137.exe 2007-03-06 08:39:24 . 2007-03-06 08:39:12 11352928 ----a-w- C:\Program Files\spydocsetup.exe 2007-02-28 00:03:35 . 2007-02-28 00:03:19 199874112 ----a-w- C:\Program Files\Nero-7.7.5.1_eng_trial.exe 2007-02-24 19:25:53 . 2007-02-24 19:25:45 33170212 ----a-w- C:\Program Files\klmcodec165.exe 2007-02-24 18:21:02 . 2007-02-24 18:20:59 411509 ----a-w- C:\Program Files\GSpot270a.zip 2007-02-24 17:52:51 . 2007-02-24 17:52:16 6241753 ----a-w- C:\Program Files\XP-Codec-Pack-2.0.6.zip 2007-02-24 17:45:51 . 2007-02-24 17:41:27 5134848 ----a-w- C:\Program Files\SVCD2DVDv2.msi 2007-02-24 09:52:24 . 2007-02-24 09:52:20 1145896 ----a-w- C:\Program Files\GoogleToolbarInstaller.exe 2007-02-24 08:24:55 . 2007-02-24 08:24:54 60640 ----a-w- C:\Program Files\AC3ACM.zip 2007-02-24 08:23:43 . 2007-02-24 08:23:39 1045001 ----a-w- C:\Program Files\VirtualDub-MPEG2.zip 2007-02-24 08:07:13 . 2007-02-24 08:07:07 1094021 ----a-w- C:\Program Files\dvdshrink32setup1.zip 2007-02-24 07:55:35 . 2007-02-24 07:55:26 25755448 ----a-w- C:\Program Files\wmp11-windowsxp-x86-enu.exe 2007-02-23 20:44:54 . 2007-02-23 20:44:50 1201041 ----a-w- C:\Program Files\winrar.exe 2007-02-23 20:41:33 . 2007-02-23 20:40:06 24265736 ----a-w- C:\Program Files\dotnetfx.exe 2007-02-23 20:39:09 . 2007-02-23 20:38:59 5968384 ----a-w- C:\Program Files\SVCD2DVD.msi 2007-02-23 20:00:21 . 2007-02-23 20:00:11 21822168 ----a-w- C:\Program Files\AdbeRdr80_en_US.exe 2007-02-23 19:56:24 . 2007-02-23 19:56:15 36808256 ----a-w- C:\Program Files\iTunesSetup.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-27 13:25:41 160592] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 17:43:29 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-10-10 13:49:00 7286784] "nwiz"="nwiz.exe" [2005-10-10 13:49:00 1519616] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2005-01-17 06:43:46 84480] "SoundMan"="SOUNDMAN.EXE" [2005-07-12 07:55:26 81920] "type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 08:51:27 172032] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2004-06-03 08:50:07 204800] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53:56 153136] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 13:34:36 868352] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-10-10 13:49:00 86016] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 22:37:20 413696] "APVXDWIN"="C:\Program Files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-09-25 12:51:04 906496] "SCANINICIO"="C:\Program Files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-08-12 09:23:20 56064] "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 10:43:18 248040] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 05:42:51 36272] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 08:06:33 976832] "UpdatePDRShortCut"="C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 21:15:16 218408] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 00:12:16 15360] "Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2006-12-11 15:35:02 2115728] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-24 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 16:58:10 58672 ----a-w- C:\WINDOWS\system32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^adam^Start Menu^Programs^Startup^Google Goggles.lnk] backup=C:\WINDOWS\pss\Google Goggles.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^adam^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=C:\Documents and Settings\adam\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.4.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AffiliateWindow Alerts] 2005-02-25 13:54:18 476672 ----a-w- C:\Program Files\AffiliateWindow Alerts\affiliatewindow.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim] 2010-05-21 15:36:28 3824472 ----a-w- C:\Program Files\AIM\aim.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BinatoneInternetPhone] 2007-06-29 04:23:34 413696 ----a-w- C:\Program Files\Binatone Internet Phone\BinatoneInternetPhone.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2008-03-30 09:36:40 267048 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12:28 1695232 ------w- C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2007-03-09 17:53:56 153136 ----a-w- C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rundll32.exe] 2007-08-30 16:43:18 4670704 ----a-w- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartHide] 2008-07-07 14:43:50 1335296 ----a-w- C:\Program Files\SmartHide\smarthide.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] 2007-08-30 16:43:18 4670704 ----a-w- C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NMIndexingService"=3 (0x3) "NBService"=3 (0x3) "iPod Service"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"= "C:\\Program Files\\DNA\\btdna.exe"= "C:\\Program Files\\SmartHide\\SmartHide.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= "C:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "C:\\Program Files\\AIM\\aim.exe"= R0 Lbd;Lbd;C:\WINDOWS\system32\drivers\Lbd.sys [17/11/2009 15:09:51 64288] R0 pavboot;Panda boot driver;C:\WINDOWS\system32\drivers\pavboot.sys [08/01/2010 13:00:27 28552] R1 APPFLT;App Filter Plugin;C:\WINDOWS\system32\drivers\APPFLT.SYS [08/01/2010 13:04:24 75016] R1 DSAFLT;DSA Filter Plugin;C:\WINDOWS\system32\drivers\dsaflt.sys [08/01/2010 13:04:30 53128] R1 FNETMON;NetMon Filter Plugin;C:\WINDOWS\system32\drivers\fnetmon.sys [08/01/2010 13:04:24 22072] R1 IDSFLT;Ids Filter Plugin;C:\WINDOWS\system32\drivers\idsflt.sys [08/01/2010 13:04:30 193800] R1 NETFLTDI;Panda Net Driver [TDI Layer];C:\WINDOWS\system32\drivers\NETFLTDI.SYS [08/01/2010 13:04:24 159112] R1 RapportKELL;RapportKELL;C:\Program Files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07:30 59240] R1 RapportPG;RapportPG;C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07:30 166632] R1 WNMFLT;Wifi Monitor Filter Plugin;C:\WINDOWS\system32\drivers\wnmflt.sys [08/01/2010 13:04:30 46728] R2 Gwmsrv;Panda Goodware Cache Manager;C:\WINDOWS\system32\svchost -k Panda --> C:\WINDOWS\system32\svchost -k Panda [?] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17:32 1181328] R2 PskSvcRetail;Panda PSK service;C:\Program Files\Panda Security\Panda Global Protection 2010\psksvc.exe [08/01/2010 13:04:19 28928] R2 RapportMgmtService;Rapport Management Service;C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07:18 840936] R3 AvFlt;Antivirus Filter Driver;C:\WINDOWS\system32\drivers\av5flt.sys [21/07/2010 22:27:41 105088] R3 ComFiltr;Panda Anti-Dialer;C:\WINDOWS\system32\drivers\COMFiltr.sys [08/01/2010 13:08:45 13880] R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;C:\WINDOWS\system32\drivers\neti1639.sys [08/01/2010 13:03:50 199432] R3 PavTPK.sys;PavTPK.sys;\??\C:\WINDOWS\system32\PavTPK.sys --> C:\WINDOWS\system32\PavTPK.sys [?] R3 tap0801;Smarthide TAP driver;C:\WINDOWS\system32\drivers\tap0801.sys [12/10/2007 14:07:10 55808] S1 ShldDrv;Panda File Shield Driver;C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys --> C:\WINDOWS\system32\DRIVERS\ShlDrv51.sys [?] S2 PavProc;Panda Process Protection Driver;\??\C:\WINDOWS\system32\DRIVERS\PavProc.sys --> C:\WINDOWS\system32\DRIVERS\PavProc.sys [?] S3 PavSRK.sys;PavSRK.sys;\??\C:\WINDOWS\system32\PavSRK.sys --> C:\WINDOWS\system32\PavSRK.sys [?] S3 RkPavproc1;RkPavproc1;\??\C:\WINDOWS\system32\drivers\RkPavproc1.sys --> C:\WINDOWS\system32\drivers\RkPavproc1.sys [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\D:\NTGLM7X.sys --> D:\NTGLM7X.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 03:32:48 128512 ----a-w- C:\WINDOWS\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder

#13 LDTate

LDTate

    Forum God

  • Root Admin
  • 56,590 posts
  • MVP

Posted 21 July 2010 - 04:41 PM

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

File::
C:\WINDOWS\win.tmp
C:\WINDOWS\system.tmp

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:
1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...


Posted Image

Drag CFScript.txt into ComboFix.exe


Then post the results log using Copy / Paste


Also please describe how your computer behaves at the moment.

#14 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 04:57 PM

ComboFix 10-07-21.01 - adam 21/07/2010 23:45:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1358 [GMT 1:00]
Running from: c:\documents and settings\adam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\adam\Desktop\CFScript.txt
AV: Panda Global Protection 2010 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

FILE ::
"c:\windows\system.tmp"
"c:\windows\win.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system.tmp
c:\windows\win.tmp
.
---- Previous Run -------
.
c:\documents and settings\adam\Application Data\inst.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\favicon.ico
c:\windows\system32\mssfc.dll
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_SFC
-------\Service_npf
-------\Service_sfc


((((((((((((((((((((((((( Files Created from 2010-06-21 to 2010-07-21 )))))))))))))))))))))))))))))))
.

2010-07-21 16:13 . 2010-07-21 16:30 -------- d-sh--r- c:\windows\PSICache
2010-07-21 15:59 . 2010-07-21 15:59 388096 ----a-r- c:\documents and settings\adam\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-21 15:11 . 2010-07-21 15:11 -------- d-----w- c:\windows\system32\wbem\Repository
2010-07-21 15:11 . 2010-07-21 15:11 -------- d-----w- c:\program files\Common Files\Panda Security
2010-07-20 23:10 . 2010-07-20 23:10 262 ----a-w- c:\windows\system32\PavCPL.dat
2010-07-14 06:56 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 11:05 . 2010-07-09 11:05 503808 ----a-w- c:\documents and settings\adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-246ea41e-n\msvcp71.dll
2010-07-09 11:05 . 2010-07-09 11:05 499712 ----a-w- c:\documents and settings\adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-246ea41e-n\jmc.dll
2010-07-09 11:05 . 2010-07-09 11:05 348160 ----a-w- c:\documents and settings\adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-246ea41e-n\msvcr71.dll
2010-07-09 11:05 . 2010-07-09 11:05 12800 ----a-w- c:\documents and settings\adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55854d55-n\decora-d3d.dll
2010-07-09 11:05 . 2010-07-09 11:05 61440 ----a-w- c:\documents and settings\adam\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-55854d55-n\decora-sse.dll
2010-07-08 08:17 . 2010-07-08 08:19 -------- d-----w- c:\documents and settings\adam\Application Data\acccore
2010-07-08 08:17 . 2010-07-08 08:17 -------- d-----w- c:\documents and settings\adam\Local Settings\Application Data\AIM
2010-07-08 08:17 . 2010-07-08 08:17 -------- d-----w- c:\documents and settings\adam\Local Settings\Application Data\AOL
2010-07-08 08:17 . 2010-07-08 08:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-08 08:17 . 2010-07-08 08:17 -------- d-----w- c:\program files\AIM
2010-07-08 08:17 . 2010-07-08 08:17 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-08 08:17 . 2010-07-08 08:17 -------- d-----w- c:\program files\Common Files\AOL
2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\documents and settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll
2010-07-01 07:18 . 2010-07-01 07:18 -------- d-----w- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-21 22:38 . 2010-01-08 12:04 346280 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-07-21 22:38 . 2010-01-08 12:04 346280 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-07-21 22:38 . 2010-01-08 12:04 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-07-21 22:38 . 2010-01-08 12:04 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-07-21 21:53 . 2010-01-08 12:08 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-07-21 21:25 . 2007-03-06 08:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-07-21 16:13 . 2010-01-08 12:03 -------- d-----w- c:\program files\Panda Security
2010-07-21 10:19 . 2010-06-10 12:27 -------- d-----w- c:\documents and settings\adam\Application Data\OpenOffice.org2
2010-07-19 14:00 . 2009-10-01 07:44 -------- d-----w- c:\documents and settings\adam\Application Data\Vso
2010-07-17 18:17 . 2010-06-10 13:03 1 ----a-w- c:\documents and settings\adam\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-06-25 07:32 . 2009-07-10 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-14 14:31 . 2008-03-31 18:33 744448 ----a-w- c:\windows\PCHealth\HelpCtr\Binaries\helpsvc.exe
2010-06-01 07:20 . 2010-06-01 07:20 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-01 07:20 . 2010-06-01 07:20 -------- d-----w- c:\program files\DVDVideoSoft
2010-05-31 14:01 . 2010-05-31 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-05-31 14:00 . 2007-02-23 19:03 70152 ----a-w- c:\documents and settings\adam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 14:00 . 2010-05-31 13:59 -------- d-----w- c:\documents and settings\adam\Application Data\CyberLink
2010-05-31 13:58 . 2007-02-23 19:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 13:51 . 2010-05-31 13:47 -------- d-----w- c:\program files\CyberLink
2010-05-31 13:46 . 2010-05-31 13:46 36864 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\PostBuild.exe
2010-05-31 11:49 . 2010-05-31 11:40 -------- d-----w- c:\program files\Nuclear Coffee
2010-05-06 10:41 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2002-08-29 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2007-05-26 08:01 . 2007-05-26 08:00 594800 ----a-w- c:\program files\gkwv2_setup.exe
2007-05-25 14:42 . 2007-05-25 14:42 14659071 ----a-w- c:\program files\KE_setup13143.exe
2007-05-25 14:40 . 2007-05-25 14:40 1585247 ----a-w- c:\program files\SEOE_setup4081.exe
2007-05-24 20:07 . 2007-05-24 20:04 14279822 ----a-w- c:\program files\scvc6000.exe
2007-05-23 15:28 . 2007-05-23 15:27 9389672 ----a-w- c:\program files\winzip111.exe
2007-05-21 17:54 . 2007-05-21 17:54 64625683 ----a-w- c:\program files\xsiteprosetup.exe
2007-03-06 08:50 . 2007-03-06 08:50 2683984 ----a-w- c:\program files\ccsetup137.exe
2007-03-06 08:39 . 2007-03-06 08:39 11352928 ----a-w- c:\program files\spydocsetup.exe
2007-02-28 00:03 . 2007-02-28 00:03 199874112 ----a-w- c:\program files\Nero-7.7.5.1_eng_trial.exe
2007-02-24 19:25 . 2007-02-24 19:25 33170212 ----a-w- c:\program files\klmcodec165.exe
2007-02-24 18:21 . 2007-02-24 18:20 411509 ----a-w- c:\program files\GSpot270a.zip
2007-02-24 17:52 . 2007-02-24 17:52 6241753 ----a-w- c:\program files\XP-Codec-Pack-2.0.6.zip
2007-02-24 17:45 . 2007-02-24 17:41 5134848 ----a-w- c:\program files\SVCD2DVDv2.msi
2007-02-24 09:52 . 2007-02-24 09:52 1145896 ----a-w- c:\program files\GoogleToolbarInstaller.exe
2007-02-24 08:24 . 2007-02-24 08:24 60640 ----a-w- c:\program files\AC3ACM.zip
2007-02-24 08:23 . 2007-02-24 08:23 1045001 ----a-w- c:\program files\VirtualDub-MPEG2.zip
2007-02-24 08:07 . 2007-02-24 08:07 1094021 ----a-w- c:\program files\dvdshrink32setup1.zip
2007-02-24 07:55 . 2007-02-24 07:55 25755448 ----a-w- c:\program files\wmp11-windowsxp-x86-enu.exe
2007-02-23 20:44 . 2007-02-23 20:44 1201041 ----a-w- c:\program files\winrar.exe
2007-02-23 20:41 . 2007-02-23 20:40 24265736 ----a-w- c:\program files\dotnetfx.exe
2007-02-23 20:39 . 2007-02-23 20:38 5968384 ----a-w- c:\program files\SVCD2DVD.msi
2007-02-23 20:00 . 2007-02-23 20:00 21822168 ----a-w- c:\program files\AdbeRdr80_en_US.exe
2007-02-23 19:56 . 2007-02-23 19:56 36808256 ----a-w- c:\program files\iTunesSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-12-27 160592]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-10 7286784]
"nwiz"="nwiz.exe" [2005-10-10 1519616]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2005-01-17 84480]
"SoundMan"="SOUNDMAN.EXE" [2005-07-12 81920]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2004-06-03 172032]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 868352]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-10 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2010\Inicio.exe" [2009-08-12 56064]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"UpdatePDRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Spyware Doctor"="c:\program files\Spyware Doctor\swdoctor.exe" [2006-12-11 2115728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-24 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 16:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^adam^Start Menu^Programs^Startup^Google Goggles.lnk]
backup=c:\windows\pss\Google Goggles.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^adam^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\adam\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AffiliateWindow Alerts]
2005-02-25 13:54 476672 ----a-w- c:\program files\AffiliateWindow Alerts\affiliatewindow.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim]
2010-05-21 15:36 3824472 ----a-w- c:\program files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BinatoneInternetPhone]
2007-06-29 04:23 413696 ----a-w- c:\program files\Binatone Internet Phone\BinatoneInternetPhone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-03-30 09:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-09 17:53 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rundll32.exe]
2007-08-30 16:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartHide]
2008-07-07 14:43 1335296 ----a-w- c:\program files\SmartHide\smarthide.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 16:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NMIndexingService"=3 (0x3)
"NBService"=3 (0x3)
"iPod Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\SmartHide\\SmartHide.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AIM\\aim.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17/11/2009 15:09 64288]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [08/01/2010 13:00 28552]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [08/01/2010 13:04 75016]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [08/01/2010 13:04 53128]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [08/01/2010 13:04 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [08/01/2010 13:04 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [08/01/2010 13:04 159112]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [01/07/2010 12:07 59240]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [01/07/2010 12:07 166632]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [08/01/2010 13:04 46728]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2010\psksvc.exe [08/01/2010 13:04 28928]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [01/07/2010 12:07 840936]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [08/01/2010 13:08 13880]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [08/01/2010 13:03 199432]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 tap0801;Smarthide TAP driver;c:\windows\system32\drivers\tap0801.sys [12/10/2007 14:07 55808]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 12:17 1181328]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 03:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder

2010-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:09]

2010-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:09]

2010-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:09]

2010-07-21 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:09]

2010-07-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:09]

2010-07-20 c:\windows\Tasks\Basic clean-up.job
- c:\program files\Panda Security\Panda Global Protection 2010\PlaTasks.exe [2010-01-08 13:46]

2010-07-21 c:\windows\Tasks\User_Feed_Synchronization-{CF5E3D8D-1EED-4D74-931D-56B0FEE9941C}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk
FF - component: c:\documents and settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\adam\Application Data\Mozilla\Firefox\Profiles\9sjjzdwq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Good Keywords v2.01_is1 - c:\program files\Softnik Technologies\Good Keywords v2.01\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-21 23:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-823518204-1343024091-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1640)
c:\windows\system32\avldr.dll
.
Completion time: 2010-07-21 23:54:24
ComboFix-quarantined-files.txt 2010-07-21 22:54

Pre-Run: 114,855,575,552 bytes free
Post-Run: 114,854,100,992 bytes free

- - End Of File - - 35CE3CF24C9236482117B201901A2429

#15 tobyjones

tobyjones

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 21 July 2010 - 04:58 PM

it added post twice - removed

Edited by tobyjones, 21 July 2010 - 05:00 PM.



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users