Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus trj/downloader.mdw


  • This topic is locked This topic is locked
27 replies to this topic

#1 cowboys2006

cowboys2006

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 15 December 2008 - 09:52 PM

Mod. edit: For contextual information and for what has been done, please read this topic: http://www.bleepingcomputer.com/forums/t/185666/trjdownloadermdw/ ~ OB

DDS (Version 1.0.1) - NTFSx86
Run by d at 20:12:02.72 on Mon 12/15/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.277 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\WINDOWS\system32\PSIService.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\d\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 192.168.0.1:80
uInternet Settings,ProxyOverride = 192.168.0.1;
BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1B29C093-FF94-4607-A625-E3DDF190CA29} - c:\windows\system32\amstrea.dll
BHO: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2008\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2008\Inicio.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRunOnce: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\panda security\panda internet security 2008\pavlsp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2008-12-3 28544]
R0 refblhlo;refblhlo;c:\windows\system32\drivers\refblhlo.sys [2003-7-16 23424]
R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\drivers\APPFLT.SYS [2008-6-8 71608]
R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\drivers\DSAFLT.SYS [2008-6-8 51256]
R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\drivers\fnetmon.SYS [2008-6-8 21816]
R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\drivers\IDSFLT.SYS [2008-6-8 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\drivers\NETFLTDI.SYS [2008-6-8 132664]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-6-8 38968]
R1 SMSFLT;SMS Filter Plugin;\??\c:\windows\system32\drivers\SMSFLT.SYS [2008-6-8 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\drivers\WNMFLT.SYS [2008-6-8 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-6-8 24760]
R2 KodakSvc;Kodak AiO Device Service;"c:\program files\kodak\printer\center\KodakSvc.exe" [2007-12-13 18944]
R2 Panda Software Controller;Panda Software Controller;"c:\program files\panda security\panda internet security 2008\PsCtrls.exe" [2008-6-8 169264]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2008-6-8 83896]
R2 PAVFNSVR;Panda Function Service;"c:\program files\panda security\panda internet security 2008\PavFnSvr.exe" [2008-6-8 173360]
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\PavProc.sys [2008-6-8 178872]
R2 PavPrSrv;Panda Process Protection Service;"c:\program files\common files\panda software\pavshld\pavprsrv.exe" [2008-6-8 63024]
R2 PAVSRV;Panda anti-virus service;"c:\program files\panda security\panda internet security 2008\pavsrv51.exe" [2008-6-8 148272]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []
R3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\COMFiltr.sys [2008-11-16 13880]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2008-6-8 143160]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []
R3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]
S0 grnswjis;grnswjis;c:\windows\system32\drivers\oxsl.sys []
S0 iufd;iufd;c:\windows\system32\drivers\Ipin.sys []
S0 kdwmvfni;kdwmvfni;c:\windows\system32\drivers\mjpkkeb.sys []
S0 ptfkcwyx;ptfkcwyx;c:\windows\system32\drivers\wckrn.sys []
S0 rvzazee;rvzazee;c:\windows\system32\drivers\tprkyxmz.sys []

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2008-12-15 18:59 18,224 a------- c:\windows\system32\pfdnnt.exe
2008-12-15 10:58 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2008-12-15 10:58 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-15 10:58 --d----- c:\docume~1\alluse~1\applic~1\Innova Electronics Corp
2008-12-15 10:56 --d----- c:\program files\RepairSolutions
2008-12-13 21:54 --d----- c:\program files\Photo Viewer
2008-12-13 02:03 --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-13 02:03 --d----- c:\program files\SUPERAntiSpyware
2008-12-13 02:03 --d----- c:\docume~1\d\applic~1\SUPERAntiSpyware.com
2008-12-12 11:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-12 11:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 11:39 --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 20:50 --d----- C:\Temp
2008-12-07 09:55 --d----- c:\windows\system32\scripting
2008-12-07 09:54 --d----- c:\windows\l2schemas
2008-12-07 09:54 --d----- c:\windows\system32\en
2008-12-07 03:27 276,992 -------- c:\windows\system32\wmphoto.dll
2008-12-07 03:27 69,120 -------- c:\windows\system32\wlanapi.dll
2008-12-07 03:27 346,112 -------- c:\windows\system32\windowscodecsext.dll
2008-12-07 03:27 712,704 -------- c:\windows\system32\windowscodecs.dll
2008-12-07 03:26 50,688 -------- c:\windows\system32\tspkg.dll
2008-12-07 03:26 53,248 -------- c:\windows\system32\tsgqec.dll
2008-12-07 03:26 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-07 03:26 32,768 -------- c:\windows\system32\setupn.exe
2008-12-07 03:25 290,304 -------- c:\windows\system32\rhttpaa.dll
2008-12-07 03:25 61,952 -------- c:\windows\system32\rasqec.dll
2008-12-07 03:25 76,800 -------- c:\windows\system32\qutil.dll
2008-12-07 03:25 62,464 -------- c:\windows\system32\qcliprov.dll
2008-12-07 03:25 291,328 -------- c:\windows\system32\qagentrt.dll
2008-12-07 03:25 150,528 -------- c:\windows\system32\qagent.dll
2008-12-07 03:25 412,160 -------- c:\windows\system32\photometadatahandler.dll
2008-12-07 03:25 144,384 -------- c:\windows\system32\onex.dll
2008-12-07 03:24 193,024 -------- c:\windows\system32\napmontr.dll
2008-12-07 03:24 176,640 -------- c:\windows\system32\napstat.exe
2008-12-07 03:24 30,208 -------- c:\windows\system32\napipsec.dll
2008-12-07 03:24 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2008-12-07 03:24 79,872 -------- c:\windows\system32\msxml6r.dll
2008-12-07 03:24 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2008-12-07 03:24 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-12-07 03:24 76,800 -------- c:\windows\system32\msshavmsg.dll
2008-12-07 03:24 155,136 -------- c:\windows\system32\mssha.dll
2008-12-07 03:23 33,792 -------- c:\windows\system32\mmcperf.exe
2008-12-07 03:23 397,312 -------- c:\windows\system32\mmcex.dll
2008-12-07 03:23 184,320 -------- c:\windows\system32\microsoft.managementconsole.dll
2008-12-07 03:23 106,496 -------- c:\windows\system32\mmcfxcommon.dll
2008-12-07 03:23 37,376 -------- c:\windows\system32\l2gpstore.dll
2008-12-07 03:23 61,440 -------- c:\windows\system32\kmsvc.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdpash.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdnepr.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdiultn.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdbhc.dll
2008-12-07 03:21 7,168 -------- c:\windows\system32\bitsprx4.dll
2008-12-07 03:21 233,472 -------- c:\windows\system32\azroles.dll
2008-12-07 03:21 136,192 -------- c:\windows\system32\aaclient.dll
2008-12-06 19:45 --d----- c:\docume~1\d\applic~1\Malwarebytes
2008-12-06 19:45 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-06 14:47 --d----- c:\program files\Spybot - Search & Destroy
2008-12-06 14:47 --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-03 22:11 --d----- c:\windows\pss
2008-12-03 21:04 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2008-11-26 23:27 --d----- c:\program files\Sony Setup
2008-11-23 20:59 7,680 a------- c:\windows\system32\ff_vfw.dll
2008-11-23 20:59 547 a------- c:\windows\system32\ff_vfw.dll.manifest
2008-11-23 20:59 60,273 a------- c:\windows\system32\pthreadGC2.dll
2008-11-23 20:58 --d----- c:\program files\ffdshow
2008-11-16 20:48 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys
2008-11-16 15:14 94,720 a------- c:\windows\system32\amstrea.dll
2008-11-16 09:04 221,184 a------- c:\windows\system32\wmpns.dll
2008-11-16 09:04 --d----- c:\program files\Windows Media Connect 2

==================== Find3M ====================

2008-12-15 20:03 102 a------- c:\program files\ryjw.txt
2008-12-15 18:01 1,244 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-15 18:01 1,244 a------- c:\windows\system32\drivers\APPFLTR.CFG
2008-12-15 18:01 286,456 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-15 18:01 286,456 a------- c:\windows\system32\drivers\APPFCONT.DAT
2008-12-15 17:53 102 a------- c:\program files\hvwkovat.txt
2008-12-07 01:27 0 a------- c:\windows\system32\drivers\wnmsav.dat
2008-10-24 05:21 455,296 a------- c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-06-25 20:14 58,880 a---h--- c:\docume~1\d\applic~1\MBSQTImporterPlugin6863.dll
2008-06-25 20:14 48,640 a---h--- c:\docume~1\d\applic~1\MBSQuickTimePlugin6863.dll
2008-06-25 20:14 37,888 a---h--- c:\docume~1\d\applic~1\MBSQTMovieExporterPlugin6863.dll
2008-06-25 20:14 31,744 a---h--- c:\docume~1\d\applic~1\MBSIconPlugin6867.dll
2008-06-25 20:14 25,600 a---h--- c:\docume~1\d\applic~1\MBSRegistrationPlugin6867.dll
2008-06-25 20:14 88,576 a---h--- c:\docume~1\d\applic~1\rbap550.dll
2008-06-25 20:14 74,240 a---h--- c:\docume~1\d\applic~1\rbqt550.DLL
2008-07-07 18:12 80 ---shr-- c:\windows\system32\05ABBC803B.dll
2008-06-08 18:11 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 20:19:54.91 ===============







UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Version 1.0)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 5/27/2008 11:58:08 PM
System Uptime: 12/15/2008 5:54:41 PM (3 hours ago)

Motherboard: Dell Computer Corporation | | 09U807
Processor: Intel® Pentium® 4 CPU 2.66GHz | Microprocessor | 2657/133mhz


==== Disk Partitions =========================

C: is FIXED (NTFS) - 28 GiB total, 6.587 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Dell TrueMobile 1300 WLAN Mini-PCI Card
Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00011028&REV_02\4&3B90381F&0&10F0
Manufacturer: Broadcom
Name: Dell TrueMobile 1300 WLAN Mini-PCI Card
PNP Device ID: PCI\VEN_14E4&DEV_4320&SUBSYS_00011028&REV_02\4&3B90381F&0&10F0
Service: BCM43XX

==== System Restore Points ===================

RP2: 12/5/2008 10:20:42 PM - System Checkpoint
RP3: 12/7/2008 1:44:56 AM - Software Distribution Service 3.0
RP4: 12/7/2008 1:47:14 AM - Installed Windows XP KB918439.
RP5: 12/7/2008 1:52:02 AM - Installed Windows XP KB931768.
RP6: 12/7/2008 1:54:31 AM - Software Distribution Service 3.0
RP7: 12/7/2008 1:59:08 AM - Installed Windows XP KB912919.
RP8: 12/7/2008 2:04:24 AM - Installed Windows XP KB921503.
RP9: 12/7/2008 3:35:42 AM - Software Distribution Service 3.0
RP10: 12/8/2008 6:16:05 AM - System Checkpoint
RP11: 12/8/2008 8:21:38 AM - Software Distribution Service 3.0
RP12: 12/9/2008 8:50:47 AM - System Checkpoint
RP13: 12/10/2008 9:16:08 AM - System Checkpoint
RP14: 12/10/2008 3:58:15 PM - before fix
RP15: 12/11/2008 3:00:19 AM - Software Distribution Service 3.0
RP16: 12/12/2008 9:02:46 AM - System Checkpoint
RP17: 12/12/2008 11:08:58 PM - Software Distribution Service 3.0
RP18: 12/13/2008 2:03:09 AM - Installed SUPERAntiSpyware Free Edition
RP19: 12/14/2008 2:36:05 AM - System Checkpoint
RP20: 12/15/2008 3:17:46 AM - System Checkpoint
RP21: 12/15/2008 10:56:50 AM - Installed RepairSolutions
RP22: 12/15/2008 11:08:17 AM - Removed RepairSolutions
RP23: 12/15/2008 11:08:35 AM - Installed RepairSolutions.

==== Installed Programs ======================

µTorrent
7-Zip 4.57
Acoustica CD/DVD Label Maker
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
AGEIA PhysX v7.07.09
aiofw
aioocr
aioprnt
aioscnnr
ATI Control Panel
ATI Display Driver
B44Inst
BCM V.92 56K Modem
Broadcom 440x Driver Installer
center
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
Dell ResourceCD
Dell TrueMobile 1400 Dual Band WLAN Mini-PCI Card
Digital Photo Navigator 1.5
dvdSanta 4.50
ffdshow [rev 2301] [2008-11-05]
Focus Magic 3.02
Free CD to MP3 Converter
GetDataBack for FAT and GetDataBack for NTFS
Help_CTR
helptut
helpug
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterVideo DeviceService
Java™ 6 Update 7
KODAK All-in-One Printer Software
ksdip
LightScribe 1.4.89.1
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
netbrdg
Panda ActiveScan 2.0
Panda Internet Security 2008
Photo Viewer V2.4
PokerStars
Power Audio Editor v7.4.0.10
PowerCinema NE for Everio
PowerDirector Express
PowerDVD
PowerProducer
RepairSolutions
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 8 (KB917734)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
SFR
SigmaTel AC97 Audio Drivers
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Total Video Player 1.03
Ulead VideoStudio 11
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
VideoStudio
WeatherBug
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Office 11
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages ===================

12/9/2008 7:24:34 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/9/2008 7:22:43 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPFLT DSAFLT Fips FNETMON IDSFLT intelppm pavboot ShldDrv SMSFLT WNMFLT
12/9/2008 7:22:17 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
12/9/2008 7:11:24 PM, error: Service Control Manager [7022] - The Panda anti-virus service service hung on starting.
12/13/2008 2:10:19 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPFLT DSAFLT Fips FNETMON IDSFLT intelppm pavboot SASDIFSV SASKUTIL ShldDrv SMSFLT WNMFLT

==== End Of File ===========================

Edited by cowboys2006, 15 December 2008 - 10:12 PM.


BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:49 PM

Posted 23 December 2008 - 09:14 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below a staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Information on A/V control HERE

Orange Blossom :thumbsup:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 25 December 2008 - 01:13 AM

ok i willl go ahead and do the following intructions and then will post the results. thanks for your respond and help.

#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:49 PM

Posted 26 December 2008 - 12:19 AM

Hello, cowboys2006
I'll be here to help when you get those logs :thumbsup:

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:49 PM

Posted 28 December 2008 - 05:37 PM

Hello, cowboys2006
Are you still here?

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#6 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 28 December 2008 - 10:21 PM

sorry for the delay i had to attend to a personal matter. i am currently running that program waiting for results will post shortly again sorry. and again thanks for your help

#7 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 28 December 2008 - 10:38 PM

HERE ARE THE RESULTS


DDS (Version 1.1.0) - NTFSx86
Run by d at 21:18:25.99 on Sun 12/28/2008
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.334 [GMT -6:00]

AV: Panda Internet Security 2008 *On-access scanning enabled* (Updated)
FW: Panda Internet Security 2008 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\pavsrv51.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
C:\WINDOWS\system32\PSIService.exe
c:\program files\panda security\panda internet security 2008\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
C:\Documents and Settings\d\Desktop\dds.com
C:\Program Files\Panda Security\Panda Internet Security 2008\psimreal.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 192.168.0.1:80
uInternet Settings,ProxyOverride = 192.168.0.1;<local>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {1b29c093-ff94-4607-a625-e3ddf190ca29} - c:\windows\system32\amstrea.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2008\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2008\Inicio.exe"
mRun: [UVS12 Preload] c:\program files\corel\corel videostudio 12\uvPL.exe
mRun: [UVS11 Preload] c:\program files\ulead systems\ulead videostudio 11\uvPL.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [EverioService] "c:\program files\cyberlink\pcm4everio\EverioService.exe"
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [BCMSMMSG] BCMSMMSG.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
LSP: c:\program files\panda security\panda internet security 2008\pavlsp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda Boot Driver;c:\windows\system32\drivers\pavboot.sys [2008-12-3 28544]
R0 refblhlo;refblhlo;c:\windows\system32\drivers\refblhlo.sys [2003-7-16 23424]
R1 APPFLT;App Filter Plugin;\??\c:\windows\system32\drivers\APPFLT.SYS [2008-6-8 71608]
R1 DSAFLT;DSA Filter Plugin;\??\c:\windows\system32\drivers\DSAFLT.SYS [2008-6-8 51256]
R1 FNETMON;NetMon Filter Plugin;\??\c:\windows\system32\drivers\fnetmon.SYS [2008-6-8 21816]
R1 IDSFLT;Ids Filter Plugin;\??\c:\windows\system32\drivers\IDSFLT.SYS [2008-6-8 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];\??\c:\windows\system32\drivers\NETFLTDI.SYS [2008-6-8 132664]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\SASKUTIL.sys [2008-12-4 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-6-8 38968]
R1 SMSFLT;SMS Filter Plugin;\??\c:\windows\system32\drivers\SMSFLT.SYS [2008-6-8 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;\??\c:\windows\system32\drivers\WNMFLT.SYS [2008-6-8 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [2008-6-8 24760]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2008-6-8 83896]
R2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\drivers\PavProc.sys [2008-6-8 178872]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys []
R3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\drivers\COMFiltr.sys [2008-12-19 13880]
R3 NETIMFLT01050097;PANDA NDIS IM Filter Miniport v1.5.0.97;c:\windows\system32\drivers\netimflt.sys [2008-6-8 143160]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys []
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys []
S0 grnswjis;grnswjis;c:\windows\system32\drivers\oxsl.sys []
S0 iufd;iufd;c:\windows\system32\drivers\Ipin.sys []
S0 kbwwv;kbwwv;c:\windows\system32\drivers\jsxfnhu.sys []
S0 kdwmvfni;kdwmvfni;c:\windows\system32\drivers\mjpkkeb.sys []
S0 ptfkcwyx;ptfkcwyx;c:\windows\system32\drivers\wckrn.sys []
S0 rvzazee;rvzazee;c:\windows\system32\drivers\tprkyxmz.sys []
S3 SASENUM;SASENUM;\??\c:\program files\superantispyware\SASENUM.SYS [2008-12-4 7408]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2008-12-20 14:55 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-12-20 14:55 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-19 12:39 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys
2008-12-15 10:58 10,368 ac------ c:\windows\system32\dllcache\hidusb.sys
2008-12-15 10:58 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-15 10:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Innova Electronics Corp
2008-12-15 10:56 <DIR> --d----- c:\program files\RepairSolutions
2008-12-13 21:54 <DIR> --d----- c:\program files\Photo Viewer
2008-12-13 02:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2008-12-13 02:03 <DIR> --d----- c:\program files\SUPERAntiSpyware
2008-12-13 02:03 <DIR> --d----- c:\docume~1\d\applic~1\SUPERAntiSpyware.com
2008-12-12 11:39 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-12 11:39 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-12 11:39 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 20:50 <DIR> --d----- C:\Temp
2008-12-07 09:55 <DIR> --d----- c:\windows\system32\scripting
2008-12-07 09:54 <DIR> --d----- c:\windows\l2schemas
2008-12-07 09:54 <DIR> --d----- c:\windows\system32\en
2008-12-07 03:27 276,992 -------- c:\windows\system32\wmphoto.dll
2008-12-07 03:27 69,120 -------- c:\windows\system32\wlanapi.dll
2008-12-07 03:27 346,112 -------- c:\windows\system32\windowscodecsext.dll
2008-12-07 03:27 712,704 -------- c:\windows\system32\windowscodecs.dll
2008-12-07 03:26 50,688 -------- c:\windows\system32\tspkg.dll
2008-12-07 03:26 53,248 -------- c:\windows\system32\tsgqec.dll
2008-12-07 03:26 10,240 -------- c:\windows\system32\drivers\sffp_mmc.sys
2008-12-07 03:26 32,768 -------- c:\windows\system32\setupn.exe
2008-12-07 03:25 290,304 -------- c:\windows\system32\rhttpaa.dll
2008-12-07 03:25 61,952 -------- c:\windows\system32\rasqec.dll
2008-12-07 03:25 76,800 -------- c:\windows\system32\qutil.dll
2008-12-07 03:25 62,464 -------- c:\windows\system32\qcliprov.dll
2008-12-07 03:25 291,328 -------- c:\windows\system32\qagentrt.dll
2008-12-07 03:25 150,528 -------- c:\windows\system32\qagent.dll
2008-12-07 03:25 412,160 -------- c:\windows\system32\photometadatahandler.dll
2008-12-07 03:25 144,384 -------- c:\windows\system32\onex.dll
2008-12-07 03:24 193,024 -------- c:\windows\system32\napmontr.dll
2008-12-07 03:24 176,640 -------- c:\windows\system32\napstat.exe
2008-12-07 03:24 30,208 -------- c:\windows\system32\napipsec.dll
2008-12-07 03:24 79,872 -c------ c:\windows\system32\dllcache\msxml6r.dll
2008-12-07 03:24 79,872 -------- c:\windows\system32\msxml6r.dll
2008-12-07 03:24 1,307,648 -c------ c:\windows\system32\dllcache\msxml6.dll
2008-12-07 03:24 1,307,648 -------- c:\windows\system32\msxml6.dll
2008-12-07 03:24 76,800 -------- c:\windows\system32\msshavmsg.dll
2008-12-07 03:24 155,136 -------- c:\windows\system32\mssha.dll
2008-12-07 03:23 33,792 -------- c:\windows\system32\mmcperf.exe
2008-12-07 03:23 397,312 -------- c:\windows\system32\mmcex.dll
2008-12-07 03:23 184,320 -------- c:\windows\system32\microsoft.managementconsole.dll
2008-12-07 03:23 106,496 -------- c:\windows\system32\mmcfxcommon.dll
2008-12-07 03:23 37,376 -------- c:\windows\system32\l2gpstore.dll
2008-12-07 03:23 61,440 -------- c:\windows\system32\kmsvc.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdpash.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdnepr.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdiultn.dll
2008-12-07 03:23 6,144 -------- c:\windows\system32\kbdbhc.dll
2008-12-07 03:21 7,168 -------- c:\windows\system32\bitsprx4.dll
2008-12-07 03:21 233,472 -------- c:\windows\system32\azroles.dll
2008-12-07 03:21 136,192 -------- c:\windows\system32\aaclient.dll
2008-12-06 19:45 <DIR> --d----- c:\docume~1\d\applic~1\Malwarebytes
2008-12-06 19:45 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-06 14:47 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2008-12-06 14:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2008-12-03 22:11 <DIR> --d----- c:\windows\pss
2008-12-03 21:04 28,544 a------- c:\windows\system32\drivers\pavboot.sys

==================== Find3M ====================

2008-12-28 21:07 1,244 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2008-12-28 21:07 1,244 a------- c:\windows\system32\drivers\APPFLTR.CFG
2008-12-28 21:07 287,048 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2008-12-28 21:07 287,048 a------- c:\windows\system32\drivers\APPFCONT.DAT
2008-12-15 20:03 102 a------- c:\program files\ryjw.txt
2008-12-15 17:53 102 a------- c:\program files\hvwkovat.txt
2008-12-07 01:27 0 a------- c:\windows\system32\drivers\wnmsav.dat
2008-11-02 15:02 7,680 a------- c:\windows\system32\ff_vfw.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 04:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-06-25 20:14 58,880 a---h--- c:\docume~1\d\applic~1\MBSQTImporterPlugin6863.dll
2008-06-25 20:14 48,640 a---h--- c:\docume~1\d\applic~1\MBSQuickTimePlugin6863.dll
2008-06-25 20:14 37,888 a---h--- c:\docume~1\d\applic~1\MBSQTMovieExporterPlugin6863.dll
2008-06-25 20:14 31,744 a---h--- c:\docume~1\d\applic~1\MBSIconPlugin6867.dll
2008-06-25 20:14 25,600 a---h--- c:\docume~1\d\applic~1\MBSRegistrationPlugin6867.dll
2008-06-25 20:14 88,576 a---h--- c:\docume~1\d\applic~1\rbap550.dll
2008-06-25 20:14 74,240 a---h--- c:\docume~1\d\applic~1\rbqt550.DLL
2008-07-07 18:12 80 ---shr-- c:\windows\system32\05ABBC803B.dll
2008-06-08 18:11 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 21:35:10.17 ===============

#8 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:49 PM

Posted 29 December 2008 - 09:41 AM

Hello, cowboys2006
We need to execute an OTMoveIt3 script
  • Please download OTMoveIt3 by OldTimer and save it to your desktop.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\NoExplorer]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b29c093-ff94-4607-a625-e3ddf190ca29}]
    :files
    c:\windows\system32\amstrea.dll
    c:\program files\hvwkovat.txt
    c:\program files\ryjw.txt
    :services
    grnswjis
    iufd
    kdwmvfni
    kbwwv
    ptfkcwyx
    rvzazee
    :commands
    [EmptyTemp]
  • Push the large Posted Image button.
  • OTMI3 may ask to reboot the machine. Please do so if asked.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
  • If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
We need to create an OTViewIt Report
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
In your next reply, please include the following:
  • OTMoveIt3's Log
  • OTViewIt.txt
  • Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#9 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 29 December 2008 - 10:36 AM

========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\NoExplorer\\ not found.
Unable to delete registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b29c093-ff94-4607-a625-e3ddf190ca29}\\ .
========== FILES ==========
LoadLibrary failed for c:\windows\system32\amstrea.dll
c:\windows\system32\amstrea.dll NOT unregistered.
File move failed. c:\windows\system32\amstrea.dll scheduled to be moved on reboot.
c:\program files\hvwkovat.txt moved successfully.
c:\program files\ryjw.txt moved successfully.
========== SERVICES/DRIVERS ==========
Service grnswjis stopped successfully.
Service grnswjis deleted successfully.
Service iufd stopped successfully.
Service iufd deleted successfully.
Service kdwmvfni stopped successfully.
Service kdwmvfni deleted successfully.
Service kbwwv stopped successfully.
Service kbwwv deleted successfully.
Service ptfkcwyx stopped successfully.
Service ptfkcwyx deleted successfully.
Service rvzazee stopped successfully.
Service rvzazee deleted successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\d\LOCALS~1\Temp\qlgbaebn.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\d\LOCALS~1\Temp\~DFE4FC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\d\LOCALS~1\Temp\~DFE50E.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.7.2 log created on 12292008_084853

Files moved on Reboot...
LoadLibrary failed for c:\windows\system32\amstrea.dll
c:\windows\system32\amstrea.dll NOT unregistered.
File move failed. c:\windows\system32\amstrea.dll scheduled to be moved on reboot.
File C:\DOCUME~1\d\LOCALS~1\Temp\qlgbaebn.dat not found!
File C:\DOCUME~1\d\LOCALS~1\Temp\~DFE4FC.tmp not found!
File C:\DOCUME~1\d\LOCALS~1\Temp\~DFE50E.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.

Edited by cowboys2006, 29 December 2008 - 10:37 AM.


#10 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 29 December 2008 - 10:46 AM

OTViewIt logfile created on: 12/29/2008 9:41:56 AM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\d\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.33 Mb Total Physical Memory | 337.48 Mb Available Physical Memory | 43.98% Memory free
1.83 Gb Paging File | 1.37 Gb Available in Paging File | 74.80% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.90 Gb Total Space | 6.24 Gb Free Space | 22.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: d
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/24 15:25:50 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
[2002/11/07 21:22:10 | 00,147,456 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2006/04/24 13:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/07/12 09:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
[2007/07/12 09:47:26 | 00,173,360 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
[2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
[2007/09/28 12:29:00 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
[2007/09/28 12:28:58 | 00,096,560 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
[2007/01/15 12:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2007/04/04 09:45:08 | 00,226,864 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
[2007/05/24 08:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
[2006/09/28 19:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2007/03/03 12:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2003/06/13 14:37:48 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2003/06/13 14:37:48 | 00,450,560 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2007/11/23 13:33:22 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
[2007/06/20 10:32:28 | 00,091,440 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2007/11/14 12:31:18 | 00,083,248 | ---- | M] (Panda Security International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
[2003/05/02 16:21:48 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2003/05/02 16:15:44 | 00,610,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/11/22 20:10:06 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
[2007/11/13 09:00:32 | 01,052,672 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
[2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
[2002/11/07 20:00:00 | 00,294,912 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2007/07/26 05:47:30 | 00,111,920 | ---- | M] (Panda Software International, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
[2008/12/29 08:56:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTViewIt.exe
[2003/07/16 14:25:23 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== (O23) Win32 Services ==========

[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2002/11/07 21:22:10 | 00,147,456 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/12/13 10:07:20 | 00,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe -- (KodakSvc [Auto | Stopped])
[2006/04/24 13:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/07/12 09:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe -- (Panda Software Controller [Auto | Running])
[2007/07/12 09:47:26 | 00,173,360 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE -- (PAVFNSVR [Auto | Running])
[2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe -- (PavPrSrv [Auto | Running])
[2007/09/28 12:29:00 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE -- (PAVSRV [Auto | Running])
[2007/01/15 12:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -- (pmshellsrv [Auto | Running])
[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Start_Pending])
[2007/04/04 09:45:08 | 00,226,864 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe -- (PSHost [Auto | Running])
[2007/05/24 08:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe -- (PSIMSVC [Auto | Running])
[2006/09/28 19:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2007/10/24 15:25:50 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe -- (TPSrv [Auto | Running])
[2007/03/03 12:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2003/06/13 14:37:48 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (WLTRYSVC [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/09/28 12:05:40 | 00,071,608 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT [System | Running])
[2002/11/07 21:31:36 | 00,539,392 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
File not found -- -- (AvFlt [On_Demand | Running])
[2003/06/13 14:37:48 | 00,254,208 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Stopped])
[2002/12/17 10:41:36 | 00,042,368 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2008/12/29 08:53:21 | 00,013,880 | ---- | M] () -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr [On_Demand | Running])
[2007/06/08 06:44:06 | 00,024,760 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint [Auto | Running])
[2007/05/11 07:33:06 | 00,051,256 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT [System | Running])
[2007/11/14 16:48:22 | 00,021,816 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON [System | Running])
[2007/07/11 09:39:48 | 00,191,672 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT [System | Running])
[2007/10/25 07:50:32 | 00,132,664 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI [System | Running])
[2007/11/19 12:01:50 | 00,143,160 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\netimflt.sys -- (NETIMFLT01050097 [On_Demand | Running])
[2003/05/06 08:51:18 | 00,017,156 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2007/09/28 12:24:18 | 00,083,896 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV [Auto | Running])
[2007/07/12 12:49:38 | 00,178,872 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc [Auto | Running])
File not found -- -- (PavSRK.sys [On_Demand | Running])
File not found -- -- (PavTPK.sys [On_Demand | Running])
[2006/05/23 14:00:26 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/07/16 14:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003/07/16 14:40:01 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\refblhlo.sys -- (refblhlo [Boot | Running])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/05/23 14:40:30 | 00,038,968 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv [System | Running])
[2007/05/11 07:33:32 | 00,037,304 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT [System | Running])
[2003/04/25 16:10:52 | 00,220,176 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
[2003/05/02 15:45:40 | 00,270,640 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2007/05/11 07:33:34 | 00,030,648 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT [System | Running])
[2003/07/16 14:53:06 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 192.168.0.1;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 192.168.0.1;<local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{1B29C093-FF94-4607-A625-E3DDF190CA29} (HKLM) -- C:\WINDOWS\system32\amstrea.dll ()
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s (Panda Software International)
"ATIModeChange"=Ati2mdxx.exe (ATI Technologies, Inc.)
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"BCMSMMSG"=BCMSMMSG.exe (Broadcom Corporation)
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" (CyberLink Corp.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" (Panda Software International)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2008/09/07 14:39:03 | 00,603,416 | ---- | M] (PokerStars)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 16:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab -- SysData Class
{88D969C0-F192-11D4-A65F-0040963251E5}: http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab -- XML DOM Document 4.0
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1E2DD983-7B4F-409C-9412-972ED04AFB49} (Servers: | Description: Dell TrueMobile 1300 WLAN Mini-PCI Card)
{5B7F3451-DCBC-4174-8F3F-8DF0E45DDB1C} (Servers: | Description: 1394 Net Adapter)
{B90E4392-DAA3-45A6-834D-9253D44C99A8} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
avldr: "DllName" = avldr.dll -- C:\WINDOWS\system32\avldr.dll (Panda Software International)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/05/27 22:18:51 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{deb81219-2d8d-11dd-a51a-000d56acc60b}\Shell\PlayVideoFilesOnArrival_PlayDVD\command]
""=C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe -- [2005/06/13 14:59:00 | 03,608,576 | ---- | M] (Nero Software AG)

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/29 08:56:41 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTViewIt.exe
[2008/12/29 08:51:47 | 00,018,224 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\pfdnnt.exe
[2008/12/29 08:48:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/29 08:47:37 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTMoveIt3.exe
[2008/12/28 22:02:06 | 00,000,256 | ---- | C] () -- C:\WINDOWS\tasks\µTorrent.job
[2008/12/20 14:55:27 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2008/12/20 14:55:27 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2008/12/19 12:39:13 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2008/12/15 11:09:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\d\Local Settings\Application Data\Innova_Electronics_Corp
[2008/12/15 10:58:43 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/12/15 10:58:43 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2008/12/15 10:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innova Electronics Corp
[2008/12/15 10:56:53 | 00,000,000 | ---D | C] -- C:\Program Files\RepairSolutions
[2008/12/13 21:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\Photo Viewer
[2008/12/13 02:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/12/13 02:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/12/13 02:03:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\d\Application Data\SUPERAntiSpyware.com
[2008/12/13 01:51:51 | 00,006,062 | ---- | C] () -- C:\Documents and Settings\d\My Documents\removal.rtf
[2008/12/12 11:39:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/12 11:39:40 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/12 11:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/07 20:50:04 | 00,000,000 | ---D | C] -- C:\Temp
[2008/12/07 10:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/07 09:55:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/07 09:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/12/07 09:54:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/07 03:27:33 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/12/07 03:27:23 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/12/07 03:27:17 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/12/07 03:27:16 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/12/07 03:26:44 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/12/07 03:26:43 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/07 03:26:04 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/12/07 03:26:03 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/07 03:25:52 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/07 03:25:46 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/12/07 03:25:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/12/07 03:25:41 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/12/07 03:25:40 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/12/07 03:25:40 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/12/07 03:25:33 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/12/07 03:25:25 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/12/07 03:24:53 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/12/07 03:24:53 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/12/07 03:24:53 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/12/07 03:24:49 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/07 03:24:49 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/07 03:24:48 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/12/07 03:24:48 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/07 03:24:41 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/12/07 03:24:40 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/12/07 03:23:54 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/12/07 03:23:52 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/12/07 03:23:52 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/12/07 03:23:52 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/12/07 03:23:19 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/12/07 03:23:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/12/07 03:23:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/07 03:23:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/07 03:23:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/07 03:23:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/07 03:22:58 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/12/07 03:22:34 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/12/07 03:22:34 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/12/07 03:22:34 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/12/07 03:22:34 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/12/07 03:22:34 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/12/07 03:22:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/12/07 03:22:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/12/07 03:22:33 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/12/07 03:22:25 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/12/07 03:22:25 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/12/07 03:22:25 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/12/07 03:22:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/12/07 03:22:25 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/12/07 03:22:25 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/12/07 03:22:24 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/12/07 03:22:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/12/07 03:22:20 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/12/07 03:22:19 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/12/07 03:22:09 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/12/07 03:21:54 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/07 03:21:53 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/12/07 03:21:37 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/06 19:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\d\Application Data\Malwarebytes
[2008/12/06 19:45:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/06 14:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/06 14:47:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/03 22:11:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/03 21:25:08 | 00,000,168 | R--- | C] () -- C:\Documents and Settings\d\My Documents\Document.rtf
[2008/12/03 21:04:42 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/12/02 17:44:15 | 00,046,960 | R--- | C] () -- C:\Documents and Settings\d\My Documents\clara barten.wpd

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/29 08:56:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTViewIt.exe
[2008/12/29 08:55:38 | 00,272,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2008/12/29 08:55:38 | 00,272,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2008/12/29 08:55:38 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2008/12/29 08:55:38 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2008/12/29 08:55:35 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2008/12/29 08:55:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg
[2008/12/29 08:55:34 | 00,287,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2008/12/29 08:55:34 | 00,287,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2008/12/29 08:55:34 | 00,001,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2008/12/29 08:55:34 | 00,001,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2008/12/29 08:53:21 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2008/12/29 08:51:24 | 00,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt.bck
[2008/12/29 08:51:24 | 00,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt
[2008/12/29 08:51:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2008/12/29 08:51:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2008/12/29 08:50:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/29 08:50:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/29 08:47:46 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTMoveIt3.exe
[2008/12/29 04:55:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\µTorrent.job
[2008/12/29 00:00:08 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Basic clean-up.job
[2008/12/28 19:52:33 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2008/12/28 19:42:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/19 12:53:06 | 04,310,098 | -H-- | M] () -- C:\Documents and Settings\d\Local Settings\Application Data\IconCache.db
[2008/12/18 21:42:46 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/15 01:01:30 | 00,000,026 | ---- | M] () -- C:\WINDOWS\dvdSanta.INI
[2008/12/13 01:51:51 | 00,006,062 | ---- | M] () -- C:\Documents and Settings\d\My Documents\removal.rtf
[2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/11 03:05:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/09 17:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/07 10:28:39 | 00,432,340 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/07 10:28:39 | 00,070,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/07 10:28:34 | 00,510,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/07 10:22:16 | 00,180,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/07 09:25:47 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/07 01:27:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2008/12/04 17:28:43 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/12/03 22:22:46 | 00,000,667 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/03 22:22:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/03 22:22:46 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/03 21:25:08 | 00,000,168 | R--- | M] () -- C:\Documents and Settings\d\My Documents\Document.rtf
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 06:40:50 | 00,046,960 | R--- | M] () -- C:\Documents and Settings\d\My Documents\clara barten.wpd
< End of report >


OTViewIt logfile created on: 12/29/2008 9:41:56 AM - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\d\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.33 Mb Total Physical Memory | 337.48 Mb Available Physical Memory | 43.98% Memory free
1.83 Gb Paging File | 1.37 Gb Available in Paging File | 74.80% Paging File free
Paging file location(s): C:\pagefile.sys 1152 2304;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.90 Gb Total Space | 6.24 Gb Free Space | 22.37% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DAVID
Current User Name: d
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2007/10/24 15:25:50 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe
[2002/11/07 21:22:10 | 00,147,456 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe
[2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
[2006/04/24 13:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
[2007/07/12 09:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe
[2007/07/12 09:47:26 | 00,173,360 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE
[2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
[2007/09/28 12:29:00 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE
[2007/09/28 12:28:58 | 00,096,560 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AVENGINE.EXE
[2007/01/15 12:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe
[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
[2007/04/04 09:45:08 | 00,226,864 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe
[2007/05/24 08:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe
[2006/09/28 19:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
[2007/03/03 12:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2003/06/13 14:37:48 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2003/06/13 14:37:48 | 00,450,560 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2007/11/23 13:33:22 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\apvxdwin.exe
[2007/06/20 10:32:28 | 00,091,440 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\SrvLoad.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2007/11/14 12:31:18 | 00,083,248 | ---- | M] (Panda Security International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\WebProxy.exe
[2003/05/02 16:21:48 | 00,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
[2003/05/02 16:15:44 | 00,610,304 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
[2006/11/22 20:10:06 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
[2007/11/13 09:00:32 | 01,052,672 | ---- | M] (Eastman Kodak Company) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
[2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
[2002/11/07 20:00:00 | 00,294,912 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[2007/07/26 05:47:30 | 00,111,920 | ---- | M] (Panda Software International, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PavBckPT.exe
[2008/12/29 08:56:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTViewIt.exe
[2003/07/16 14:25:23 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
[2008/10/15 01:06:26 | 00,633,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe

========== (O23) Win32 Services ==========

[2005/09/23 06:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2002/11/07 21:22:10 | 00,147,456 | ---- | M] () -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
[2007/03/06 09:35:02 | 00,198,168 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service [Auto | Running])
[2005/09/23 06:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2007/12/13 10:07:20 | 00,018,944 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe -- (KodakSvc [Auto | Stopped])
[2006/04/24 13:25:44 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
[2007/07/12 09:47:30 | 00,169,264 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsCtrlS.exe -- (Panda Software Controller [Auto | Running])
[2007/07/12 09:47:26 | 00,173,360 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVFNSVR.EXE -- (PAVFNSVR [Auto | Running])
[2007/06/14 15:38:02 | 00,063,024 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe -- (PavPrSrv [Auto | Running])
[2007/09/28 12:29:00 | 00,148,272 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PAVSRV51.EXE -- (PAVSRV [Auto | Running])
[2007/01/15 12:42:16 | 00,067,120 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\AntiSpam\pskmssvc.exe -- (pmshellsrv [Auto | Running])
[2007/06/05 12:20:32 | 00,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Start_Pending])
[2007/04/04 09:45:08 | 00,226,864 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Security\Panda Internet Security 2008\FIREWALL\PSHost.exe -- (PSHost [Auto | Running])
[2007/05/24 08:31:26 | 00,108,592 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\PsImSvc.exe -- (PSIMSVC [Auto | Running])
[2006/09/28 19:18:00 | 00,266,343 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo [Auto | Running])
[2007/10/24 15:25:50 | 00,406,832 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Security\Panda Internet Security 2008\TPSrv.exe -- (TPSrv [Auto | Running])
[2007/03/03 12:48:28 | 00,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2003/06/13 14:37:48 | 00,045,056 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (WLTRYSVC [Auto | Running])
[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services ==========

[2007/09/28 12:05:40 | 00,071,608 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT [System | Running])
[2002/11/07 21:31:36 | 00,539,392 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
File not found -- -- (AvFlt [On_Demand | Running])
[2003/06/13 14:37:48 | 00,254,208 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Stopped])
[2002/12/17 10:41:36 | 00,042,368 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
[2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMSM.sys -- (BCMModem [On_Demand | Running])
[2008/12/29 08:53:21 | 00,013,880 | ---- | M] () -- C:\WINDOWS\system32\drivers\COMFiltr.sys -- (ComFiltr [On_Demand | Running])
[2007/06/08 06:44:06 | 00,024,760 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint [Auto | Running])
[2007/05/11 07:33:06 | 00,051,256 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT [System | Running])
[2007/11/14 16:48:22 | 00,021,816 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON [System | Running])
[2007/07/11 09:39:48 | 00,191,672 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT [System | Running])
[2007/10/25 07:50:32 | 00,132,664 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\NETFLTDI.SYS -- (NETFLTDI [System | Running])
[2007/11/19 12:01:50 | 00,143,160 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\netimflt.sys -- (NETIMFLT01050097 [On_Demand | Running])
[2003/05/06 08:51:18 | 00,017,156 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [System | Running])
[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [Boot | Running])
[2007/09/28 12:24:18 | 00,083,896 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV [Auto | Running])
[2007/07/12 12:49:38 | 00,178,872 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc [Auto | Running])
File not found -- -- (PavSRK.sys [On_Demand | Running])
File not found -- -- (PavTPK.sys [On_Demand | Running])
[2006/05/23 14:00:26 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2003/07/16 14:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2003/07/16 14:40:01 | 00,023,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\refblhlo.sys -- (refblhlo [Boot | Running])
[2008/12/04 13:50:04 | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV [System | Running])
[2008/12/04 13:50:06 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Stopped])
[2008/12/04 13:50:02 | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL [System | Running])
[2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2007/05/23 14:40:30 | 00,038,968 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv [System | Running])
[2007/05/11 07:33:32 | 00,037,304 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT [System | Running])
[2003/04/25 16:10:52 | 00,220,176 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97 [On_Demand | Running])
[2003/05/02 15:45:40 | 00,270,640 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP [On_Demand | Running])
[2007/05/11 07:33:34 | 00,030,648 | ---- | M] (Panda Software International) -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT [System | Running])
[2003/07/16 14:53:06 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 192.168.0.1;<local>

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.yahoo.com/

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = 192.168.0.1;<local>

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{1B29C093-FF94-4607-A625-E3DDF190CA29} (HKLM) -- C:\WINDOWS\system32\amstrea.dll ()
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} (HKLM) -- C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"APVXDWIN"="C:\Program Files\Panda Security\Panda Internet Security 2008\APVXDWIN.EXE" /s (Panda Software International)
"ATIModeChange"=Ati2mdxx.exe (ATI Technologies, Inc.)
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
"BCMSMMSG"=BCMSMMSG.exe (Broadcom Corporation)
"EKIJ5000StatusMonitor"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
"EverioService"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" (CyberLink Corp.)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
"SCANINICIO"="C:\Program Files\Panda Security\Panda Internet Security 2008\Inicio.exe" (Panda Software International)
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
"SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
"UVS12 Preload"=C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe (Ulead Systems, Inc.)

========== (O4) RunOnceEx Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
""= File not found

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 03:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}: Button: PokerStars -- %ProgramFiles%\PokerStars\PokerStarsUpdate.exe [2008/09/07 14:39:03 | 00,603,416 | ---- | M] (PokerStars)
{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}: Button: Yahoo! Services -- %ProgramFiles%\Yahoo!\Common\yiesrvc.dll [2007/12/12 16:09:42 | 00,222,448 | ---- | M] (Yahoo! Inc.)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\network diagnostic\xpnetdiag.exe [2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 18:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
50 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-1801674531-507921405-842925246-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
49 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}: http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab -- ActiveScan 2.0 Installer Class
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files\Yahoo!\Common\Yinsthelper.dll -- Installation Support
{49232000-16E4-426C-A231-62846947304B}: http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab -- SysData Class
{88D969C0-F192-11D4-A65F-0040963251E5}: http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab -- XML DOM Document 4.0
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jd...ows-i586-jc.cab -- Java Plug-in 1.6.0_07
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{1E2DD983-7B4F-409C-9412-972ED04AFB49} (Servers: | Description: Dell TrueMobile 1300 WLAN Mini-PCI Card)
{5B7F3451-DCBC-4174-8F3F-8DF0E45DDB1C} (Servers: | Description: 1394 Net Adapter)
{B90E4392-DAA3-45A6-834D-9253D44C99A8} (Servers: | Description: Broadcom 440x 10/100 Integrated Controller)

========== (O20) Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
avldr: "DllName" = avldr.dll -- C:\WINDOWS\system32\avldr.dll (Panda Software International)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/05/27 22:18:51 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]


========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{deb81219-2d8d-11dd-a51a-000d56acc60b}\Shell\PlayVideoFilesOnArrival_PlayDVD\command]
""=C:\Program Files\Ahead\Nero ShowTime\ShowTime.exe -- [2005/06/13 14:59:00 | 03,608,576 | ---- | M] (Nero Software AG)

========== Files/Folders - Created Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/29 08:56:41 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTViewIt.exe
[2008/12/29 08:51:47 | 00,018,224 | ---- | C] (Panda Software International) -- C:\WINDOWS\System32\pfdnnt.exe
[2008/12/29 08:48:53 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2008/12/29 08:47:37 | 01,033,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTMoveIt3.exe
[2008/12/28 22:02:06 | 00,000,256 | ---- | C] () -- C:\WINDOWS\tasks\µTorrent.job
[2008/12/20 14:55:27 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\mouhid.sys
[2008/12/20 14:55:27 | 00,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys
[2008/12/19 12:39:13 | 00,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2008/12/15 11:09:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\d\Local Settings\Application Data\Innova_Electronics_Corp
[2008/12/15 10:58:43 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/12/15 10:58:43 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidusb.sys
[2008/12/15 10:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innova Electronics Corp
[2008/12/15 10:56:53 | 00,000,000 | ---D | C] -- C:\Program Files\RepairSolutions
[2008/12/13 21:54:08 | 00,000,000 | ---D | C] -- C:\Program Files\Photo Viewer
[2008/12/13 02:03:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/12/13 02:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/12/13 02:03:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\d\Application Data\SUPERAntiSpyware.com
[2008/12/13 01:51:51 | 00,006,062 | ---- | C] () -- C:\Documents and Settings\d\My Documents\removal.rtf
[2008/12/12 11:39:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/12 11:39:40 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/12 11:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/07 20:50:04 | 00,000,000 | ---D | C] -- C:\Temp
[2008/12/07 10:23:00 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2008/12/07 09:55:03 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2008/12/07 09:54:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2008/12/07 09:54:47 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2008/12/07 03:27:33 | 00,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wmphoto.dll
[2008/12/07 03:27:23 | 00,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wlanapi.dll
[2008/12/07 03:27:17 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecsext.dll
[2008/12/07 03:27:16 | 00,712,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\windowscodecs.dll
[2008/12/07 03:26:44 | 00,050,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tspkg.dll
[2008/12/07 03:26:43 | 00,053,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tsgqec.dll
[2008/12/07 03:26:04 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\sffp_mmc.sys
[2008/12/07 03:26:03 | 00,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\setupn.exe
[2008/12/07 03:25:52 | 00,290,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rhttpaa.dll
[2008/12/07 03:25:46 | 00,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rasqec.dll
[2008/12/07 03:25:44 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qutil.dll
[2008/12/07 03:25:41 | 00,062,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qcliprov.dll
[2008/12/07 03:25:40 | 00,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagentrt.dll
[2008/12/07 03:25:40 | 00,150,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\qagent.dll
[2008/12/07 03:25:33 | 00,412,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\photometadatahandler.dll
[2008/12/07 03:25:25 | 00,144,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\onex.dll
[2008/12/07 03:24:53 | 00,193,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napmontr.dll
[2008/12/07 03:24:53 | 00,176,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napstat.exe
[2008/12/07 03:24:53 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\napipsec.dll
[2008/12/07 03:24:49 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6r.dll
[2008/12/07 03:24:49 | 00,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2008/12/07 03:24:48 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml6.dll
[2008/12/07 03:24:48 | 01,307,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2008/12/07 03:24:41 | 00,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msshavmsg.dll
[2008/12/07 03:24:40 | 00,155,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mssha.dll
[2008/12/07 03:23:54 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcperf.exe
[2008/12/07 03:23:52 | 00,397,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcex.dll
[2008/12/07 03:23:52 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\microsoft.managementconsole.dll
[2008/12/07 03:23:52 | 00,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mmcfxcommon.dll
[2008/12/07 03:23:19 | 00,037,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\l2gpstore.dll
[2008/12/07 03:23:17 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kmsvc.dll
[2008/12/07 03:23:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdpash.dll
[2008/12/07 03:23:14 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdnepr.dll
[2008/12/07 03:23:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdiultn.dll
[2008/12/07 03:23:13 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdbhc.dll
[2008/12/07 03:22:58 | 00,001,261 | ---- | C] () -- C:\WINDOWS\System32\pid.inf
[2008/12/07 03:22:34 | 00,184,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapp3hst.dll
[2008/12/07 03:22:34 | 00,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapphost.dll
[2008/12/07 03:22:34 | 00,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappcfg.dll
[2008/12/07 03:22:34 | 00,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappgnui.dll
[2008/12/07 03:22:34 | 00,059,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapqec.dll
[2008/12/07 03:22:34 | 00,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eappprxy.dll
[2008/12/07 03:22:34 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapsvc.dll
[2008/12/07 03:22:33 | 00,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\eapolqec.dll
[2008/12/07 03:22:25 | 00,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3ui.dll
[2008/12/07 03:22:25 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3svc.dll
[2008/12/07 03:22:25 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3cfg.dll
[2008/12/07 03:22:25 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3msm.dll
[2008/12/07 03:22:25 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3gpclnt.dll
[2008/12/07 03:22:25 | 00,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3dlg.dll
[2008/12/07 03:22:24 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dot3api.dll
[2008/12/07 03:22:20 | 00,039,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsroam.dll
[2008/12/07 03:22:20 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dimsntfy.dll
[2008/12/07 03:22:19 | 00,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dhcpqec.dll
[2008/12/07 03:22:09 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\credssp.dll
[2008/12/07 03:21:54 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\bitsprx4.dll
[2008/12/07 03:21:53 | 00,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\azroles.dll
[2008/12/07 03:21:37 | 00,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aaclient.dll
[2008/12/06 19:45:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\d\Application Data\Malwarebytes
[2008/12/06 19:45:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/06 14:47:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/06 14:47:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/03 22:11:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2008/12/03 21:25:08 | 00,000,168 | R--- | C] () -- C:\Documents and Settings\d\My Documents\Document.rtf
[2008/12/03 21:04:42 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2008/12/02 17:44:15 | 00,046,960 | R--- | C] () -- C:\Documents and Settings\d\My Documents\clara barten.wpd

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/29 08:56:52 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTViewIt.exe
[2008/12/29 08:55:38 | 00,272,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls.bck
[2008/12/29 08:55:38 | 00,272,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.rls
[2008/12/29 08:55:38 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg.bck
[2008/12/29 08:55:38 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\DsaFlt.cfg
[2008/12/29 08:55:35 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\IdsFlt.cfg
[2008/12/29 08:55:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetFlt.cfg
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\WnmFlt.cfg
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg.bck
[2008/12/29 08:55:35 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\SmsFlt.cfg
[2008/12/29 08:55:34 | 00,287,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2008/12/29 08:55:34 | 00,287,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2008/12/29 08:55:34 | 00,001,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2008/12/29 08:55:34 | 00,001,244 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2008/12/29 08:53:21 | 00,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2008/12/29 08:51:24 | 00,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt.bck
[2008/12/29 08:51:24 | 00,000,656 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAV.alt
[2008/12/29 08:51:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt.bck
[2008/12/29 08:51:24 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\NetAR.wlt
[2008/12/29 08:50:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/29 08:50:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/29 08:47:46 | 01,033,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\d\Desktop\OTMoveIt3.exe
[2008/12/29 04:55:00 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\µTorrent.job
[2008/12/29 00:00:08 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Basic clean-up.job
[2008/12/28 19:52:33 | 00,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2008/12/28 19:42:56 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/19 12:53:06 | 04,310,098 | -H-- | M] () -- C:\Documents and Settings\d\Local Settings\Application Data\IconCache.db
[2008/12/18 21:42:46 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/15 01:01:30 | 00,000,026 | ---- | M] () -- C:\WINDOWS\dvdSanta.INI
[2008/12/13 01:51:51 | 00,006,062 | ---- | M] () -- C:\Documents and Settings\d\My Documents\removal.rtf
[2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 00:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/11 03:05:22 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2008/12/09 17:24:37 | 17,593,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2008/12/07 10:28:39 | 00,432,340 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/07 10:28:39 | 00,070,364 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/07 10:28:34 | 00,510,030 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/07 10:22:16 | 00,180,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/07 09:25:47 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/07 01:27:24 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2008/12/04 17:28:43 | 00,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008/12/03 22:22:46 | 00,000,667 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/03 22:22:46 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/03 22:22:46 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/03 21:25:08 | 00,000,168 | R--- | M] () -- C:\Documents and Settings\d\My Documents\Document.rtf
[2008/12/03 19:59:06 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/03 19:59:02 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/03 06:40:50 | 00,046,960 | R--- | M] () -- C:\Documents and Settings\d\My Documents\clara barten.wpd
< End of report >

#11 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:49 PM

Posted 29 December 2008 - 06:00 PM

Hello, cowboys2006
We need to execute an Avenger2 script
Note to users reading this topic! This script was created specificly for the particular infection on this specific machine! If you are not this user, do NOT follow these directions as they could damage the workings of your system.
  • Please download The Avenger2 by SwanDog46.
  • Unzip avenger.exe to your desktop.
  • Copy the text in the following codebox by selecting all of it, and pressing (<Control> + C) or by right clicking and selecting "Copy"
    files to delete:
    c:\windows\system32\amstrea.dll
    registry keys to delete:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B29C093-FF94-4607-A625-E3DDF190CA29}
    HKEY_LOCAL_MACHINE\classes\CLSID\{1B29C093-FF94-4607-A625-E3DDF190CA29}
    registry values to delete:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx | ""
  • Now start The Avenger2 by double clicking avenger.exe on your desktop.
  • Read the prompt that appears, and press OK.
  • Paste the script into the textbox that appears, using (<Control> + V) or by right clicking and choosing "Paste".
  • Press the "Execute" button.
  • You will be presented with 2 confirmation prompts. Select yes on each. Your system will reboot.
    Note: It is possible that Avenger will reboot your system TWICE.
  • Upon reboot, a command prompt window will appear on your screen for a few seconds, and then Avenger's log will open. Please paste that log here in your next post.
In your next reply, please include the following:
  • Avenger's Log
  • A New OTVIewIt Main.txt
  • A New OTViewIt Extra.txt

BillyIII
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#12 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 29 December 2008 - 06:25 PM

hello

i have alrready followed the previous intro. the computer reboot but the log didnt appear also i clicked on the bottom that says to open log and it stated that nothing has been saved or it hasnt been run do i redo it again ??? plz let me know thanks

#13 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:49 PM

Posted 29 December 2008 - 06:27 PM

Hello :thumbsup:

Please see if the log is located at C:\Avenger.txt.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#14 cowboys2006

cowboys2006
  • Topic Starter

  • Members
  • 237 posts
  • OFFLINE
  •  
  • Local time:10:49 PM

Posted 29 December 2008 - 06:32 PM

sorry cannot find that log at all any where

#15 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:08:49 PM

Posted 29 December 2008 - 07:25 PM

Okay... just make a fresh OTVI log then :thumbsup:

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users