WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93121 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

trj/ci.a generic malware

Started by mikeleafe , Jul 04 2011 12:23 PM

This topic is locked

25 replies to this topic

#1 mikeleafe

New Member

Authentic Member
19 posts

Posted 04 July 2011 - 12:23 PM

OTL logfile created on: 04/07/2011 19:06:10 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Paul\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 60.25% Memory free
6.14 Gb Paging File | 4.81 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 241.25 Gb Free Space | 83.76% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.54 Gb Free Space | 45.44% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE (Panda Security, S.L.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\psksvc.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrlS.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\WebProxy.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\FIREWALL\PSHost.exe (Panda Security International)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - C:\Windows\twain_32\D66U\D066UUTY.EXE ()

========== Modules (SafeList) ==========

MOD - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavTrc.dll (Panda Security, S.L.)
MOD - C:\Windows\System32\PavSHook.dll (Panda Security, S.L.)
MOD - C:\Windows\System32\PavLspHook.dll (Panda Security, S.L.)
MOD - C:\Windows\System32\SYSTOOLS.DLL (Panda Software)

========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PAVSRV) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe (Panda Security, S.L.)
SRV - (DLPWD) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
SRV - (PskSvcRetail) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe (Panda Security, S.L.)
SRV - (Panda Software Controller) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe (Panda Security, S.L.)
SRV - (PAVFNSVR) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
SRV - (TPSrv) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
SRV - (PSHost) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE (Panda Security International)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Gwmsrv) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll (Panda Security, S.L.)
SRV - (PSIMSVC) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
SRV - (PavPrSrv) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (DLSDB) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (PavTPK.sys) -- File not found
DRV - (PavSRK.sys) -- File not found
DRV - (AvFlt) -- File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (APPFLT) -- C:\Windows\System32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (NETIMFLT01060039) -- C:\Windows\System32\drivers\neti1639.sys (Panda Security, S.L.)
DRV - (AmFSM) -- C:\Windows\System32\drivers\amm8660.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\Windows\System32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\Windows\system32\Drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WNMFLT) -- C:\Windows\System32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\Windows\System32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\Windows\System32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\Windows\System32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (FNETMON) -- C:\Windows\System32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (ShldDrv) -- C:\Windows\System32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/09 09:51:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/09 09:51:14 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/07/04 17:48:05 | 000,435,452 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14987 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [D066UUtility] C:\Windows\twain_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLQLU] C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\Windows\System32\avldr.dll (Panda Security, S.L.)
O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{048dafb7-1971-11e0-bb9f-0024e80247d6}\Shell - "" = AutoRun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/04 19:03:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2011/07/04 18:32:06 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/07/04 15:42:27 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/07/04 12:12:45 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Paul\Desktop\setup-spybotsd162.exe
[2011/07/04 12:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/04 12:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/04 12:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/04 10:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/04 10:54:36 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/03 18:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/07/03 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/07/03 18:22:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/03 18:20:02 | 000,000,000 | ---D | C] -- C:\Users\Paul\Documents\adware
[2011/06/29 20:38:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2011/06/29 07:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/29 07:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/06/29 07:43:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C8DDA1F2-1573-4419-B26B-9D47B513CB24}
[2011/06/24 14:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2011/06/24 12:58:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{1AB82F8B-455E-4E4E-82F6-130F833B3D04}
[2011/06/23 14:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/23 14:40:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/23 12:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/23 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/23 12:13:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/06/23 12:13:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/06/23 12:13:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/06/23 12:13:32 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/06/23 09:03:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{0C1184A4-F776-4750-8482-9C77BEEFFDB2}
[2011/06/22 16:01:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/22 13:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/22 13:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/22 10:52:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/06/22 10:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/06/22 10:52:10 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/06/22 08:56:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{EE615C3A-1A8C-43EF-8D39-E41CD99460DC}
[2011/06/21 08:48:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{B81A3A10-1C42-49C0-B458-9CA7220E7429}
[2011/06/20 08:57:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{A6A8EE67-B008-4411-ABC2-E6A95520B843}
[2011/06/17 08:52:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{054A9C43-7396-4AE9-8932-081365B35620}
[2011/06/16 08:50:44 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{FB2A2C19-5107-44D8-A0CC-00E8A9B97140}
[2011/06/15 17:10:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 17:10:20 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/15 17:10:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/15 17:10:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 08:55:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{04DC7D24-F86C-41CE-9996-14CACAF9B390}
[2011/06/14 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{EBA4DA58-C65D-4AB7-AC11-038B6BB79233}
[2011/06/13 08:55:14 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{3D151075-E4C9-44BC-AC01-2671C22E5B97}
[2011/06/10 08:32:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{8C7F33F3-5B56-45A8-A718-E6942839888F}
[2011/06/09 17:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/09 10:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaAccount
[2011/06/09 09:58:53 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/06/09 09:53:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Nokia
[2011/06/09 09:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011/06/09 09:53:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2011/06/09 09:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011/06/09 09:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2011/06/09 09:51:08 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011/06/09 09:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/06/09 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/06/09 09:49:25 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011/06/09 09:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2011/06/09 09:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/06/09 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{19427B42-C493-4EC0-8CDC-2893A6FAE861}
[2011/06/08 08:31:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{5B75D84C-5465-4B2E-982E-5831DE0762DE}
[2011/06/06 08:57:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{4E028452-A3C8-4018-92BA-7084E6D80DA5}
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll

========== Files - Modified Within 30 Days ==========

[2011/07/04 19:03:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2011/07/04 18:59:42 | 000,612,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/04 18:59:42 | 000,110,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/04 18:56:13 | 000,000,353 | ---- | M] () -- C:\Windows\System32\drivers\etc\pfdnnt.act
[2011/07/04 18:55:11 | 000,284,276 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/07/04 18:55:11 | 000,284,276 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/07/04 18:55:10 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2011/07/04 18:55:10 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2011/07/04 18:55:10 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2011/07/04 18:55:10 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2011/07/04 18:55:10 | 000,000,104 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2011/07/04 18:55:10 | 000,000,104 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2011/07/04 18:55:10 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2011/07/04 18:55:10 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2011/07/04 18:55:10 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2011/07/04 18:55:10 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2011/07/04 18:55:10 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2011/07/04 18:55:10 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2011/07/04 18:55:09 | 000,360,756 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2011/07/04 18:55:09 | 000,360,756 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2011/07/04 18:52:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2011/07/04 18:52:46 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2011/07/04 18:52:45 | 000,000,120 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2011/07/04 18:52:45 | 000,000,120 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2011/07/04 18:52:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/04 18:52:18 | 000,402,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/04 18:52:13 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 18:52:12 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/04 18:52:11 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011/07/04 18:52:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/04 18:51:54 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/04 18:31:38 | 000,000,646 | ---- | M] () -- C:\Users\Paul\Desktop\config - Shortcut.lnk
[2011/07/04 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/07/04 17:48:05 | 000,435,452 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/04 17:42:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/04 12:15:49 | 000,001,081 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 12:15:49 | 000,001,057 | ---- | M] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2011/07/04 12:12:57 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Paul\Desktop\setup-spybotsd162.exe
[2011/07/04 11:50:41 | 121,434,334 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/04 11:43:25 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110704-174805.backup
[2011/07/04 10:54:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/04 08:26:25 | 001,402,880 | ---- | M] () -- C:\Users\Paul\Documents\HiJackThis.msi
[2011/07/03 19:24:31 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/06/29 07:41:37 | 000,000,420 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/29 07:41:37 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/06/24 17:08:30 | 000,001,709 | ---- | M] () -- C:\Windows\System32\ACTIVE_X
[2011/06/24 09:25:46 | 000,002,633 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/24 09:03:26 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/23 14:40:35 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/23 10:18:14 | 000,002,091 | ---- | M] () -- C:\Users\Paul\Desktop\Google Earth.lnk
[2011/06/23 09:14:31 | 000,000,848 | ---- | M] () -- C:\Users\Paul\Desktop\QuickTimePlayer - Shortcut.lnk
[2011/06/23 09:12:31 | 000,002,012 | ---- | M] () -- C:\Users\Paul\Desktop\Panda Antivirus Pro 2010.lnk
[2011/06/23 09:12:13 | 000,002,217 | ---- | M] () -- C:\Users\Paul\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2011/06/23 09:11:06 | 000,000,371 | ---- | M] () -- C:\Users\Paul\Desktop\Pictures - Shortcut.lnk
[2011/06/22 16:30:01 | 000,000,951 | ---- | M] () -- C:\Users\Paul\Desktop\Internet Explorer.lnk
[2011/06/22 16:01:18 | 000,000,360 | ---- | M] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/06/15 09:31:33 | 000,002,627 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Office Word 2007.lnk
[2011/06/09 09:59:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/06/09 09:59:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

========== Files Created - No Company Name ==========

[2011/07/04 18:47:24 | 3184,513,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/04 18:31:38 | 000,000,646 | ---- | C] () -- C:\Users\Paul\Desktop\config - Shortcut.lnk
[2011/07/04 12:09:53 | 000,001,081 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 12:09:53 | 000,001,057 | ---- | C] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2011/07/04 09:21:56 | 001,402,880 | ---- | C] () -- C:\Users\Paul\Documents\HiJackThis.msi
[2011/06/23 14:40:35 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/23 14:40:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/23 13:18:03 | 000,001,709 | ---- | C] () -- C:\Windows\System32\ACTIVE_X
[2011/06/23 10:18:14 | 000,002,091 | ---- | C] () -- C:\Users\Paul\Desktop\Google Earth.lnk
[2011/06/23 09:14:31 | 000,000,848 | ---- | C] () -- C:\Users\Paul\Desktop\QuickTimePlayer - Shortcut.lnk
[2011/06/23 09:12:31 | 000,002,012 | ---- | C] () -- C:\Users\Paul\Desktop\Panda Antivirus Pro 2010.lnk
[2011/06/23 09:12:13 | 000,002,217 | ---- | C] () -- C:\Users\Paul\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2011/06/23 09:11:06 | 000,000,371 | ---- | C] () -- C:\Users\Paul\Desktop\Pictures - Shortcut.lnk
[2011/06/22 16:30:01 | 000,000,951 | ---- | C] () -- C:\Users\Paul\Desktop\Internet Explorer.lnk
[2011/06/22 16:01:10 | 121,434,334 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/22 10:56:00 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/06/22 10:52:56 | 000,000,420 | ---- | C] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011/06/22 10:52:55 | 000,000,378 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor Defrag.job
[2011/06/22 10:52:54 | 000,000,360 | ---- | C] () -- C:\Windows\tasks\PC Health Advisor.job
[2011/06/09 09:59:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/06/09 09:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/09 09:58:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/10/06 15:27:05 | 000,000,024 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\oidzga.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/22 10:08:22 | 000,284,276 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2010/07/22 10:08:22 | 000,284,276 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2010/07/22 10:00:59 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2010/02/24 12:56:14 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/02/12 11:53:39 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/12 11:52:25 | 000,000,036 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\swk.ini
[2009/10/28 10:40:34 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wsodsini.dll
[2009/10/28 10:40:28 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2009/10/21 09:05:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 09:05:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/21 09:04:57 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/09 16:22:24 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/18 09:24:44 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2009/05/13 09:07:25 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2009/05/13 09:06:31 | 000,000,024 | ---- | C] () -- C:\Windows\pstudio.ini
[2009/05/13 09:06:31 | 000,000,011 | ---- | C] () -- C:\Windows\album.ini
[2009/04/22 09:37:47 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/22 09:37:47 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/22 09:37:47 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/22 09:37:47 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/22 09:37:47 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/22 09:37:47 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/22 09:37:47 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/04/22 09:37:47 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/22 09:37:47 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/22 09:37:47 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/04/22 09:37:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/22 09:37:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/22 09:37:47 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/22 09:37:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/22 09:37:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/22 09:37:47 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/04/22 09:37:47 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/04/22 09:37:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/22 09:37:47 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/22 09:21:33 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2009/04/17 08:04:27 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009/04/17 08:04:27 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/04/17 08:04:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/17 08:02:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/03 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:43 | 000,402,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,612,902 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,110,212 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001/02/06 08:18:21 | 000,061,502 | ---- | C] () -- C:\Windows\System32\ODBCMON.DLL

========== LOP Check ==========

[2011/06/23 01:00:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\0E43A580309DD6D9EC04AE2513C6C8EA
[2010/06/11 11:44:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Abxe
[2010/06/11 12:14:19 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Apduc
[2010/01/14 11:00:06 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Autodesk
[2010/04/29 14:28:48 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Canon
[2010/10/13 16:13:46 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Cuaru
[2011/06/23 01:00:08 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\GetRightToGo
[2010/06/14 09:03:59 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ihwik
[2010/09/24 10:44:47 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Nuyd
[2010/09/16 16:59:07 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ofovon
[2010/07/22 10:00:45 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Panda Security
[2011/06/09 10:16:26 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2010/10/06 15:27:53 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Ylbo
[2010/01/09 03:51:55 | 000,000,000 | ---D | M] -- C:\Users\Paul\AppData\Roaming\Zyuv
[2011/07/04 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/06/29 07:41:37 | 000,000,420 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/06/29 07:41:37 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job
[2011/06/22 16:01:18 | 000,000,360 | ---- | M] () -- C:\Windows\Tasks\PC Health Advisor.job
[2011/07/04 18:52:11 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\RtlNICDiagVistaStart.job
[2011/07/04 18:51:09 | 000,032,556 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009/04/17 08:04:34 | 000,004,197 | R--- | M] () -- C:\dell.sdr
[2011/07/04 18:51:54 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/13 09:05:36 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/05/13 09:05:36 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2011/07/04 18:51:52 | 3498,319,872 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:19 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:19 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:19 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/10/29 14:40:41 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 13:36:30 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 02:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/21 03:43:58 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/21 04:20:25 | 017,223,680 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/21 04:20:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/21 04:20:25 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2011/07/04 18:52:10 | 000,168,307 | ---- | M] () -- C:\Windows\system32\config\systemprofile\mwfmfysqygfgoseh.exe
[1 C:\Windows\system32\config\systemprofile\*.tmp files -> C:\Windows\system32\config\systemprofile\*.tmp -> ]

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/07/04 19:03:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2011/07/04 12:12:57 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Paul\Desktop\setup-spybotsd162.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-03 17:27:07

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 04/07/2011 19:06:10 - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Paul\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 60.25% Memory free
6.14 Gb Paging File | 4.81 Gb Available in Paging File | 78.26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 241.25 Gb Free Space | 83.76% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.54 Gb Free Space | 45.44% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PAVSCRIP.EXE (Panda Security, S.L.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
Unknown [openas] -- C:\Program Files\ParetoLogic\PCHA\noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{25E64851-830F-4787-87F3-101CCD0DC2BB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4504CEC9-FD90-4A59-84D8-8EE3627A44A6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{960CF4FB-6F36-4AED-A0AD-7B2D81AAAF27}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9AF1414C-2160-4ACD-8963-B75966DF5BF4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F477D653-26BD-4D2F-BF81-BCC5971A53F6}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{48E013CD-F6D9-4B32-9374-0E366C41D492}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{4E5FD175-E0F6-4BA2-A5F7-A877BBA9B9D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{537388B4-E81C-4A7C-A7BC-8545DBCB2A09}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{71292B1F-8D37-4813-9D22-E8F647004C9C}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{76E42DA2-9043-4745-80A1-2F39ECF01BE5}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{82194D42-7DBC-4859-9BB3-F11BE55621FA}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{ABC1F933-E0A2-45A9-9BCE-BC62521670E5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{CDDEE701-E565-4C60-A586-701EA49428DF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{105F3CE5-FE55-408E-BF30-E78F85BA0B12}" = Dell Printer Software
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25CFEF55-A945-41FC-86ED-76469F31DF37}" = Nokia Connectivity Cable Driver
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 26
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000 SR-1
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3DE96337-68D2-48E0-A863-6E4A5CD3BC25}" = PC Connectivity Solution
"{4097ADD8-7890-4CBD-953A-1187EF2C6FA5}_is1" = JPEG to PDF 1.0
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CA10D13-F83A-487E-9B30-CC979FEF7A70}" = OviMPlatform
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{590B11BB-7FF9-4D4F-A9E8-E8165BF88381}" = Panda Antivirus Pro 2010
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6339663B-F26F-4FE3-B813-0E1DEC4ED976}" = Nokia Ovi Suite
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{707EB912-C597-49D8-9460-46CC9AB03EBE}" = Corel Painter Photo Essentials 4
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_BASICR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_BASICR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_BASICR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEF7FC5C-0182-4DDE-BDDD-F7D132AB833D}" = Ovi Desktop Sync Engine
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2010
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"BASICR" = Microsoft Office Basic 2007
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.5
"Canon ScanGear Toolbox FAU" = Canon ScanGear Toolbox FAU 2.5
"Color Efex Pro 3.0 Corel Sampler" = Color Efex Pro 3.0 Corel Sampler
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DWG TrueView 2010" = DWG TrueView 2010
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Stylus C90_91_D92 User’s Guide" = EPSON Stylus C90_91_D92 Manual
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"ImageSkill Background Remover 3" = ImageSkill Background Remover 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.2.5 Standard
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nokia Ovi Suite" = Nokia Ovi Suite
"PDF Writer" = PDF Writer
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.4
"WinLiveSuite" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29/06/2011 15:30:52 | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 29/06/2011 15:35:47 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module jscript9.dll, version 9.0.8112.16430, time stamp 0x4db210d4,
exception code 0xc0000005, fault offset 0x0006d66f, process id 0xc1c, application
start time 0x01cc3693b1d87cf0.

Error - 29/06/2011 15:37:05 | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 03:09:59 | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 03:34:41 | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 03:35:06 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module jscript9.dll, version 9.0.8112.16430, time stamp 0x4db210d4,
exception code 0xc0000005, fault offset 0x0006d66f, process id 0x1274, application
start time 0x01cc36f83a341e0f.

Error - 30/06/2011 06:35:30 | Computer Name = Paul-PC | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 9.0.8112.16421, time stamp
0x4d76255d, faulting module jscript9.dll, version 9.0.8112.16430, time stamp 0x4db210d4,
exception code 0xc0000005, fault offset 0x0006d66f, process id 0x1794, application
start time 0x01cc37116b16f10f.

Error - 30/06/2011 06:36:03 | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 06:46:28 | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/06/2011 07:01:50 | Computer Name = Paul-PC | Source = WinMgmt | ID = 10
Description =

[ OSession Events ]
Error - 03/03/2011 09:47:32 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 28/03/2011 04:31:07 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 29/03/2011 11:09:54 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 31/03/2011 08:22:39 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 18/05/2011 07:56:08 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/05/2011 04:59:35 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/05/2011 05:06:10 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 27/05/2011 05:08:42 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 03/06/2011 08:09:55 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 874
seconds with 360 seconds of active time. This session ended with a crash.

Error - 03/06/2011 08:18:06 | Computer Name = Paul-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 16
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 04/07/2011 11:30:43 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/07/2011 11:33:58 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7030
Description =

Error - 04/07/2011 13:29:41 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/07/2011 13:33:17 | Computer Name = Paul-PC | Source = DCOM | ID = 10005
Description =

Error - 04/07/2011 13:33:24 | Computer Name = Paul-PC | Source = DCOM | ID = 10005
Description =

Error - 04/07/2011 13:33:28 | Computer Name = Paul-PC | Source = DCOM | ID = 10005
Description =

Error - 04/07/2011 13:34:48 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 04/07/2011 13:34:48 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/07/2011 13:49:13 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 04/07/2011 13:53:42 | Computer Name = Paul-PC | Source = Service Control Manager | ID = 7026
Description =

< End of report >

Advertisements

Register to Remove

#2 mowman

SuperMember

Malware Team
2,669 posts

Posted 05 July 2011 - 07:22 AM

Hello,
Welcome to WhatTheTech. My name is mowman, and I will be helping you fix your problems.

If you do not make a reply in 3 days, we will have to close your topic.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this topic. The topics you are tracking can be found by clicking on My Topics at the top of any page.

Please take note of some guidelines for this fix:

•Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
•If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
•Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
•Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
Only attach them if requested or if they do not fit into the post

Do not open any more threads,reply in this one.

Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#3 mikeleafe

New Member

Authentic Member
19 posts

Posted 05 July 2011 - 09:01 AM

Hi mowman, thanks for the help, hope ive done this right.

ComboFix 11-07-05.02 - Paul 05/07/2011 15:50:45.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3036.1848 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2010 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2010 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Antivirus Pro 2010 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Paul\AppData\Local\{026C16EC-C4E8-407A-9F82-2E09471A520B}
c:\users\Paul\AppData\Local\{026C16EC-C4E8-407A-9F82-2E09471A520B}\chrome.manifest
c:\users\Paul\AppData\Local\{026C16EC-C4E8-407A-9F82-2E09471A520B}\chrome\content\_cfg.js
c:\users\Paul\AppData\Local\{026C16EC-C4E8-407A-9F82-2E09471A520B}\chrome\content\overlay.xul
c:\users\Paul\AppData\Local\{026C16EC-C4E8-407A-9F82-2E09471A520B}\install.rdf
c:\users\Paul\AppData\Roaming\Adobe\plugs
c:\users\Paul\AppData\Roaming\Adobe\shed
c:\users\Paul\AppData\Roaming\Ofovon
c:\users\Paul\AppData\Roaming\Ofovon\tioda.eve
c:\users\Paul\AppData\Roaming\Ofovon\tioda.tmp
c:\users\Paul\AppData\Roaming\Zyuv
c:\users\Paul\AppData\Roaming\Zyuv\abbug.lyu
c:\windows\system32\config\systemprofile\42E8.tmp
c:\windows\system32\config\systemprofile\mwfmfysqygfgoseh.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-07-05 14:55 . 2011-07-05 14:56 -------- d-----w- c:\users\Paul\AppData\Local\temp
2011-07-05 14:55 . 2011-07-05 14:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-05 14:49 . 2011-07-05 14:49 -------- d-----w- C:\32788R22FWJFW
2011-07-05 13:43 . 2011-07-05 13:43 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-05 12:14 . 2011-07-05 12:14 -------- d-----w- c:\program files\GIANT Company Software
2011-07-05 12:13 . 2011-07-05 12:13 -------- d-----w- c:\windows\Downloaded Installations
2011-07-05 08:42 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 08:42 . 2011-07-05 08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 08:42 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 07:44 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51684DF5-0DF8-4D60-BB7B-06C9BF5A3353}\mpengine.dll
2011-07-04 21:00 . 2011-07-04 21:00 -------- d-----w- C:\_OTL
2011-07-04 17:32 . 2011-07-04 17:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-07-04 14:42 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-04 11:09 . 2011-07-04 16:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-04 11:09 . 2011-07-04 12:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-04 09:55 . 2011-07-04 09:55 -------- d-----w- c:\program files\Trend Micro
2011-07-04 09:54 . 2011-07-04 09:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-03 17:25 . 2011-07-04 16:43 -------- d-----w- c:\programdata\Lavasoft
2011-07-03 17:25 . 2011-07-03 17:25 -------- d-----w- c:\program files\Lavasoft
2011-07-03 17:22 . 2011-07-03 17:22 -------- d-----w- c:\windows\system32\config\systemprofile\Google Toolbar
2011-07-03 17:22 . 2011-07-03 17:22 -------- d-----w- c:\windows\system32\config\systemprofile\Low
2011-06-29 19:38 . 2011-06-29 19:38 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2011-06-29 06:50 . 2011-06-29 06:50 -------- d-----w- c:\program files\Sophos
2011-06-29 06:46 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 06:43 . 2011-06-29 06:43 -------- d-----w- c:\users\Paul\AppData\Local\{C8DDA1F2-1573-4419-B26B-9D47B513CB24}
2011-06-24 13:58 . 2011-06-29 17:34 -------- d-----w- c:\programdata\Viewpoint
2011-06-24 11:58 . 2011-06-24 11:58 -------- d-----w- c:\users\Paul\AppData\Local\{1AB82F8B-455E-4E4E-82F6-130F833B3D04}
2011-06-23 13:40 . 2011-06-23 13:40 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-23 11:13 . 2011-06-23 11:13 -------- d-----w- c:\program files\Common Files\Java
2011-06-23 11:13 . 2011-05-04 03:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-23 08:03 . 2011-06-23 08:03 -------- d-----w- c:\users\Paul\AppData\Local\{0C1184A4-F776-4750-8482-9C77BEEFFDB2}
2011-06-22 12:49 . 2011-06-22 12:49 -------- d-----w- c:\programdata\Malwarebytes
2011-06-22 09:52 . 2011-07-05 08:24 -------- d-----w- c:\programdata\ParetoLogic
2011-06-22 07:56 . 2011-06-22 07:57 -------- d-----w- c:\users\Paul\AppData\Local\{EE615C3A-1A8C-43EF-8D39-E41CD99460DC}
2011-06-21 07:48 . 2011-06-21 07:49 -------- d-----w- c:\users\Paul\AppData\Local\{B81A3A10-1C42-49C0-B458-9CA7220E7429}
2011-06-20 07:57 . 2011-06-20 07:58 -------- d-----w- c:\users\Paul\AppData\Local\{A6A8EE67-B008-4411-ABC2-E6A95520B843}
2011-06-17 07:52 . 2011-06-17 07:53 -------- d-----w- c:\users\Paul\AppData\Local\{054A9C43-7396-4AE9-8932-081365B35620}
2011-06-16 07:50 . 2011-06-16 07:51 -------- d-----w- c:\users\Paul\AppData\Local\{FB2A2C19-5107-44D8-A0CC-00E8A9B97140}
2011-06-15 16:10 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 16:10 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 16:10 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 08:03 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 08:02 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 08:02 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 08:02 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 08:02 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 08:02 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 08:02 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 08:02 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 08:02 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 08:02 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 07:55 . 2011-06-15 07:55 -------- d-----w- c:\users\Paul\AppData\Local\{04DC7D24-F86C-41CE-9996-14CACAF9B390}
2011-06-14 08:00 . 2011-06-14 08:01 -------- d-----w- c:\users\Paul\AppData\Local\{EBA4DA58-C65D-4AB7-AC11-038B6BB79233}
2011-06-13 07:55 . 2011-06-13 07:55 -------- d-----w- c:\users\Paul\AppData\Local\{3D151075-E4C9-44BC-AC01-2671C22E5B97}
2011-06-10 07:32 . 2011-06-10 07:33 -------- d-----w- c:\users\Paul\AppData\Local\{8C7F33F3-5B56-45A8-A718-E6942839888F}
2011-06-09 16:03 . 2011-06-09 16:03 -------- d-----w- c:\program files\MSXML 4.0
2011-06-09 09:14 . 2011-06-09 09:14 -------- d-----w- c:\programdata\NokiaAccount
2011-06-09 08:58 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-09 08:58 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-09 08:53 . 2011-06-09 09:24 -------- d-----w- c:\users\Paul\AppData\Local\Nokia
2011-06-09 08:53 . 2011-06-22 23:59 -------- d-----w- c:\programdata\PC Suite
2011-06-09 08:53 . 2011-06-09 09:16 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Suite
2011-06-09 08:51 . 2011-06-09 08:51 -------- d-----w- c:\program files\Common Files\Nokia
2011-06-09 08:51 . 2011-06-09 08:51 -------- d-----w- c:\program files\DIFX
2011-06-09 08:51 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-09 08:50 . 2011-06-09 08:50 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-09 08:49 . 2010-12-02 14:13 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-06-09 08:49 . 2011-06-22 23:59 -------- d-----w- c:\programdata\NokiaInstallerCache
2011-06-09 08:49 . 2011-06-09 08:51 -------- d-----w- c:\program files\Nokia
2011-06-09 07:58 . 2011-06-09 07:58 -------- d-----w- c:\users\Paul\AppData\Local\{19427B42-C493-4EC0-8CDC-2893A6FAE861}
2011-06-08 07:31 . 2011-06-08 07:31 -------- d-----w- c:\users\Paul\AppData\Local\{5B75D84C-5465-4B2E-982E-5831DE0762DE}
2011-06-06 11:55 . 2011-06-06 11:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-06-06 07:57 . 2011-06-07 08:12 -------- d-----w- c:\users\Paul\AppData\Local\{4E028452-A3C8-4018-92BA-7084E6D80DA5}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 08:03 . 2010-02-24 11:56 848 --sha-w- c:\programdata\KGyGaAvL.sys
2011-05-24 18:14 . 2010-06-11 11:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 08:03 . 2011-05-24 08:03 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-24 08:03 . 2011-05-24 08:03 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-24 08:03 . 2011-05-24 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-24 08:03 . 2011-05-24 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-24 08:03 . 2011-05-24 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-24 08:03 . 2011-05-24 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-24 08:03 . 2011-05-24 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-24 08:03 . 2011-05-24 08:03 367104 ----a-w- c:\windows\system32\html.iec
2011-05-24 08:03 . 2011-05-24 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-24 08:03 . 2011-05-24 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-24 08:03 . 2011-05-24 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-24 08:03 . 2011-05-24 08:03 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-24 08:03 . 2011-05-24 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-24 08:03 . 2011-05-24 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-24 08:03 . 2011-05-24 08:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-24 08:03 . 2011-05-24 08:03 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-24 08:03 . 2011-05-24 08:03 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-24 08:03 . 2011-05-24 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-24 08:03 . 2011-05-24 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840]
"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008]
"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2009-07-08 816368]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"BrandClearStubs"="IEDKCS32.DLL" [2011-05-24 353584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 15:58 58672 ----a-w- c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 11:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-08 17:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-08 17:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 02:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-05-20 15:56 724536 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R0 adqyr;adqyr;c:\windows\System32\drivers\howajg.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c7fdbc428860;Google Update Service (gupdate1c9c7fdbc428860);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\DD63.tmp [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2009-09-30 75016]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-06-16 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2009-06-16 193800]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-06-16 12:33 159112]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-06-16 46728]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2009-08-25 28928]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-08-19 27648]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-26 112128]
S3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\DRIVERS\neti1639.sys [2009-09-09 199432]
S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:34]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:34]
.
2011-07-05 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-04-16 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10o_ActiveX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 15:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\DD63.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{8DCB7100-DF86-4384-8842-8FA844297B3F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,72,d8,
89,b4,91,ea,06,f7,54,cc,e8,41,77,3f,2b
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,
6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,
d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,
36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63,
57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:49,6b,fe,a5,b6,30,cc,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,bd,0c,6b,ab,e1,5f,46,89,f4,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,bd,0c,6b,ab,e1,5f,46,89,f4,cd,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-07-05 15:57:38
ComboFix-quarantined-files.txt 2011-07-05 14:57
.
Pre-Run: 257,011,290,112 bytes free
Post-Run: 256,950,796,288 bytes free
.
- - End Of File - - 5F1EFF6FD22A80B00B6EFC2336BA440F

#4 mowman

SuperMember

Malware Team
2,669 posts

Posted 05 July 2011 - 03:03 PM

COMBOFIX-Script

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

File:: 
;c:\windows\System32\drivers\howajg.sys 

Driver:: 
adqyr

DirLook::
c:\windows\system32\%APPDATA%

RegLock::
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
If you need help to disable your protection programs see here.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Next

Please download Malwarebytes from Here or Here

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

Post the log please

Next

Run the following scan: Eset Online Scanner

Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes click the Details tab.
Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

#5 mikeleafe

New Member

Authentic Member
19 posts

Posted 05 July 2011 - 03:45 PM

here is the latest combofix log, will post malwarebytes shortly

ComboFix 11-07-05.03 - Paul 05/07/2011 22:30:48.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.44.1033.18.3036.1641 [GMT 1:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
Command switches used :: c:\users\Paul\Desktop\CFScript.txt
AV: Panda Antivirus Pro 2010 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: Panda Personal Firewall 2010 *Disabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22}
SP: Panda Antivirus Pro 2010 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_adqyr
.
.
((((((((((((((((((((((((( Files Created from 2011-06-05 to 2011-07-05 )))))))))))))))))))))))))))))))
.
.
2011-07-05 21:35 . 2011-07-05 21:35 168307 ----a-w- c:\windows\system32\config\systemprofile\mwfmfysqygfgoseh.exe
2011-07-05 21:35 . 2011-07-05 21:35 168307 ----a-w- c:\windows\system32\config\systemprofile\5169.tmp
2011-07-05 14:49 . 2011-07-05 21:29 -------- d-----w- C:\32788R22FWJFW
2011-07-05 13:43 . 2011-07-05 13:43 -------- d--h--w- c:\windows\msdownld.tmp
2011-07-05 12:14 . 2011-07-05 12:14 -------- d-----w- c:\program files\GIANT Company Software
2011-07-05 12:13 . 2011-07-05 12:13 -------- d-----w- c:\windows\Downloaded Installations
2011-07-05 08:42 . 2011-05-29 08:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-05 08:42 . 2011-07-05 08:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-05 08:42 . 2011-05-29 08:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-05 07:44 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51684DF5-0DF8-4D60-BB7B-06C9BF5A3353}\mpengine.dll
2011-07-04 21:00 . 2011-07-04 21:00 -------- d-----w- C:\_OTL
2011-07-04 17:32 . 2011-07-04 17:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-07-04 14:42 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-07-04 11:09 . 2011-07-04 16:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-04 11:09 . 2011-07-04 12:02 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-07-04 09:55 . 2011-07-04 09:55 -------- d-----w- c:\program files\Trend Micro
2011-07-04 09:54 . 2011-07-04 09:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-03 17:25 . 2011-07-04 16:43 -------- d-----w- c:\programdata\Lavasoft
2011-07-03 17:25 . 2011-07-03 17:25 -------- d-----w- c:\program files\Lavasoft
2011-07-03 17:22 . 2011-07-03 17:22 -------- d-----w- c:\windows\system32\config\systemprofile\Google Toolbar
2011-07-03 17:22 . 2011-07-03 17:22 -------- d-----w- c:\windows\system32\config\systemprofile\Low
2011-06-29 19:38 . 2011-06-29 19:38 -------- d-----w- c:\users\Paul\AppData\Roaming\Malwarebytes
2011-06-29 06:50 . 2011-06-29 06:50 -------- d-----w- c:\program files\Sophos
2011-06-29 06:46 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll
2011-06-29 06:43 . 2011-06-29 06:43 -------- d-----w- c:\users\Paul\AppData\Local\{C8DDA1F2-1573-4419-B26B-9D47B513CB24}
2011-06-24 13:58 . 2011-06-29 17:34 -------- d-----w- c:\programdata\Viewpoint
2011-06-24 11:58 . 2011-06-24 11:58 -------- d-----w- c:\users\Paul\AppData\Local\{1AB82F8B-455E-4E4E-82F6-130F833B3D04}
2011-06-23 13:40 . 2011-06-23 13:40 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-23 11:13 . 2011-06-23 11:13 -------- d-----w- c:\program files\Common Files\Java
2011-06-23 11:13 . 2011-05-04 03:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-23 08:03 . 2011-06-23 08:03 -------- d-----w- c:\users\Paul\AppData\Local\{0C1184A4-F776-4750-8482-9C77BEEFFDB2}
2011-06-22 12:49 . 2011-06-22 12:49 -------- d-----w- c:\programdata\Malwarebytes
2011-06-22 09:52 . 2011-07-05 08:24 -------- d-----w- c:\programdata\ParetoLogic
2011-06-22 07:56 . 2011-06-22 07:57 -------- d-----w- c:\users\Paul\AppData\Local\{EE615C3A-1A8C-43EF-8D39-E41CD99460DC}
2011-06-21 07:48 . 2011-06-21 07:49 -------- d-----w- c:\users\Paul\AppData\Local\{B81A3A10-1C42-49C0-B458-9CA7220E7429}
2011-06-20 07:57 . 2011-06-20 07:58 -------- d-----w- c:\users\Paul\AppData\Local\{A6A8EE67-B008-4411-ABC2-E6A95520B843}
2011-06-17 07:52 . 2011-06-17 07:53 -------- d-----w- c:\users\Paul\AppData\Local\{054A9C43-7396-4AE9-8932-081365B35620}
2011-06-16 07:50 . 2011-06-16 07:51 -------- d-----w- c:\users\Paul\AppData\Local\{FB2A2C19-5107-44D8-A0CC-00E8A9B97140}
2011-06-15 16:10 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-15 16:10 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-06-15 16:10 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll
2011-06-15 08:03 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-06-15 08:02 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 08:02 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 08:02 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 08:02 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 08:02 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 08:02 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-06-15 08:02 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 08:02 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 08:02 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 07:55 . 2011-06-15 07:55 -------- d-----w- c:\users\Paul\AppData\Local\{04DC7D24-F86C-41CE-9996-14CACAF9B390}
2011-06-14 08:00 . 2011-06-14 08:01 -------- d-----w- c:\users\Paul\AppData\Local\{EBA4DA58-C65D-4AB7-AC11-038B6BB79233}
2011-06-13 07:55 . 2011-06-13 07:55 -------- d-----w- c:\users\Paul\AppData\Local\{3D151075-E4C9-44BC-AC01-2671C22E5B97}
2011-06-10 07:32 . 2011-06-10 07:33 -------- d-----w- c:\users\Paul\AppData\Local\{8C7F33F3-5B56-45A8-A718-E6942839888F}
2011-06-09 16:03 . 2011-06-09 16:03 -------- d-----w- c:\program files\MSXML 4.0
2011-06-09 09:14 . 2011-06-09 09:14 -------- d-----w- c:\programdata\NokiaAccount
2011-06-09 08:58 . 2009-07-14 17:45 445008 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2011-06-09 08:58 . 2009-07-14 17:45 38480 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2011-06-09 08:53 . 2011-06-09 09:24 -------- d-----w- c:\users\Paul\AppData\Local\Nokia
2011-06-09 08:53 . 2011-06-22 23:59 -------- d-----w- c:\programdata\PC Suite
2011-06-09 08:53 . 2011-06-09 09:16 -------- d-----w- c:\users\Paul\AppData\Roaming\PC Suite
2011-06-09 08:51 . 2011-06-09 08:51 -------- d-----w- c:\program files\Common Files\Nokia
2011-06-09 08:51 . 2011-06-09 08:51 -------- d-----w- c:\program files\DIFX
2011-06-09 08:51 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2011-06-09 08:50 . 2011-06-09 08:50 -------- d-----w- c:\program files\PC Connectivity Solution
2011-06-09 08:49 . 2010-12-02 14:13 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2011-06-09 08:49 . 2011-06-22 23:59 -------- d-----w- c:\programdata\NokiaInstallerCache
2011-06-09 08:49 . 2011-06-09 08:51 -------- d-----w- c:\program files\Nokia
2011-06-09 07:58 . 2011-06-09 07:58 -------- d-----w- c:\users\Paul\AppData\Local\{19427B42-C493-4EC0-8CDC-2893A6FAE861}
2011-06-08 07:31 . 2011-06-08 07:31 -------- d-----w- c:\users\Paul\AppData\Local\{5B75D84C-5465-4B2E-982E-5831DE0762DE}
2011-06-06 11:55 . 2011-06-06 11:55 183696 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2011-06-06 07:57 . 2011-06-07 08:12 -------- d-----w- c:\users\Paul\AppData\Local\{4E028452-A3C8-4018-92BA-7084E6D80DA5}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 08:03 . 2010-02-24 11:56 848 --sha-w- c:\programdata\KGyGaAvL.sys
2011-05-24 18:14 . 2010-06-11 11:18 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 08:03 . 2011-05-24 08:03 161792 ----a-w- c:\windows\system32\msls31.dll
2011-05-24 08:03 . 2011-05-24 08:03 1126912 ----a-w- c:\windows\system32\wininet.dll
2011-05-24 08:03 . 2011-05-24 08:03 86528 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-24 08:03 . 2011-05-24 08:03 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-24 08:03 . 2011-05-24 08:03 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-24 08:03 . 2011-05-24 08:03 63488 ----a-w- c:\windows\system32\tdc.ocx
2011-05-24 08:03 . 2011-05-24 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-24 08:03 . 2011-05-24 08:03 367104 ----a-w- c:\windows\system32\html.iec
2011-05-24 08:03 . 2011-05-24 08:03 74752 ----a-w- c:\windows\system32\iesetup.dll
2011-05-24 08:03 . 2011-05-24 08:03 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-05-24 08:03 . 2011-05-24 08:03 23552 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-24 08:03 . 2011-05-24 08:03 152064 ----a-w- c:\windows\system32\wextract.exe
2011-05-24 08:03 . 2011-05-24 08:03 150528 ----a-w- c:\windows\system32\iexpress.exe
2011-05-24 08:03 . 2011-05-24 08:03 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-24 08:03 . 2011-05-24 08:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-24 08:03 . 2011-05-24 08:03 11776 ----a-w- c:\windows\system32\mshta.exe
2011-05-24 08:03 . 2011-05-24 08:03 101888 ----a-w- c:\windows\system32\admparse.dll
2011-05-24 08:03 . 2011-05-24 08:03 35840 ----a-w- c:\windows\system32\imgutil.dll
2011-05-24 08:03 . 2011-05-24 08:03 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\windows\system32\%APPDATA% ----
.
2011-07-04 17:32 . 2011-07-05 13:45 16384 --sha-w- c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"D066UUtility"="c:\windows\TWAIN_32\D66U\D066UUTY.EXE" [2000-07-06 32768]
"DLPSP"="c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2009-07-08 406840]
"DLUPDR"="c:\program files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE" [2009-07-08 243008]
"DLQLU"="c:\program files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE" [2009-07-08 816368]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" [2009-09-25 906496]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe" [2009-08-12 56064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-19 6265376]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2008-03-18 15:58 58672 ----a-w- c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 11:55 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor]
2008-08-08 17:30 16712 ----a-r- c:\program files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel Photo Downloader]
2008-08-08 17:30 532808 ----a-r- c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 02:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2011-05-20 15:56 724536 ----a-w- c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9c7fdbc428860;Google Update Service (gupdate1c9c7fdbc428860);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 133104]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\DD63.tmp [x]
R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2009-06-30 28552]
S1 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2009-09-30 75016]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-06-16 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2008-03-28 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2009-06-16 193800]
S1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-06-16 12:33 159112]
S1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2010-05-26 18816]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-06-16 46728]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-08-19 81920]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2009-08-06 49160]
S2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE [2006-12-07 140184]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost [x]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2009-06-30 163336]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe [2009-08-25 28928]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-08-19 27648]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-08-26 112128]
S3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\DRIVERS\neti1639.sys [2009-09-09 199432]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S4 Micorsoft Windows Service;Micorsoft Windows Service;c:\windows\system32\config\systemprofile\cdiygtjw.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MICORSOFT_WINDOWS_SERVICE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
panda REG_MULTI_SZ Gwmsrv
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:34]
.
2011-07-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-28 12:34]
.
2011-07-05 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2009-04-16 07:02]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-05 22:37
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\DD63.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,bd,0c,6b,ab,e1,5f,46,89,f4,cd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,bd,0c,6b,ab,e1,5f,46,89,f4,cd,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
c:\program files\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
c:\program files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conime.exe
c:\windows\PEV.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-07-05 22:41:25 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-05 21:41
ComboFix2.txt 2011-07-05 14:57
.
Pre-Run: 257,004,711,936 bytes free
Post-Run: 256,697,839,616 bytes free
.
- - End Of File - - D1E3F4782B6C37CBC8531F1F4640FC9C

#6 mikeleafe

New Member

Authentic Member
19 posts

Posted 05 July 2011 - 03:51 PM

heres the malwarebytes log Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 7026 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 05/07/2011 22:48:37 mbam-log-2011-07-05 (22-48-37).txt Scan type: Quick scan Objects scanned: 161061 Time elapsed: 2 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

#7 mikeleafe

New Member

Authentic Member
19 posts

Posted 05 July 2011 - 04:47 PM

and heres the onlinescan log C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\42E8.tmp.vir a variant of Win32/Kryptik.PJV trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\System32\config\systemprofile\mwfmfysqygfgoseh.exe.vir a variant of Win32/Kryptik.PJV trojan cleaned by deleting - quarantined C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\6685d300-2df082dc Java/Exploit.CVE-2010-4452.A trojan cleaned by deleting - quarantined C:\Users\Paul\AppData\Roaming\0E43A580309DD6D9EC04AE2513C6C8EA\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application cleaned by deleting - quarantined C:\Users\Paul\Downloads\Mp4PlayerSetup.exe probably a variant of Win32/TrojanDownloader.Agent.KXBJNTQ trojan deleted - quarantined C:\Windows\System32\config\systemprofile\5169.tmp a variant of Win32/Kryptik.PJV trojan cleaned by deleting - quarantined C:\Windows\System32\config\systemprofile\mwfmfysqygfgoseh.exe a variant of Win32/Kryptik.PJV trojan cleaned by deleting - quarantined

#8 mikeleafe

New Member

Authentic Member
19 posts

Posted 05 July 2011 - 05:11 PM

its past midnight here, i need to get some sleep, have left computer on and will check back in the morning, thanks for the help so far. mike

#9 mowman

SuperMember

Malware Team
2,669 posts

Posted 05 July 2011 - 06:03 PM

Reboot the computer,then open OTL,click run scan and post the log,also tell me how the computer is running now.

#10 mikeleafe

New Member

Authentic Member
19 posts

Posted 06 July 2011 - 12:51 AM

Hi mowman

rebooted but problem is still there, the computer runs fine except for ie9 openening on its own. The 2 files mwfmfysqygfgoseh.exe and 4bce.tmp have reapeared in the folder c:\windows\system32\config\systemprofile, below is otl log

OTL logfile created on: 06/07/2011 07:42:27 - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\Paul\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.85% Memory free
6.13 Gb Paging File | 4.73 Gb Available in Paging File | 77.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.01 Gb Total Space | 239.03 Gb Free Space | 82.99% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 2.87 Gb Free Space | 28.74% Space Free | Partition Type: NTFS

Computer Name: PAUL-PC | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\config\systemprofile\4BCE.tmp ()
PRC - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Adobe\Reader 10.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE (Panda Security, S.L.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\psksvc.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrlS.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\dlupdr.exe (Dell Inc.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpsp.exe (Dell Inc.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\WebProxy.exe (Panda Security, S.L.)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\FIREWALL\PSHost.exe (Panda Security International)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe (Panda Security, S.L.)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)
PRC - C:\Windows\twain_32\D66U\D066UUTY.EXE ()

========== Modules (SafeList) ==========

MOD - C:\Users\Paul\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (PAVSRV) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe (Panda Security, S.L.)
SRV - (DLPWD) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlpwdnt.exe (Dell Inc.)
SRV - (PskSvcRetail) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe (Panda Security, S.L.)
SRV - (Panda Software Controller) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe (Panda Security, S.L.)
SRV - (PAVFNSVR) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe (Panda Security, S.L.)
SRV - (TPSrv) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe (Panda Security, S.L.)
SRV - (PSHost) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Firewall\PSHOST.EXE (Panda Security International)
SRV - (AERTFilters) -- C:\Windows\System32\AERTSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Gwmsrv) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll (Panda Security, S.L.)
SRV - (PSIMSVC) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe (Panda Security S.L.)
SRV - (PavPrSrv) -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe (Panda Security, S.L.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (DLSDB) -- C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe (Dell Inc.)

========== Driver Services (SafeList) ==========

DRV - (PavTPK.sys) -- File not found
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (SAVRKBootTasks) -- C:\Windows\System32\SAVRKBootTasks.sys (Sophos Plc)
DRV - (APPFLT) -- C:\Windows\System32\drivers\APPFLT.SYS (Panda Security, S.L.)
DRV - (NETIMFLT01060039) -- C:\Windows\System32\drivers\neti1639.sys (Panda Security, S.L.)
DRV - (AmFSM) -- C:\Windows\System32\drivers\amm8660.sys (Panda Security, S.L.)
DRV - (PavProc) -- C:\Windows\System32\drivers\PavProc.sys (Panda Security, S.L.)
DRV - (pavboot) -- C:\Windows\system32\Drivers\pavboot.sys (Panda Security, S.L.)
DRV - (WNMFLT) -- C:\Windows\System32\drivers\wnmflt.sys (Panda Security, S.L.)
DRV - (NETFLTDI) -- C:\Windows\System32\drivers\NETFLTDI.SYS (Panda Security, S.L.)
DRV - (IDSFLT) -- C:\Windows\System32\drivers\idsflt.sys (Panda Security, S.L.)
DRV - (DSAFLT) -- C:\Windows\System32\drivers\dsaflt.sys (Panda Security, S.L.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (RtNdPt60) -- C:\Windows\System32\drivers\RtNdPt60.sys (Windows ® Codename Longhorn DDK provider)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (FNETMON) -- C:\Windows\System32\drivers\fnetmon.sys (Panda Security, S.L.)
DRV - (ShldDrv) -- C:\Windows\System32\drivers\ShlDrv51.sys (Panda Security, S.L.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/?ocid=OIE9HP
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011/06/09 09:51:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011/06/09 09:51:14 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2011/07/05 22:35:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [D066UUtility] C:\Windows\twain_32\D66U\D066UUTY.EXE ()
O4 - HKLM..\Run: [DLPSP] C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLQLU] C:\Program Files\Dell Printers\Additional Color Laser Software\Launcher\DLQLU.EXE (Dell Inc.)
O4 - HKLM..\Run: [DLUPDR] C:\Program Files\Dell Printers\Additional Color Laser Software\Updater\DLUPDR.EXE (Dell Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\Windows\System32\avldr.dll (Panda Security, S.L.)
O24 - Desktop WallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Paul\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/06 07:41:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/07/05 22:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/05 22:35:55 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/07/05 22:29:58 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/07/05 15:57:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\temp
[2011/07/05 15:49:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/07/05 15:49:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/07/05 15:49:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/07/05 15:49:15 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/07/05 15:49:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/05 15:49:09 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/07/05 15:48:04 | 004,131,692 | R--- | C] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2011/07/05 13:14:08 | 000,000,000 | ---D | C] -- C:\Program Files\GIANT Company Software
[2011/07/05 13:13:57 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2011/07/05 09:42:47 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/07/05 09:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/05 09:42:42 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/07/05 09:42:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/04 22:00:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/04 19:03:17 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2011/07/04 18:32:06 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/07/04 15:42:27 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2011/07/04 12:12:45 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Paul\Desktop\setup-spybotsd162.exe
[2011/07/04 12:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/04 12:09:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/07/04 12:09:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/04 10:55:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/07/04 10:54:36 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/07/03 18:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/07/03 18:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/06/29 20:38:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\Malwarebytes
[2011/06/29 07:50:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2011/06/29 07:50:00 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/06/29 07:43:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{C8DDA1F2-1573-4419-B26B-9D47B513CB24}
[2011/06/24 14:58:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2011/06/24 12:58:41 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{1AB82F8B-455E-4E4E-82F6-130F833B3D04}
[2011/06/23 14:40:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/06/23 14:40:16 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011/06/23 12:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/06/23 12:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/06/23 12:13:33 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/06/23 09:03:40 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{0C1184A4-F776-4750-8482-9C77BEEFFDB2}
[2011/06/22 16:01:17 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/06/22 13:49:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/06/22 13:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/06/22 10:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2011/06/22 08:56:49 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{EE615C3A-1A8C-43EF-8D39-E41CD99460DC}
[2011/06/21 08:48:43 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{B81A3A10-1C42-49C0-B458-9CA7220E7429}
[2011/06/20 08:57:28 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{A6A8EE67-B008-4411-ABC2-E6A95520B843}
[2011/06/17 08:52:55 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{054A9C43-7396-4AE9-8932-081365B35620}
[2011/06/16 08:50:44 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{FB2A2C19-5107-44D8-A0CC-00E8A9B97140}
[2011/06/15 17:10:21 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 17:10:20 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/06/15 17:10:20 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/06/15 17:10:20 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 08:55:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{04DC7D24-F86C-41CE-9996-14CACAF9B390}
[2011/06/14 09:00:37 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{EBA4DA58-C65D-4AB7-AC11-038B6BB79233}
[2011/06/13 08:55:14 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{3D151075-E4C9-44BC-AC01-2671C22E5B97}
[2011/06/10 08:32:38 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{8C7F33F3-5B56-45A8-A718-E6942839888F}
[2011/06/09 17:03:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/09 10:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaAccount
[2011/06/09 09:58:53 | 000,038,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\WdfLdr.sys
[2011/06/09 09:53:32 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\Nokia
[2011/06/09 09:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2011/06/09 09:53:23 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Roaming\PC Suite
[2011/06/09 09:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2011/06/09 09:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2011/06/09 09:51:08 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2011/06/09 09:51:08 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/06/09 09:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/06/09 09:49:25 | 000,075,264 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2011/06/09 09:49:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2011/06/09 09:49:01 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/06/09 08:58:25 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{19427B42-C493-4EC0-8CDC-2893A6FAE861}
[2011/06/08 08:31:03 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{5B75D84C-5465-4B2E-982E-5831DE0762DE}
[2011/06/06 08:57:57 | 000,000,000 | ---D | C] -- C:\Users\Paul\AppData\Local\{4E028452-A3C8-4018-92BA-7084E6D80DA5}
[2010/08/25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/06 07:42:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/06 07:41:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2011/07/06 07:41:55 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2011/07/06 07:41:53 | 000,000,120 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2011/07/06 07:41:53 | 000,000,120 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2011/07/06 07:41:50 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2011/07/06 07:41:50 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2011/07/06 07:41:50 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2011/07/06 07:41:50 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2011/07/06 07:41:50 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2011/07/06 07:41:50 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2011/07/06 07:41:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2011/07/06 07:41:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2011/07/06 07:41:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2011/07/06 07:41:50 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2011/07/06 07:41:43 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/06 07:41:33 | 000,000,276 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2011/07/06 07:41:30 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 07:41:30 | 000,003,744 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/07/06 07:41:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/07/06 07:41:25 | 3184,513,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/07/05 22:56:05 | 000,290,792 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/07/05 22:56:05 | 000,290,792 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/07/05 22:42:40 | 000,612,902 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/07/05 22:42:40 | 000,110,212 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/07/05 22:35:52 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/07/05 22:29:42 | 004,131,692 | R--- | M] (Swearware) -- C:\Users\Paul\Desktop\ComboFix.exe
[2011/07/05 15:43:24 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011/07/05 15:07:39 | 1793,934,336 | ---- | M] () -- C:\Users\Paul\Desktop\backup.pst
[2011/07/05 14:44:43 | 000,000,104 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2011/07/05 14:44:43 | 000,000,104 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2011/07/05 14:44:42 | 000,360,756 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2011/07/05 14:44:42 | 000,360,756 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2011/07/05 14:41:48 | 156,877,022 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/07/05 13:07:04 | 000,402,656 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/07/05 13:05:46 | 000,000,000 | ---- | M] () -- C:\Users\Paul\AppData\Local\{450BBDD3-5ADB-4BDB-930C-F0CE43D5762E}
[2011/07/05 09:42:47 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 19:03:17 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Paul\Desktop\OTL.exe
[2011/07/04 18:31:38 | 000,000,646 | ---- | M] () -- C:\Users\Paul\Desktop\config - Shortcut.lnk
[2011/07/04 12:15:49 | 000,001,081 | ---- | M] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 12:15:49 | 000,001,057 | ---- | M] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2011/07/04 12:12:57 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Paul\Desktop\setup-spybotsd162.exe
[2011/07/04 11:43:25 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110704-174805.backup
[2011/07/04 10:54:36 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/26 07:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/24 17:08:30 | 000,001,709 | ---- | M] () -- C:\Windows\System32\ACTIVE_X
[2011/06/24 09:25:46 | 000,002,633 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Office Outlook 2007.lnk
[2011/06/24 09:03:26 | 000,000,848 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2011/06/23 14:40:35 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/23 10:18:14 | 000,002,091 | ---- | M] () -- C:\Users\Paul\Desktop\Google Earth.lnk
[2011/06/23 09:14:31 | 000,000,848 | ---- | M] () -- C:\Users\Paul\Desktop\QuickTimePlayer - Shortcut.lnk
[2011/06/23 09:12:31 | 000,002,012 | ---- | M] () -- C:\Users\Paul\Desktop\Panda Antivirus Pro 2010.lnk
[2011/06/23 09:12:13 | 000,002,217 | ---- | M] () -- C:\Users\Paul\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2011/06/23 09:11:06 | 000,000,371 | ---- | M] () -- C:\Users\Paul\Desktop\Pictures - Shortcut.lnk
[2011/06/22 16:30:01 | 000,000,951 | ---- | M] () -- C:\Users\Paul\Desktop\Internet Explorer.lnk
[2011/06/15 09:31:33 | 000,002,627 | ---- | M] () -- C:\Users\Paul\Desktop\Microsoft Office Word 2007.lnk
[2011/06/09 09:59:09 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/06/09 09:59:08 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/05 15:49:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/07/05 15:49:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/07/05 15:49:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/07/05 15:49:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/07/05 15:49:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/07/05 14:57:38 | 1793,934,336 | ---- | C] () -- C:\Users\Paul\Desktop\backup.pst
[2011/07/05 14:41:50 | 3184,513,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/07/05 13:05:46 | 000,000,000 | ---- | C] () -- C:\Users\Paul\AppData\Local\{450BBDD3-5ADB-4BDB-930C-F0CE43D5762E}
[2011/07/05 09:42:47 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/04 18:31:38 | 000,000,646 | ---- | C] () -- C:\Users\Paul\Desktop\config - Shortcut.lnk
[2011/07/04 12:09:53 | 000,001,081 | ---- | C] () -- C:\Users\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/07/04 12:09:53 | 000,001,057 | ---- | C] () -- C:\Users\Paul\Desktop\Spybot - Search & Destroy.lnk
[2011/06/23 14:40:35 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011/06/23 14:40:35 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011/06/23 13:18:03 | 000,001,709 | ---- | C] () -- C:\Windows\System32\ACTIVE_X
[2011/06/23 10:18:14 | 000,002,091 | ---- | C] () -- C:\Users\Paul\Desktop\Google Earth.lnk
[2011/06/23 09:14:31 | 000,000,848 | ---- | C] () -- C:\Users\Paul\Desktop\QuickTimePlayer - Shortcut.lnk
[2011/06/23 09:12:31 | 000,002,012 | ---- | C] () -- C:\Users\Paul\Desktop\Panda Antivirus Pro 2010.lnk
[2011/06/23 09:12:13 | 000,002,217 | ---- | C] () -- C:\Users\Paul\Desktop\Corel Paint Shop Pro Photo X2.lnk
[2011/06/23 09:11:06 | 000,000,371 | ---- | C] () -- C:\Users\Paul\Desktop\Pictures - Shortcut.lnk
[2011/06/22 16:30:01 | 000,000,951 | ---- | C] () -- C:\Users\Paul\Desktop\Internet Explorer.lnk
[2011/06/22 16:01:10 | 156,877,022 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/06/09 09:59:09 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2011/06/09 09:59:08 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011/06/09 09:58:54 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010/10/06 15:27:05 | 000,000,024 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\oidzga.dat
[2010/08/25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/08/25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/08/25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/08/25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010/08/25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010/08/25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010/07/22 10:08:22 | 000,290,792 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2010/07/22 10:08:22 | 000,290,792 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2010/07/22 10:00:59 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2010/02/24 12:56:14 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/02/12 11:53:39 | 000,010,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/02/12 11:52:25 | 000,000,036 | ---- | C] () -- C:\Users\Paul\AppData\Roaming\swk.ini
[2009/10/28 10:40:34 | 000,000,031 | ---- | C] () -- C:\Windows\System32\wsodsini.dll
[2009/10/28 10:40:28 | 000,000,530 | ---- | C] () -- C:\Windows\System32\tx14_ic.ini
[2009/10/21 09:05:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/21 09:05:20 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/21 09:04:57 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/09 16:22:24 | 000,000,154 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/05/18 09:24:44 | 000,086,016 | ---- | C] () -- C:\Windows\System32\custmon32.dll
[2009/05/13 09:07:25 | 000,000,035 | ---- | C] () -- C:\Windows\A4W.INI
[2009/05/13 09:06:31 | 000,000,024 | ---- | C] () -- C:\Windows\pstudio.ini
[2009/05/13 09:06:31 | 000,000,011 | ---- | C] () -- C:\Windows\album.ini
[2009/04/22 09:37:47 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/04/22 09:37:47 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/04/22 09:37:47 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/04/22 09:37:47 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/04/22 09:37:47 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/04/22 09:37:47 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/04/22 09:37:47 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/04/22 09:37:47 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/04/22 09:37:47 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/04/22 09:37:47 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2009/04/22 09:37:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/04/22 09:37:47 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/04/22 09:37:47 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/04/22 09:37:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/04/22 09:37:47 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/04/22 09:37:47 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2009/04/22 09:37:47 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2009/04/22 09:37:47 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/04/22 09:37:47 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/04/22 09:21:33 | 000,000,025 | ---- | C] () -- C:\Windows\CDED92Euro.ini
[2009/04/17 08:04:27 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1545.dll
[2009/04/17 08:04:27 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009/04/17 08:04:27 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2009/04/17 08:02:09 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/02/03 23:44:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:43 | 000,402,656 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 11:33:01 | 000,612,902 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,110,212 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004/06/30 16:04:46 | 000,040,960 | ---- | C] () -- C:\Windows\System32\SDelete.dll
[2004/05/10 17:04:54 | 000,192,512 | R--- | C] () -- C:\Windows\System32\GCCollection.dll
[2004/03/07 14:51:00 | 000,024,924 | ---- | C] () -- C:\Windows\System32\openports.dll
[2001/02/06 08:18:21 | 000,061,502 | ---- | C] () -- C:\Windows\System32\ODBCMON.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Advertisements

Register to Remove

#11 mowman

SuperMember

Malware Team
2,669 posts

Posted 06 July 2011 - 03:55 AM

SPYBOT TEATIMER

Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
On the left hand side, click on Tools, then click on the Resident Icon in the list.
Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
Click on the "System Startup" icon in the List
Uncheck the "TeaTimer" box and "OK" any prompts.
If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
Exit Spybot S&D when done and reboot your computer.
(When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

:Services

:Otl
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

:Files
C:\Windows\System32\config\systemprofile\4BCE.tmp 
C:\Windows\System32\config\systemprofile\mwfmfysqygfgoseh.exe 

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Please download Rootkit Unhooker and save it to your desktop.
Link 1
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers and Stealth
Uncheck the rest. then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
Wait till the scanner has finished and then click File > Save Report.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in your next reply.

Note** you may get the following warning, just click OK and continue.

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Let me know if those files reappear again after reboot.

#12 mikeleafe

New Member

Authentic Member
19 posts

Posted 06 July 2011 - 07:19 AM

heres the otl log All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found. ========== FILES ========== C:\Windows\System32\config\systemprofile\4BCE.tmp moved successfully. C:\Windows\System32\config\systemprofile\mwfmfysqygfgoseh.exe moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Paul ->Temp folder emptied: 34184 bytes ->Temporary Internet Files folder emptied: 1060695461 bytes ->Java cache emptied: 2109146 bytes ->Flash cache emptied: 200676 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 1,014.00 mb OTL by OldTimer - Version 3.2.25.0 log created on 07062011_141514 Files\Folders moved on Reboot... C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZZ41621V\like[1].htm moved successfully. C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZQL19850\index[10].htm moved successfully. C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\18SHY0UU\iframe[2].htm moved successfully. C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully. C:\Users\Paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. Registry entries deleted on Reboot...

#13 mikeleafe

New Member

Authentic Member
19 posts

Posted 06 July 2011 - 07:26 AM

rkunhooker report RkU Version: 3.8.389.593, Type LE (SR2) ============================================== OS Name: Windows Vista Version 6.0.6002 (Service Pack 2) Number of processors #2 ============================================== >Drivers ============================================== 0x8E804000 C:\Windows\system32\DRIVERS\igdkmd32.sys 9555968 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver) 0x8260C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System) 0x8260C000 PnpManager 3907584 bytes 0x8260C000 RAW 3907584 bytes 0x8260C000 WMIxWDM 3907584 bytes 0x8F80D000 C:\Windows\system32\drivers\RTKVHDA.sys 2158592 bytes (Realtek Semiconductor Corp., Realtek® High Definition Audio Function Driver) 0x98800000 Win32k 2113536 bytes 0x98800000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver) 0x8AC00000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver) 0x8A80B000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver) 0x8AA0E000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver) 0x804D2000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module) 0x8107B000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver) 0x8AB13000 C:\Windows\System32\Drivers\dump_iaStor.sys 888832 bytes 0x8A60D000 C:\Windows\system32\drivers\iastor.sys 888832 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32) 0xAD20C000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor) 0x8F121000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel) 0x8F20C000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver) 0x8F606000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector) 0x8A731000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface) 0x80601000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime) 0x80408000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library) 0xAD2EB000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack) 0x8A7A2000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver) 0x81005000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver) 0x98A50000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver) 0x8071C000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver) 0x8FB8D000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock) 0x80680000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT) 0x80491000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver) 0x8F34A000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver) 0x8A97C000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver) 0x8F778000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver) 0x8A941000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem) 0x807BE000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr) 0x8AD10000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver) 0x8F6ED000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB) 0x829C6000 ACPI_HAL 208896 bytes 0x829C6000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL) 0x8A6E6000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager) 0x8F733000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver) 0x8A9BA000 C:\Windows\system32\DRIVERS\neti1639.sys 196608 bytes (Panda Security, S.L., netimflt) 0x8F31B000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver) 0x8F7BE000 C:\Windows\system32\Drivers\IDSFLT.SYS 188416 bytes (Panda Security, S.L., Intrusion Detection System) 0x8FA1C000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices)) 0x8A916000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider) 0x8F6AC000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library) 0x8116F000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver) 0x805B2000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver) 0x8AD60000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache) 0x81054000 C:\Windows\system32\DRIVERS\PavProc.sys 159744 bytes (Panda Security, S.L., Panda Protection driver) 0x806D7000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator) 0x8FB67000 C:\Windows\system32\Drivers\NETFLTDI.SYS 155648 bytes (Panda Security, S.L., Panda TDI Filter) 0x8FA49000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter) 0x8F3B8000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption)) 0x8F299000 C:\Windows\system32\DRIVERS\Rtlh86.sys 139264 bytes (Realtek Corporation , Realtek 8101E/8168/8169 NDIS6 32-bit Driver ) 0x8AD98000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll) 0x8FA6E000 C:\Windows\system32\drivers\IntcHdmi.sys 135168 bytes (Intel® Corporation, Intel® High Definition Audio HDMI) 0xAD3A3000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr) 0x8FAEA000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver) 0xAD3C4000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr) 0xAD358000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver) 0x8AAF8000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API) 0x80793000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver) 0x8F2BB000 C:\Windows\system32\DRIVERS\serial.sys 106496 bytes (Microsoft Corporation, Serial Device Driver) 0xAD375000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver) 0x8F2FD000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver) 0xAD3E3000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector) 0x8077C000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver) 0x8F396000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver) 0x81197000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver) 0x8FBD5000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler) 0x8FB3D000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver) 0xAD38E000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver) 0x8F1E7000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager) 0x8F3EA000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol) 0x8FB53000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver) 0x8F2DF000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver) 0xAD2CC000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6) 0x8F765000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver) 0x8ABEC000 C:\Windows\system32\Drivers\APPFLT.SYS 69632 bytes (Panda Security, S.L., Panda APPFLT) 0x8AD87000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver) 0x8F722000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy) 0x80478000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver) 0x807AE000 C:\Windows\system32\DRIVERS\amm8660.sys 65536 bytes (Panda Security, S.L., Panda Anti-Malware File System Minifilter) 0x8A718000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver) 0x8FA98000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library) 0xAD2BC000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver) 0x80766000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager) 0x8F68F000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver) 0x8ADE3000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver) 0x8A9EA000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver) 0x8AD51000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver) 0x806FE000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver) 0x8F3DB000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver) 0x8F1D8000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver) 0x8070D000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver) 0x98A40000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver) 0x8FBEB000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver) 0x8FB26000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver) 0x80672000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader) 0x8ADF2000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver) 0x8ADC2000 C:\Windows\system32\PavTPK.sys 53248 bytes 0x8F6E0000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator) 0x8F7EC000 C:\Windows\system32\Drivers\DSAFLT.SYS 49152 bytes (Panda Security, S.L., -) 0xAD2DF000 C:\Windows\system32\DRIVERS\RtNdPt60.sys 49152 bytes (Windows ® Codename Longhorn DDK provider, NDIS User mode I/O Driver) 0x81163000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver) 0x8FADE000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver) 0x8F1C1000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver) 0x8F2F2000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver) 0x8F69F000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver) 0x8FB1B000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver) 0x8F3AD000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver) 0x8F38B000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper) 0x8ADCF000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x8F1CD000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver) 0x8F200000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver) 0x8F6D6000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver) 0x8F7B4000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy) 0x81159000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver) 0x8F2D5000 C:\Windows\system32\DRIVERS\serenum.sys 40960 bytes (Microsoft Corporation, Serial Port Enumerator) 0x8F800000 C:\Windows\system32\Drivers\WNMFLT.SYS 40960 bytes (Panda Security, S.L., -) 0x811B5000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver) 0x8ADB9000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver) 0x8FABE000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver) 0x8FA8F000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices) 0x8A728000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP) 0x8FB34000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver) 0x8FAD5000 C:\Windows\System32\DRIVERS\ShlDrv51.sys 36864 bytes (Panda Security, S.L., PandaShield driver) 0x98A20000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver) 0x8ADDA000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver) 0x806C6000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll) 0x80489000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver) 0x811AD000 C:\Windows\system32\config\systemprofile\cdiygtjw.sys 32768 bytes 0x8FAB1000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver) 0x806CF000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver) 0x8FB0B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8FB13000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport) 0x8AD49000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor) 0x8FACE000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver) 0x8FAA8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library) 0x80401000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL) 0x8FAC7000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver) 0x8F315000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter) 0x80776000 C:\Windows\system32\Drivers\pavboot.sys 24576 bytes (Panda Security, S.L., Panda Boot Driver) 0x8FAB9000 C:\Windows\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Plc, Sophos boot tasks for Windows 2000) 0x8FBF9000 C:\Windows\system32\Drivers\fnetmon.SYS 16384 bytes (Panda Security, S.L., Panda FNetMon) 0x8F6AA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator) 0x8FAAF000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver) ============================================== >Stealth ==============================================

#14 mikeleafe

New Member

Authentic Member
19 posts

Posted 06 July 2011 - 07:31 AM

files have appeared again in same folder as before also i noticed this file which panda had picked up as a virus C:\Windows\system32\config\systemprofile\cdiygtjw.sys 32768 bytes

Edited by mikeleafe, 06 July 2011 - 09:05 AM.

#15 mowman

SuperMember

Malware Team
2,669 posts

Posted 06 July 2011 - 03:48 PM

I have asked for some other people to take a look at this as I am at a loss why these files keep reappearing,will get back to you asap.

Body Background

skin color theme