Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Issue?


  • This topic is locked This topic is locked
17 replies to this topic

#1 jflynnde

jflynnde

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 10 December 2010 - 03:24 PM

Hi,
Problem started yesterday afternoon when I was hit with HDD Plus. Did search for this and found the "bleepingcomputer.com/virus-removal/remove-hdd-plus" link. Tried following the procedure and when I ran the iExplore.exe program, I kept getting messages from my Panda security telling me it was detecting this and that; putting iExplore.exe in quarentine - at the same time, the HDD Plus kept giving me it's pop-ups. Finally, everything seemed to be a stand-still and the PC rebooted. When it came back up, the little "alert" and HDD Plus system tray icons were gone. I downloaded the Malwarebytes'Anti-Malware from the provided link and ran that; saying it found 5 or 6 infected objects and I did the "Remove Selected". I don't know if it's gone or not; I don't even know if the iExplore.exe program actually did anything (with Panda interferring) but it APPEARS to be better. I came back here and started looking at the forums and thought I'd go ahead with the "Preperation guide" and post this information; however, I can only do the DDS logs because whenever I try the GMER routine, it seems to lock-up my PC - once in the beginning of the attempt to run it, I ended up getting the BSOD so I re-booted and tried again -the next time it seemed to finish running and then locked-up everything again. So I'm not going to try that again at this time.
Besides all this going on, the PC seems to be a lot slower; taking 10 to 20 minutes after reboot to finally go into an idle state where I can run things. Any help would be greatly appreciated; thanks!
Anyway, here's the DDS text:


DDS (Ver_10-12-05.01) - NTFSx86
Run by John Flynn at 10:16:59.40 on Fri 12/10/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.374 [GMT -5:00]

AV: Panda Internet Security 2011 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2011 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Registry Defense\RDListener.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\RegDefense\RDFNSListener.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Flynn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [<NO NAME>]
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay 20000
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [nwiz] nwiz.exe /install
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [RDListener] c:\program files\registry defense\RDListener.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RDFNSListener] c:\program files\regdefense\RDFNSListener.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security 2011\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RDFNSAgent] c:\program files\regdefense\RDFNSAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: <NO NAME> =
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: musicmatch.com
Trusted Zone: musicmatch.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: vzTCPConfig - hxxps://www.verizon.net/whatsnext/checkmypc/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156699940875
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163718983328
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} - hxxp://ace.synerfac.com/ARViewer/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.5540972222
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avldr - avldr.dll
Notify: nnnkKEtU - nnnkKEtU.dll
AppInit_DLLs: ffesym.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
LSA: Authentication Packages = msv1_0 relog_ap c:\windows\system32\pmnljKdc

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\johnfl~1\applic~1\mozilla\firefox\profiles\x7edr3ze.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\johnfl~1\applic~1\mozilla\firefox\profiles\x7edr3ze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-11-18 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-11-18 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-11-18 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-11-18 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-11-18 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-11-18 159112]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-13 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-13 55024]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-11-18 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-11-18 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-11-18 59080]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2011\PsCtrlS.exe [2010-11-18 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2011\PavFnSvr.exe [2010-11-18 202048]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-11-18 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-11-18 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2011\pavsrvx86.exe [2010-11-18 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2011\psksvc.exe [2010-11-18 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2010-11-18 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [2010-11-18 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-13 7408]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336]

=============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandai~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2010-12-09 21:38:09 -------- d-----w- c:\docume~1\johnfl~1\applic~1\Malwarebytes
2010-12-09 21:37:53 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-09 21:37:52 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-09 21:37:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 21:37:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-09 21:35:21 -------- d-----w- C:\MBAM
2010-12-09 20:11:31 -------- d-----w- C:\RKILL
2010-12-04 17:07:45 -------- d-----w- C:\Dr Who
2010-11-18 18:19:57 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-11-18 18:16:07 -------- d-----w- c:\docume~1\johnfl~1\locals~1\applic~1\Panda Security
2010-11-18 18:12:26 255656 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-11-18 18:12:20 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-11-18 18:12:19 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-11-18 18:12:19 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-11-18 18:12:04 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-11-18 18:12:03 76296 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-11-18 18:12:03 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-11-18 18:11:56 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-18 18:11:39 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-11-18 18:10:32 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2010-11-18 18:09:58 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-11-18 18:09:58 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-11-18 18:09:58 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-11-18 18:09:58 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-11-18 18:09:51 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-11-18 18:09:35 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-11-18 18:09:13 59080 ----a-w- c:\windows\system32\drivers\amm8651.sys
2010-11-18 18:09:13 55552 ----a-w- c:\windows\system32\avldr.dll
2010-11-18 18:09:12 -------- d-----w- c:\windows\system32\PAV
2010-11-18 18:09:06 -------- d-----w- c:\docume~1\johnfl~1\applic~1\Panda Security
2010-11-18 18:09:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-11-18 18:07:05 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-11-18 18:07:05 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-11-18 18:07:05 -------- d-----w- c:\program files\common files\Panda Security

==================== Find3M ====================

2010-11-09 17:40:29 1409 ----a-w- c:\windows\QTFont.for
2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2002-08-29 11:00:00 92032 --shatr- c:\windows\system32\mga.dll

============= FINISH: 10:39:27.81 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:30 PM

Posted 17 December 2010 - 05:40 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic and do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 17 December 2010 - 11:00 PM

Hello Shannon,

I knew you were busy so I didn't expect any instant response; thank you in advance.
I will post my DDS.txt file at the end of this and will add the Attach.zip file as asked. As far as my original problem (the HDD Plus attack and my slow PC), I think Panda took care of the HDD Plus issue (I don't know for sure?) but the PC seems to be slower then ever. Takes forever to start up, update screens and the desktop icons sometimes seem to all change back to a simple kind of icon and then eventually will begin to refresh - changing back to their normal look.
Anyway, I tried to run the GMER file but (just like in my original post) it crashed my PC - three more times tonight. I disconnected from the internet, shutdown my Panda IS & the SUPERantiSpyware; then ran deFogger
(asking for the disable of the CDemulation - but I don't really think it did anything) and then
ran the GMER.exe:
1st time - the window started to display several items and the bottom of the screen started flashing different information. Then it got to \device\IDE\IDE Device P1T0L0-e and stopped updating; the cursor turned into an hour-glass, the clock stopped updating and finally, the top bar lost it's header information (where it showed GMER 1.0.15.15530) and changed to Not Responding. I couldn't close the window and the 3 finger salute (ctrl/alt/del) did nothing; had to power it down.
2nd time - After restarting the PC (and shutting off the Panda IS and SUPERantiSpyware and running deFogger again), the GMER window got past the place it hung on the 1st trial. It got all the way started and I was able to begin the "SCAN". It seemed to run for about a half hour (the window filled with all sorts of items and the bottom of the screen was flashing all kinds of information). After that, the "STOP" button finally changed back to a "SCAN" button - I figured it must be finished. Then I clicked "SAVE . . ." and back came the hourglass; after about 10 minutes, the window header bar cleared the "GMER 1.0.15.15530" text and nothing happened for 10 more minutes. Couldn't close the window and ctrl/alt/del was again useless - had to power it down again.
3rd time - After restarting the PC (and shutting off the Panda IS and SUPERantiSpyware and running deFogger again), the GMER window came up and did nothing at all - had the hourglass and couldn't close the window (again, 3 finger salute did nothing) - had to power it down again.

Now it's back up again and I think I'll leave well enough alone. So, I have no GMER log file to give you but here is the DDS.txt file:


DDS (Ver_10-12-05.01) - NTFSx86
Run by John Flynn at 20:35:25.82 on Fri 12/17/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.556 [GMT

-5:00]

AV: Panda Internet Security 2011 *On-access scanning disabled* (Updated)

{4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2011 *disabled*

{7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY

2011\WebProxy.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Registry Defense\RDListener.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\RegDefense\RDFNSListener.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Creative\ShareDLL\Mediadet.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
C:\WINDOWS\SYSTEM32\notepad.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\John Flynn\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} -

c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} -

c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} -

c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program

files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program

files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [<NO NAME>]
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP

Pro.exe" -win
uRun: [DriverScanner] "c:\program files\uniblue\driverscanner\launcher.exe" delay

20000
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [DVDSentry] c:\windows\system32\DSentry.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft

shared\works shared\WkUFind.exe
mRun: [nwiz] nwiz.exe /install
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Disc Detector] c:\program files\creative\sharedll\CtNotify.exe
mRun: [TrueImageMonitor.exe] c:\program

files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program

files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common

files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader

9.0\reader\Reader_sl.exe"
mRun: [RDListener] c:\program files\registry defense\RDListener.exe
mRun: [Nikon Transfer Monitor] c:\program files\common

files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [RDFNSListener] c:\program files\regdefense\RDFNSListener.exe
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [APVXDWIN] "c:\program files\panda security\panda internet security

2011\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda internet security

2011\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java

update\jusched.exe"
mRun: [RDFNSAgent] c:\program files\regdefense\RDFNSAgent.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk -

c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk -

c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: <NO NAME> =
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network

Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program

files\messenger\msmsgs.exe
Trusted Zone: musicmatch.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: vzTCPConfig - hxxps://www.verizon.net/whatsnext/checkmypc/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} -

hxxp://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} -

hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} -

hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f07

5a6/OGAControl.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -

hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} -

hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.c

ab?1156699940875
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.

cab?1163718983328
DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/x

scan53.cab
DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} -

hxxp://ace.synerfac.com/ARViewer/arview2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -

hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} -

hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.5540972

222
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} -

hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -

hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} -

hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avldr - avldr.dll
Notify: nnnkKEtU - nnnkKEtU.dll
AppInit_DLLs: ffesym.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} -

c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} -

c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap c:\windows\system32\pmnljKdc

================= FIREFOX ===================

FF - ProfilePath -

c:\docume~1\johnfl~1\applic~1\mozilla\firefox\profiles\x7edr3ze.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program

files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} -

c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -

c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} -

c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} -

c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} -

c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program

files\java\jre6\lib\deploy\jqs\ff
FF - Extension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - Extension: Microsoft .NET Framework Assistant:

{20a82645-c095-46ed-80e3-08825760534b} -

c:\docume~1\johnfl~1\applic~1\mozilla\firefox\profiles\x7edr3ze.default\extensions\{20

a82645-c095-46ed-80e3-08825760534b}

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2010-11-18

26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-11-18

76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-11-18

53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys

[2010-11-18 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-11-18

193800]
R1 NETFLTDI;Panda Net Driver [TDI

Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-11-18 159112]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS

[2010-5-10 67656]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys

[2010-11-18 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys

[2010-11-18 46856]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2010-11-18 59080]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda

security\panda internet security 2011\PsCtrlS.exe [2010-11-18 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet

security 2011\PavFnSvr.exe [2010-11-18 202048]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys

[2010-11-18 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda

security\pavshld\PavPrSrv.exe [2010-11-18 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda

security\panda internet security 2011\pavsrvx86.exe [2010-11-18 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet

security 2011\psksvc.exe [2010-11-18 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys -->

c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys

[2010-11-18 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport

v1.6.0.42;c:\windows\system32\drivers\neti1642.sys [2010-11-18 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys -->

c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys -->

c:\windows\system32\PavTPK.sys [?]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17

12872]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel

Filter;\??\c:\windows\system32\drivers\nsdriver.sys -->

c:\windows\system32\drivers\NSDriver.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4

30336]

=============== Created Last 30 ================

2010-12-18 01:26:48 -------- d-----w- C:\CDEmulation_Disable
2010-12-18 01:13:30 -------- d-----w- C:\DDS
2010-12-17 00:44:42 -------- d-----w- C:\CCleaner
2010-12-17 00:38:05 -------- d-----w- C:\Foobar2000
2010-12-17 00:36:18 -------- d-----w-

c:\docume~1\johnfl~1\applic~1\foobar2000
2010-12-17 00:35:23 -------- d-----w- c:\program files\foobar2000
2010-12-15 18:09:41 -------- d-----w- c:\windows\system32\URTTemp
2010-12-15 18:06:12 -------- d-----w- C:\(3)dotnetfix_cleanup
2010-12-15 17:14:50 -------- d-sh--w- c:\documents and settings\john

flynn\IECompatCache
2010-12-15 16:26:48 -------- d-----w- c:\program files\Microsoft Easy Assist
2010-12-15 16:26:15 -------- d-----w-

c:\docume~1\alluse~1\applic~1\Applications
2010-12-14 20:48:24 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 20:47:26 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-12 21:20:29 -------- d-----w-

c:\docume~1\johnfl~1\applic~1\SUPERAntiSpyware.com
2010-12-12 21:20:29 -------- d-----w-

c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-12-12 21:19:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-10 19:21:57 -------- d-----w- C:\gmer
2010-12-09 21:38:09 -------- d-----w-

c:\docume~1\johnfl~1\applic~1\Malwarebytes
2010-12-09 21:37:53 38224 ----a-w-

c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-09 21:37:52 -------- d-----w-

c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-09 21:37:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 21:37:40 -------- d-----w- c:\program files\Malwarebytes'

Anti-Malware
2010-12-09 21:35:21 -------- d-----w- C:\MBAM
2010-12-09 20:11:31 -------- d-----w- C:\RKILL
2010-12-04 17:07:45 -------- d-----w- C:\Dr Who
2010-11-18 18:19:57 13880 ----a-w-

c:\windows\system32\drivers\COMFiltr.sys
2010-11-18 18:16:07 -------- d-----w-

c:\docume~1\johnfl~1\locals~1\applic~1\Panda Security
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\dllcache\isign32.dll
2010-11-18 18:12:26 271056 ----a-w-

c:\windows\system32\drivers\APPFCONT.DAT
2010-11-18 18:12:20 46856 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-11-18 18:12:19 53256 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-11-18 18:12:19 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-11-18 18:12:04 22024 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-11-18 18:12:03 76296 ----a-w-

c:\windows\system32\drivers\APPFLT.SYS
2010-11-18 18:12:03 159112 ----a-w-

c:\windows\system32\drivers\NETFLTDI.SYS
2010-11-18 18:11:56 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-11-18 18:11:39 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-11-18 18:10:32 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2010-11-18 18:09:58 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-11-18 18:09:58 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-11-18 18:09:58 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-11-18 18:09:58 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-11-18 18:09:51 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-11-18 18:09:35 199688 ----a-w- c:\windows\system32\drivers\neti1642.sys
2010-11-18 18:09:13 59080 ----a-w-

c:\windows\system32\drivers\amm8651.sys
2010-11-18 18:09:13 55552 ----a-w- c:\windows\system32\avldr.dll
2010-11-18 18:09:12 -------- d-----w- c:\windows\system32\PAV
2010-11-18 18:09:06 -------- d-----w- c:\docume~1\johnfl~1\applic~1\Panda

Security
2010-11-18 18:09:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\Panda

Security
2010-11-18 18:07:05 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2010-11-18 18:07:05 163336 ----a-w- c:\windows\system32\drivers\PavProc.sys
2010-11-18 18:07:05 -------- d-----w- c:\program files\common files\Panda

Security

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 17:40:29 1409 ----a-w- c:\windows\QTFont.for
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2002-08-29 11:00:00 92032 --shatr- c:\windows\system32\mga.dll

============= FINISH: 20:38:01.28 ===============


Thank you!

Attached Files



#4 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:30 PM

Posted 19 December 2010 - 12:06 PM

Hi, jflynnde-

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

There may be a delay in my response to your posts as I am still currently in training. I will be helping you with supervision of the teachers and they will approve every posts before I present them to you.

Please don't make any further changes or run any other tools unless instructed to. Additional changes may hinder the cleaning of your machine.

When asked to copy logs or reports into your reply, please copy them directly into your reply. Do not include them in quotes. Do not attach them unless asked to do so. In Notepad, please turn off Word Wrap under the Format menu.

Please Track this topic - On the top right on this tread, click on the Option button, and, in the drop-down list, click on 'Track this topic'. Under Subscription Information, click on 'Immediate Email Notification' and then click on the Proceed button at the bottom.

Please give me some time to look over your log. I will post the reply as soon as possible.
Shannon

#5 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:30 PM

Posted 20 December 2010 - 08:15 PM

Hi-

Sorry for the delay. Thank you for the logs. Since you were not able to run GMER successfully, we will run RKUnhooker instead, but first there is some undesirable software that you should remove from your computer.

Your logs show that you are using peer-to-peer (P2P) or file-sharing programs like uTorrent.

These programs allow to share files between users as the name(s) suggest. In today's world, the cyber crime has grown to an enormous business and any means is used to infect personal computers and to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject - Risks of File-Sharing Technology

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent and LimeWire (the site is closed anyway), however that choice is up to you. If you choose to remove this program, you can do so via Start > Control Panel > Add/Remove Programs.

Also, your logs show that you have Viewpoint Media Player installed. Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Scan With RKUnHooker
  • (In Notepad, under Format, if checked, please uncheck wordwrap)
  • Please download Rootkit Unhooker and save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

    Copy the entire contents of the report and paste it in your reply.
Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Next, we need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Under the Custom Scan box paste in the contents of the CODE box.
    netsvcs
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    
  • Push the Posted Image button.
  • Two reports will open, copy and paste them into your reply:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

In your reply, please copy in the RKU report and the two OTL reports, and let me know how your computer is doing now.
Shannon

#6 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 21 December 2010 - 10:19 AM

Hi,
Thanks for responding.

I know you're right about uTorrent, but . . . . I've been using "PeerBlock"; have
you heard anything good or bad about this software?

I've removed Limewire and the Viewpoint manager (I think that was the only
one that showed up). However, I'm having no success downloading the Rootkit
Unhooker; when I click on the link, I get "Internet Explorer cannot display the webpage".
This is where it's trying to take me,
http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE - is it correct? I also
tried searching for this (both as "rootkit unhooker" and "rkunhooker") but hesitated to
use any of the provided links - except the bleeping computer references; but these still
didn't provide me with a useable link.

Because I couldn't download (and/or run) Rootkit Unhooker, I didn't go to the OTL
step - wanted to wait and see if you could provide another workable link.

Thanks

#7 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 21 December 2010 - 08:03 PM

Hi Shannon,

I've been searching through the BC forums (trying to find another link to rootkit unhooker) and I finally found this: My link

This link seems to work (I do get a download pop-up for rkunhookerle.exe), I just want to make sure you are in agreement that it's the right one to use.

Thanks

#8 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:30 PM

Posted 22 December 2010 - 05:31 AM

Hi-

Looks like www.rootkit.com is off air. Try one of the following -

Shannon

#9 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 22 December 2010 - 11:31 AM

Hi Shannon,
Using that link, I was able to download and run the rootkit unhooker program (Thanks); however, I kept getting this pop-up when I tried to run it - saying it had encountered a problem and needed to shutdown. So I tried disconnecting from the internet, shutdown my security and anti-spyware; finally could run the scan. Here is the Rootkit Unhooker report:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4247552 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 52.16 )
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2189952 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2189952 bytes
0x804D7000 RAW 2189952 bytes
0x804D7000 WMIxWDM 2189952 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF5C3F000 C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 1466368 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 52.16 )
0xF5904000 C:\WINDOWS\system32\drivers\P16X.sys 1331200 bytes (Creative Technology Ltd., WDM Audio Miniport)
0xF5AD5000 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 1093632 bytes (Conexant Systems, HSF_DP driver)
0xEC9C3000 C:\WINDOWS\system32\DRIVERS\css-dvp.sys 778240 bytes (Command Software Systems, Inc., Dynamic Virus Protection)
0xF732F000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xF5A49000 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys 573440 bytes (Conexant Systems, WinACHSF driver)
0xF04DC000 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF7297000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xF5680000 C:\WINDOWS\System32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xF07A1000 C:\WINDOWS\System32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xF723E000 tdrpman.sys 364544 bytes (Acronis, Acronis Try&Decide and Restore Points Volume Filter Driver)
0xEC947000 C:\WINDOWS\System32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xEC013000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF5786000 C:\WINDOWS\system32\DRIVERS\neti1642.sys 196608 bytes (Panda Security, S.L., netimflt)
0xF7460000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xF04AE000 C:\WINDOWS\system32\Drivers\IDSFLT.SYS 188416 bytes (Panda Security, S.L., Intrusion Detection System)
0xECAF9000 C:\WINDOWS\System32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7302000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF5891000 C:\WINDOWS\System32\DRIVERS\ctoss2k.sys 180224 bytes (Creative Technology Ltd., Creative OS Services Driver (WDM))
0xF0574000 C:\WINDOWS\System32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF0703000 C:\WINDOWS\System32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF5BE0000 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 159744 bytes (Conexant Systems, HSF_HWB2 WDM driver)
0xEC8D0000 C:\WINDOWS\system32\DRIVERS\PavProc.sys 159744 bytes (Panda Security, S.L., Panda Protection driver)
0xF06DD000 C:\WINDOWS\System32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF077B000 C:\WINDOWS\system32\Drivers\NETFLTDI.SYS 155648 bytes (Panda Security, S.L., Panda TDI Filter)
0xEC99F000 C:\WINDOWS\System32\Drivers\Fastfat.SYS 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xF58BD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF5C07000 C:\WINDOWS\System32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF584E000 C:\WINDOWS\System32\DRIVERS\e100b325.sys 143360 bytes (Intel Corporation, NDIS 5 driver)
0xF58E1000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF06BB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF059F000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x806EE000 ACPI_HAL 131840 bytes
0x806EE000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF5871000 C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys 131072 bytes (Creative Technology Ltd, SoundFont® Manager (WDM))
0xF73F8000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7430000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF721F000 snapman.sys 126976 bytes (Acronis, Acronis Snapshot API)
0xF7205000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEC4F7000 C:\WINDOWS\system32\drivers\av5flt.sys 102400 bytes
0xF7418000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEE48F000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF73CF000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF57C7000 C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEC262000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF583A000 C:\WINDOWS\System32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF5C2B000 C:\WINDOWS\System32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xF07FA000 C:\WINDOWS\System32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF73BC000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF73E6000 sr.sys 73728 bytes (Microsoft Corporation, System Restore Filesystem Filter Driver)
0xF049D000 C:\WINDOWS\system32\Drivers\APPFLT.SYS 69632 bytes (Panda Security, S.L., Panda APPFLT)
0xF744F000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF57B6000 C:\WINDOWS\System32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xEF0F5000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF6093000 C:\WINDOWS\System32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF60B3000 C:\WINDOWS\System32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF76EF000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF6073000 C:\WINDOWS\System32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xEE61B000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF756F000 C:\WINDOWS\System32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF5DC5000 C:\WINDOWS\system32\DRIVERS\amm8651.sys 53248 bytes (Panda Security, S.L., Panda Anti-Malware File System Minifilter)
0xF74FF000 C:\WINDOWS\System32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF60C3000 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xEFE4A000 C:\WINDOWS\system32\PavTPK.sys 53248 bytes
0xF6063000 C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF74DF000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF5DF5000 C:\WINDOWS\system32\Drivers\DSAFLT.SYS 49152 bytes (Panda Security, S.L., -)
0xF5E35000 C:\WINDOWS\System32\Drivers\pcouffin.sys 49152 bytes (VSO Software, low level access layer for CD/DVD/BD devices)
0xF6043000 C:\WINDOWS\System32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF750F000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76CF000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF60A3000 C:\WINDOWS\System32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF74BF000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF6053000 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF74AF000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF755F000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF74CF000 pavboot.sys 40960 bytes (Panda Security, S.L., Panda Boot Driver)
0xF5E25000 C:\WINDOWS\System32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF5E15000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xF76BF000 C:\WINDOWS\system32\Drivers\WNMFLT.SYS 40960 bytes (Panda Security, S.L., -)
0xF74EF000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF76DF000 C:\WINDOWS\System32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xF6033000 C:\WINDOWS\System32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF768F000 C:\WINDOWS\System32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xBA628000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xF6083000 C:\WINDOWS\System32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77CF000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xF7787000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77A7000 C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys 32768 bytes (Panda Security, S.L., PandaShield driver)
0xF77C7000 C:\WINDOWS\System32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xEFFDF000 C:\WINDOWS\system32\DRIVERS\COMFiltr.sys 28672 bytes (-, COMFiltr)
0xF77D7000 C:\WINDOWS\System32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF772F000 C:\WINDOWS\System32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77DF000 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xF77AF000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0xF77BF000 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7777000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF779F000 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF777F000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7807000 C:\WINDOWS\System32\DRIVERS\omci.sys 20480 bytes (Dell Computer Corporation, OMCI Device Driver)
0xF7737000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF77F7000 C:\WINDOWS\System32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF773F000 PxHelp20.sys 20480 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF77FF000 C:\WINDOWS\System32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel® mini-port/call-manager driver)
0xF77EF000 C:\WINDOWS\System32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xEF03A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xECB26000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xF0C92000 C:\WINDOWS\system32\Drivers\fnetmon.SYS 16384 bytes (Panda Security, S.L., Panda FNetMon)
0xF7190000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF799F000 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF0558000 C:\WINDOWS\System32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7168000 C:\WINDOWS\System32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF78BF000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEF05A000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF716C000 C:\WINDOWS\System32\DRIVERS\gameenum.sys 12288 bytes (Microsoft Corporation, Game Port Enumerator)
0xF7164000 C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 12288 bytes (GEAR Software Inc., CD DVD Filter)
0xF422F000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xECB66000 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF715C000 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xEC7DC000 C:\WINDOWS\system32\PavSRK.sys 12288 bytes
0xF421F000 C:\WINDOWS\System32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF29E1000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7A3B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A51000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A39000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF79AF000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A3D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF79E1000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7A49000 C:\WINDOWS\System32\PfModNT.sys 8192 bytes (Creative Technology Ltd., PCI/ISA Device Info. Service)
0xF7A3F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79ED000 C:\WINDOWS\System32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A15000 C:\WINDOWS\System32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF79B1000 C:\WINDOWS\System32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7AD6000 C:\WINDOWS\System32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B3E000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7BA4000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A77000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
==============================================
>Stealth
==============================================

***********************************************************************
***********************************************************************

As directed, I then did the OTL program and here is the following two reports that were generated:

OTL.TXT

OTL logfile created on: 12/22/2010 10:58:06 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\John Flynn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.01 Gb Total Space | 156.12 Gb Free Space | 52.39% Space Free | Partition Type: NTFS

Computer Name: DG68QG21 | User Name: John Flynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 10:32:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Flynn\Desktop\OTL.exe
PRC - [2010/12/06 17:15:40 | 000,105,472 | ---- | M] () -- C:\Program Files\RegDefense\RDFNSListener.exe
PRC - [2010/09/29 04:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
PRC - [2010/09/13 04:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
PRC - [2010/08/16 08:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\psksvc.exe
PRC - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
PRC - [2010/05/28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
PRC - [2010/04/22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\WebProxy.exe
PRC - [2010/02/23 12:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
PRC - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2011\FIREWALL\PSHost.exe
PRC - [2009/10/26 15:35:30 | 000,103,768 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\concentr.exe
PRC - [2009/10/26 15:34:48 | 000,550,232 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\wfcrun32.exe
PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrlS.exe
PRC - [2009/02/06 20:37:16 | 000,115,312 | ---- | M] () -- C:\Program Files\Registry Defense\RDListener.exe
PRC - [2008/12/16 16:44:28 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2008/04/09 19:23:22 | 000,909,208 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2008/04/09 19:14:28 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2008/04/09 19:14:18 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2008/04/09 19:11:24 | 002,595,792 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/01/20 13:48:06 | 000,142,416 | R--- | M] (Command Software Systems, Inc.) -- C:\Program Files\Common Files\Command Software\dvpapi.exe
PRC - [2004/05/27 20:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2002/09/12 10:28:14 | 000,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe
PRC - [2002/04/30 03:00:00 | 000,167,424 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\Mediadet.exe
PRC - [2002/04/03 02:01:00 | 000,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2001/12/26 03:00:00 | 000,191,488 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\ShareDLL\CTNotify.exe


========== Modules (SafeList) ==========

MOD - [2010/12/22 10:32:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Flynn\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/09/29 04:11:07 | 000,157,504 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe -- (TPSrv)
SRV - [2010/09/13 04:11:00 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 08:54:45 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 17:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrls.exe -- (Panda Software Controller)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/04/09 20:42:00 | 000,492,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008/04/09 19:14:18 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/01/20 13:48:06 | 000,142,416 | R--- | M] (Command Software Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Command Software\dvpapi.exe -- (dvpapi)
SRV - [2003/04/04 13:54:50 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2002/10/10 05:18:36 | 001,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavTPK.sys -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\PavSRK.sys -- (PavSRK.sys)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wATV03nt.sys -- (iAimTV2)
DRV - File not found [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\av5flt.sys -- (AvFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NSDriver.sys -- (Ad-Watch Connect Filter)
DRV - [2010/12/21 18:18:54 | 000,013,880 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\COMFiltr.sys -- (ComFiltr)
DRV - [2010/06/22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 13:50:26 | 000,059,080 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\amm8651.sys -- (AmFSM)
DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 19:31:20 | 000,199,688 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\neti1642.sys -- (NETIMFLT01060042)
DRV - [2010/02/18 19:31:18 | 000,076,296 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPFLT.SYS -- (APPFLT)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/10/27 12:07:42 | 000,037,896 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ShlDrv51.sys -- (ShldDrv)
DRV - [2009/09/25 14:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 14:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 14:54:04 | 000,193,800 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\idsflt.sys -- (IDSFLT)
DRV - [2009/09/25 14:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 14:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsaflt.sys -- (DSAFLT)
DRV - [2009/09/14 16:18:22 | 000,163,336 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\PavProc.sys -- (PavProc)
DRV - [2008/08/19 15:20:53 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/08/19 15:20:53 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2008/08/19 15:20:48 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/08/19 15:20:39 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2006/01/20 13:40:42 | 000,783,984 | R--- | M] (Command Software Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\css-dvp.sys -- (CSS DVP)
DRV - [2004/11/22 17:36:39 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/10/28 00:00:00 | 000,016,890 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb2.sys -- (Jukebox)
DRV - [2003/10/06 13:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv)
DRV - [2003/09/22 10:43:06 | 001,330,048 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/09/22 06:48:06 | 000,130,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003/09/22 06:47:38 | 000,178,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)
DRV - [2003/04/04 14:07:20 | 000,030,336 | ---- | M] (Politecnico di Torino) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)
DRV - [2002/10/10 05:18:58 | 000,009,868 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS -- (NMSCFG)
DRV - [2002/10/09 12:50:52 | 000,170,499 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/10/09 12:50:16 | 001,175,536 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2002/10/09 12:44:10 | 000,604,240 | ---- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2002/09/27 19:56:50 | 000,009,856 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\pfc.sys -- (pfc)
DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/07/19 11:22:08 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 15:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 15:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 15:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 15:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 15:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 14:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 14:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 14:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 14:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 14:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 14:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 14:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 14:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 14:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Local Page = http://www.search-2003.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 14 BC 2C 7B 9C CB 01 [binary data]
IE - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/06 12:29:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/06 12:29:05 | 000,000,000 | ---D | M]

[2009/01/17 17:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Flynn\Application Data\Mozilla\Extensions
[2010/07/29 13:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\John Flynn\Application Data\Mozilla\Firefox\Profiles\x7edr3ze.default\extensions
[2009/10/02 20:17:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\John Flynn\Application Data\Mozilla\Firefox\Profiles\x7edr3ze.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/18 15:58:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/01 19:17:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/18 15:58:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/10/26 15:05:22 | 000,124,240 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CCMSDK.dll
[2009/10/26 15:08:20 | 000,070,488 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2009/10/26 15:09:00 | 000,091,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2009/10/26 15:08:46 | 000,022,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/26 15:30:42 | 000,406,864 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009/10/26 15:08:22 | 000,023,896 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll

O1 HOSTS File: ([2008/11/15 15:06:00 | 000,000,000 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CTNotify.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [RDFNSAgent] C:\Program Files\RegDefense\RDFNSAgent.exe ()
O4 - HKLM..\Run: [RDFNSListener] C:\Program Files\RegDefense\RDFNSListener.exe ()
O4 - HKLM..\Run: [RDListener] C:\Program Files\Registry Defense\RDListener.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2011\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006..\Run: [] File not found
O4 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe File not found
O4 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe File not found
O4 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006..\Run: [FreeRAM XP] C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe (YourWare Solutions ™)
O4 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://pccheckup.dellfix.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1156699940875 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163718983328 (MUWebControl Class)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (HouseCall Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} http://ace.synerfac.com/ARViewer/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoftware.com/activescan/as5free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.5540972222 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} http://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB (CPostLaunch Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig https://www.verizon.net/whatsnext/checkmypc/vzTCPConfig.CAB (Reg Error: Key error.)
O20 - AppInit_DLLs: (ffesym.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O20 - Winlogon\Notify\nnnkKEtU: DllName - nnnkKEtU.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnljKdc) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 10:32:39 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\John Flynn\Desktop\OTL.exe
[2010/12/17 20:26:48 | 000,000,000 | ---D | C] -- C:\CDEmulation_Disable
[2010/12/17 20:13:30 | 000,000,000 | ---D | C] -- C:\DDS
[2010/12/16 19:44:42 | 000,000,000 | ---D | C] -- C:\CCleaner
[2010/12/16 19:38:05 | 000,000,000 | ---D | C] -- C:\Foobar2000
[2010/12/16 19:36:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Flynn\Application Data\foobar2000
[2010/12/16 19:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000
[2010/12/15 13:53:08 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2010/12/15 13:09:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTemp
[2010/12/15 13:06:12 | 000,000,000 | ---D | C] -- C:\(3)dotnetfix_cleanup
[2010/12/15 12:14:50 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\John Flynn\IECompatCache
[2010/12/15 11:26:48 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Easy Assist
[2010/12/15 11:26:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/12/14 15:48:24 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2010/12/14 15:47:26 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2010/12/12 16:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Flynn\Application Data\SUPERAntiSpyware.com
[2010/12/12 16:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/12/12 16:19:45 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/12/10 14:21:57 | 000,000,000 | ---D | C] -- C:\gmer
[2010/12/09 16:38:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\John Flynn\Application Data\Malwarebytes
[2010/12/09 16:37:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/09 16:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/12/09 16:37:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/09 16:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/09 16:35:21 | 000,000,000 | ---D | C] -- C:\MBAM
[2010/12/09 15:11:31 | 000,000,000 | ---D | C] -- C:\RKILL
[2010/12/04 12:07:45 | 000,000,000 | ---D | C] -- C:\Dr Who
[2008/03/09 17:13:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\John Flynn\Application Data\pcouffin.sys
[2002/04/10 23:41:00 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/22 10:40:36 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetAdapt.cfg.bck
[2010/12/22 10:40:36 | 000,000,088 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetAdapt.cfg
[2010/12/22 10:32:55 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\John Flynn\Desktop\OTL.exe
[2010/12/22 10:29:29 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\John Flynn\Desktop\RKUnhookerLE.EXE
[2010/12/22 02:52:27 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{67EB1B04-375D-4C57-805D-B84B0FFFD548}.job
[2010/12/21 21:27:52 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT.bck
[2010/12/21 21:27:52 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2010/12/21 18:19:12 | 000,418,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\DsaFlt.rls.bck
[2010/12/21 18:19:12 | 000,418,468 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\DsaFlt.rls
[2010/12/21 18:19:12 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG.bck
[2010/12/21 18:19:12 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2010/12/21 18:19:12 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\IdsFlt.cfg.bck
[2010/12/21 18:19:12 | 000,000,252 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\IdsFlt.cfg
[2010/12/21 18:19:12 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetLoc.wlt.bck
[2010/12/21 18:19:12 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetLoc.wlt
[2010/12/21 18:19:12 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetFlt.cfg.bck
[2010/12/21 18:19:12 | 000,000,068 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetFlt.cfg
[2010/12/21 18:19:12 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\WnmFlt.cfg.bck
[2010/12/21 18:19:12 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\WnmFlt.cfg
[2010/12/21 18:19:12 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\DsaFlt.cfg.bck
[2010/12/21 18:19:12 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\DsaFlt.cfg
[2010/12/21 18:18:54 | 000,013,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2010/12/21 18:14:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/12/21 18:12:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetAR.wlt.bck
[2010/12/21 18:12:43 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\NetAR.wlt
[2010/12/21 18:11:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/12/21 18:11:13 | 1072,766,976 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/21 14:42:09 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/12/21 14:40:11 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/12/21 10:19:40 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2010/12/20 17:44:52 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\John Flynn\Desktop\Microsoft Word.lnk
[2010/12/17 23:08:17 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\John Flynn\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/12/16 21:51:37 | 000,322,132 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini
[2010/12/16 19:35:34 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\foobar2000.lnk
[2010/12/15 16:50:48 | 000,442,004 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/12/15 16:50:48 | 000,072,218 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/12/15 15:05:12 | 000,376,056 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/15 11:56:06 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\John Flynn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/15 03:22:38 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/12 22:58:57 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/12/12 16:20:02 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 10:15:21 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\John Flynn\Desktop\dds.scr
[2010/12/09 16:37:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/09 14:31:45 | 000,000,760 | ---- | M] () -- C:\Documents and Settings\John Flynn\Desktop\RegDefense.lnk
[2010/11/30 22:46:24 | 000,578,215 | ---- | M] () -- C:\Spiced Pecan Macaroon.pdf
[2010/11/30 11:22:20 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/11/30 11:22:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/11/25 08:50:29 | 000,001,606 | ---- | M] () -- C:\Documents and Settings\John Flynn\Desktop\PeerBlock.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/22 10:29:25 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\John Flynn\Desktop\RKUnhookerLE.EXE
[2010/12/16 19:35:34 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\foobar2000.lnk
[2010/12/12 16:20:02 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/12/10 10:15:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\John Flynn\Desktop\dds.scr
[2010/12/09 16:37:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/11/30 22:46:24 | 000,578,215 | ---- | C] () -- C:\Spiced Pecan Macaroon.pdf
[2010/11/18 13:19:57 | 000,013,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\COMFiltr.sys
[2010/05/28 13:09:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gcmrqdt.sys
[2010/05/28 13:08:30 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\vqdlkr.dat
[2010/05/23 11:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjauegs.sys
[2010/05/23 11:54:09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\wqhtpi.dat
[2009/12/31 21:06:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2009/12/31 20:13:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Pop Flute
[2009/12/31 20:13:06 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\John Flynn\Application Data\Plug-In Settings
[2009/12/31 20:13:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/12/31 20:11:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Plugins
[2009/12/31 20:11:04 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\John Flynn\Application Data\Planets
[2009/12/31 20:11:04 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/07/01 08:09:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2009/07/01 08:07:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2008/12/12 10:54:51 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/08 13:42:11 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/07 22:17:44 | 000,000,217 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\default.rss
[2008/12/06 19:03:14 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008/12/06 17:00:31 | 181,879,391 | ---- | C] () -- C:\Program Files\Nero7_12062008.zip
[2008/08/12 14:16:57 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Hmplayer.INI
[2008/06/05 11:09:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Dvm.INI
[2008/05/26 08:53:22 | 000,000,040 | ---- | C] () -- C:\WINDOWS\WinInit.Ini
[2008/03/09 17:14:15 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\vso_ts_preview.xml
[2008/03/09 17:13:48 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\pcouffin.log
[2008/03/09 17:13:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\inst.exe
[2008/03/09 17:13:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\pcouffin.cat
[2008/03/09 17:13:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\pcouffin.inf
[2008/03/03 17:03:05 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/03 17:03:05 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/03 17:03:03 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/03/03 17:03:02 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/02/10 17:48:18 | 000,010,856 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/17 21:13:08 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\John Flynn\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/06 07:37:23 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2006/12/06 07:37:23 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2006/08/20 08:15:25 | 000,006,048 | ---- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2006/07/22 16:35:19 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2006/07/22 16:35:19 | 000,000,268 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2005/04/18 20:27:18 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PdSACKey.sys
[2004/10/26 17:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/20 21:03:06 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PdeSrv2p.dll
[2004/08/13 20:30:10 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameD.txt
[2004/08/05 20:26:17 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/08/05 20:26:16 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/08/05 20:25:25 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/08/05 19:54:37 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2004/04/03 17:04:14 | 000,000,002 | ---- | C] () -- C:\WINDOWS\System32\nthst32.dll
[2003/10/06 13:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/09/08 17:11:22 | 000,322,132 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/09/05 17:58:32 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2003/07/23 20:20:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2003/07/08 12:41:48 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/03/14 17:49:53 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\dm.ini
[2003/02/25 19:39:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/25 19:23:41 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/02/25 19:23:13 | 000,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/02/25 19:23:13 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/02/25 19:23:12 | 000,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/02/25 19:23:12 | 000,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/02/25 19:23:12 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/02/25 19:22:29 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/02/25 19:18:31 | 000,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/25 18:57:14 | 000,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/11/01 15:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/15 17:54:04 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2002/09/30 06:10:58 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/07/04 14:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2002/03/02 03:10:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2002/02/06 10:04:14 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 15:17:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2008/03/30 09:51:52 | 000,075,048 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 7.6.2.9\iTunesSetupAdmin.exe
[2005/05/22 19:15:55 | 000,054,272 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\HTML\item_templ\coach\RunGdp.exe
[2005/06/17 18:49:20 | 000,119,030 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\CIP\UpdateAkamaiURL2s.EXE
[2005/05/22 19:16:06 | 000,054,272 | ---- | M] (Gteko Ltd.) -- C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\HTML\item_templ\coach\RunGdp.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >


***********************************************************************
***********************************************************************

and now, the EXTRAS.TXT

OTL Extras logfile created on: 12/22/2010 10:58:06 AM - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Documents and Settings\John Flynn\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 541.00 Mb Available Physical Memory | 53.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.01 Gb Total Space | 156.12 Gb Free Space | 52.39% Space Free | Partition Type: NTFS

Computer Name: DG68QG21 | User Name: John Flynn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- File not found
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- File not found
"C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_03\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Documents and Settings\John Flynn\My Documents\My Music\LimeWire\LimeWire.exe" = C:\Documents and Settings\John Flynn\My Documents\My Music\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" = C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client -- (Veoh Networks)
"C:\Documents and Settings\John Flynn\Local Settings\Temporary Internet Files\Content.IE5\GC0DCBCG\utorrent[1].exe" = C:\Documents and Settings\John Flynn\Local Settings\Temporary Internet Files\Content.IE5\GC0DCBCG\utorrent[1].exe:*:Enabled:µTorrent -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{0100A64F-7650-4580-9717-12F26CFF23CB}" = PrimoPDF
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE132}" = Microsoft Picture It! Photo 7.0
"{40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50EEDD72-3087-4DA6-BC87-AA5CBD821962}" = Panda Internet Security 2011
"{55BC7EFA-D832-4EE3-9DEA-49B0C07539D9}" =
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F6A91D-46D4-4919-ABE6-55BD17DEB039}" = Quick Movie Magic 1.0E
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5D8057E7-FF6A-4700-AF1F-4755DEE440CF}" = calibre
"{5E835305-63BB-4E55-BBB7-EEBBE67774DB}" = MyDVD
"{625BD732-ACDF-4552-BF22-98EBB413B6F3}" = McAfee Shredder
"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis True Image Home
"{6774F0CF-C7DD-4CB4-BCB2-11C3E08BBA03}" = McAfee Shredder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.3.139
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7926EFB6-7CB4-4A9D-AB01-095F67F9D519}" = Panda Internet Security 2011
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80EFBB50-5B6C-4A9D-AFBC-C7664AFF252F}" = Digital Voice Recorder
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B5732C42-99B9-41F2-80A6-0AEF04C4E19C}" = Citrix online plug-in (Web)
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2444FA0-04AA-4221-B652-73713947ED22}" = Anti-Spyware
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D3386797-A836-4030-AB5D-4E89F2F15F33}" = Authentium
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DCDC8E79-4600-4C02-9824-CD3BB8971D4E}" =
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector for Windows
"{E07C71A6-1576-4F7F-8856-B1C439E669AC}" = MotionDV STUDIO 5.6E LE for DV
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{FD8B3F7C-3D31-4EF3-9E71-C37E753FB8C5}_is1" = ConvertXtoDVD 3 english manual
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AMA" = AutoCAD 2000 Migration Assistance
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Audacity_is1" = Audacity 1.2.6
"AutoCAD 2000 Uninstall" = AutoCAD 2000
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702" = Conexant SmartHSFi V92 56K Speakerphone PCI Modem
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell File Manager" = Dell DJ Explorer
"DellSupport" = Dell Support 5.0.0 (766)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"EOS Utility" = Canon Utilities EOS Utility
"FileASSASSIN" = FileASSASSIN
"FLAC" = FLAC Installer 1.1.2a (remove only)
"foobar2000" = foobar2000 v1.1.1
"Guitar Pro 5_is1" = Guitar Pro 5.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{D1014B9B-5704-4B27-B581-1C19B72528D1}" = Panasonic DVC USB Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.0 Full
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Magic ISO Maker v5.5 (build 0261)" = Magic ISO Maker v5.5 (build 0261)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.2
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"mkwACT" = mkw Audio Compression Toolkit
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.5)" = Mozilla Firefox (3.0.5)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Display Driver" = NVIDIA Display Driver
"Panda ActiveScan" = Panda ActiveScan
"Panda spyXposer" = Panda spyXposer
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Ethernet Adapter and Software
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.43
"RegDefense" = RegDefense
"RegistryDefense" = RegistryDefense
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Rp Scan and Clean {40ACEAF4-1EB2-45FC-90C3-6810700C0595}" = Verizon PC Security Checkup
"Shockwave" = Shockwave
"SnagIt6" = SnagIt 6
"Snapshot Viewer" = Snapshot Viewer
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Verizon Quick Support" = Verizon Quick Support
"VobSub" = VobSub v2.23 (Remove Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinPcapInst" = WinPcap 3.0
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1557272208-2023390021-2826664556-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/16/2010 11:09:12 PM | Computer Name = DG68QG21 | Source = Application Hang | ID = 1002
Description = Hanging application foobar2000.exe, version 1.1.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2010 3:23:51 PM | Computer Name = DG68QG21 | Source = Application Error | ID = 1000
Description = Faulting application mDNSResponder.exe, version 1.0.4.12, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/17/2010 3:24:25 PM | Computer Name = DG68QG21 | Source = Application Error | ID = 1000
Description = Faulting application AppleMobileDeviceService.exe, version 1.14.0.0,
faulting module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 12/17/2010 9:15:48 PM | Computer Name = DG68QG21 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/17/2010 11:00:10 PM | Computer Name = DG68QG21 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 12/17/2010 11:00:10 PM | Computer Name = DG68QG21 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/21/2010 7:18:15 PM | Computer Name = DG68QG21 | Source = Ci | ID = 4124
Description = Content index on c:\system volume information\catalog.wci is corrupt.
Please shutdown and restart the Indexing Service (cisvc).

Error - 12/21/2010 7:18:15 PM | Computer Name = DG68QG21 | Source = Ci | ID = 4126
Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
Index will be automatically restored by refiltering all documents.

Error - 12/22/2010 11:38:21 AM | Computer Name = DG68QG21 | Source = Application Error | ID = 1000
Description = Faulting application rkunhookerle.exe, version 3.8.388.590, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 12/22/2010 11:39:21 AM | Computer Name = DG68QG21 | Source = Application Error | ID = 1000
Description = Faulting application rkunhookerle.exe, version 3.8.388.590, faulting
module , version 0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 12/21/2010 10:17:45 AM | Computer Name = DG68QG21 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the NVSvc service.


< End of report >


***********************************************************************
***********************************************************************

As far as how my PC is running now, I see no change - in fact as I'm typing this reply, I'm actually getting ahead of the text as it's appearing on the screen; if that's any indication, it seems to be slower?

Thanks.

#10 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:30 PM

Posted 23 December 2010 - 06:24 AM

Hi-

I'm glad you were able to pull down and run a copy of RKUnhooker. You earlier had a question about PeerBlock. I don't know the software, but the following was part of a review by Ian Harac in PCWorld -

How much use PeerBlock is to you depends on your security needs and your level of paranoia, justified or otherwise. It is a useful first line of defense against sharing information with people you don't want to share information with, but it's not absolute, and the size and scope of the lists could cause some surprises or odd behavior, especially if you forget that it's running. I would consider it generally worth trying, if only for the experience of seeing just how many sites are trying to talk to your computer during an average browsing session.


It is time to start cleaning up your computer.

We need to run an OTL Fix.
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"
:OTL
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-21-1557272208-2023390021-2826664556-1006..\Run: [] File not found
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37863.5540972222 (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig https://www.verizon.net/whatsnext/checkmypc/vzTCPConfig.CAB (Reg Error: Key error.)
O20 - AppInit_DLLs: (ffesym.dll) - File not found
O20 - Winlogon\Notify\nnnkKEtU: DllName - nnnkKEtU.dll - File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\pmnljKdc) - File not found
[2010/05/28 13:09:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gcmrqdt.sys
[2010/05/28 13:08:30 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\vqdlkr.dat
[2010/05/23 11:55:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\gjauegs.sys
[2010/05/23 11:54:09 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\John Flynn\Application Data\wqhtpi.dat
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTornado\btdownloadgui.exe" =-
"C:\Program Files\Azureus\Azureus.exe" =-
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" =-
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" =-
"C:\Documents and Settings\John Flynn\My Documents\My Music\LimeWire\LimeWire.exe" =-
"C:\Documents and Settings\John Flynn\Local Settings\Temporary Internet Files\Content.IE5\GC0DCBCG\utorrent[1].exe" =-
:commands
[emptytemp]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If you have to reboot, once back up, open the C:\_OTL\MovedFiles folder and copy the newest log into your next reply.
In your reply, please copy in the OTL Fix report and let me know how your computer is running.
Shannon

#11 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 23 December 2010 - 01:16 PM

Hi Shannon,

Thanks for the response. I did as you instructed and here is the log file (this is the one that came up, after the OTL requested re-boot). At this time, I can't say that there is any great difference in the way the PC is running, but it does seem to be a little faster. After the OTL requested re-boot, I noticed that my SuperAntispyware didn't come back up automatically. So I first saved the log file and I did a restart on the PC; It seemed to shutdown and restart faster (so that was nice), however, the SuperAntispyware program still didn't come back up automatically. Is that OK?
Anyway, here's the log file:



All processes killed
========== OTL ==========
Service Nero BackItUp Scheduler 4.0 stopped successfully!
Service Nero BackItUp Scheduler 4.0 deleted successfully!
File C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe not found.
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
File C:\WINDOWS\System32\appmgmts.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1557272208-2023390021-2826664556-1006\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Starting removal of ActiveX control {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}
C:\WINDOWS\Downloaded Program Files\mcinsctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Starting removal of ActiveX control {BCC0FF27-31D9-4614-A68E-C18E1ADA4389}
C:\WINDOWS\Downloaded Program Files\McGDMgr.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BCC0FF27-31D9-4614-A68E-C18E1ADA4389}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control vzTCPConfig
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\vzTCPConfig\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\vzTCPConfig\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:ffesym.dll deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnkKEtU\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\pmnljKdc deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\gcmrqdt.sys moved successfully.
C:\Documents and Settings\John Flynn\Application Data\vqdlkr.dat moved successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\gjauegs.sys moved successfully.
C:\Documents and Settings\John Flynn\Application Data\wqhtpi.dat moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTornado\btdownloadgui.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Azureus\Azureus.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\John Flynn\My Documents\My Music\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\John Flynn\Local Settings\Temporary Internet Files\Content.IE5\GC0DCBCG\utorrent[1].exe deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: Administrator.DG68QG21
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: John Flynn
->Temp folder emptied: 244401953 bytes
->Temporary Internet Files folder emptied: 796750499 bytes
->Java cache emptied: 225722072 bytes
->FireFox cache emptied: 3110168 bytes
->Flash cache emptied: 299463 bytes

User: LocalService
->Temp folder emptied: 66172 bytes
->Temporary Internet Files folder emptied: 1225605 bytes
->Flash cache emptied: 300 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2775569 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 62426081 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 849164844 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 399392 bytes
RecycleBin emptied: 827617 bytes

Total Files Cleaned = 2,086.00 mb


OTL by OldTimer - Version 3.2.18.0 log created on 12232010_123613

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Thanks again!

#12 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:30 PM

Posted 24 December 2010 - 06:58 AM

Hi-

Thanks for the log. Since your computer is still slow there are probably some leftovers from the HDD Plus infection that need to be removed.

Download Combofix from either of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to Temporarily Disable your Anti-virusl
Panda Internet Security Suite
Please navigate to the system tray on the bottom right hand corner and look for a sign that looks like a Pandabear head.

  • Right click it-> select "Close automatic protection.".
  • A message will pop up and warn you about disabling the protection. Chose "Yes."
  • The above sign in the systemtray will now disapear.
  • You successfully disabled the Panda Internet Security Guard.

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please copy the "C:\ComboFix.txt" into your reply.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


Next, please download MBRCheck by clicking here and save it to your desktop.
  • Be sure to disable your security programs.
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
  • A window will open on your desktop.
  • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter.
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
  • Please post the contents of that file in your next reply.

In your reply, please copy in the ComboFix report and the MBRCheck report. How is your computer running now?
Shannon

#13 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 24 December 2010 - 12:59 PM

Hi Shannon,

Thanks for the response. The Combofix seemed to run OK without any issues - I had to be real patient, because it took a long LONG time after the re-boot, to show the log file (I think it took about 30 minutes!). I then ran the MBR_Check program.
The PC sure appears to be running better. No problems with email or internet connections and I've run a couple of other programs; they seem to be OK, too.
Again, thanks! Here is the ComboFix.txt log:

ComboFix 10-12-23.05 - John Flynn 12/24/2010 10:48:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.593 [GMT -5:00]
Running from: c:\documents and settings\John Flynn\Desktop\ComboFix.exe
AV: Panda Internet Security 2011 *Disabled/Updated* {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2011 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Galactic Static
c:\documents and settings\All Users\Application Data\Galactic Static \Printers
c:\documents and settings\John Flynn\Application Data\inst.exe
c:\documents and settings\John Flynn\Favorites\MyRealPics
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
C:\Thumbs.db
c:\windows\BackUp
c:\windows\BackUp\TB040805.DAT
c:\windows\patch.exe
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\drivers\npf.sys
c:\windows\system32\fonts
c:\windows\system32\fonts\ACADEMY_.PFB
c:\windows\system32\fonts\ACADEMY_.PFM
c:\windows\system32\fonts\ACADEMY_.TTF
c:\windows\system32\Oeminfo.ini
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Legacy_WKSPATCH
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-23 17:36 . 2010-12-23 17:36 -------- d-----w- C:\_OTL
2010-12-18 01:26 . 2010-12-18 03:11 -------- d-----w- C:\CDEmulation_Disable
2010-12-18 01:13 . 2010-12-24 15:22 -------- d-----w- C:\DDS
2010-12-17 00:44 . 2010-12-17 00:45 -------- d-----w- C:\CCleaner
2010-12-17 00:38 . 2010-12-17 00:38 -------- d-----w- C:\Foobar2000
2010-12-17 00:36 . 2010-12-20 16:50 -------- d-----w- c:\documents and settings\John Flynn\Application Data\foobar2000
2010-12-17 00:35 . 2010-12-17 00:36 -------- d-----w- c:\program files\foobar2000
2010-12-15 18:53 . 2010-12-15 18:53 -------- d-----w- c:\program files\MSBuild
2010-12-15 18:09 . 2010-12-15 18:19 -------- d-----w- c:\windows\system32\URTTemp
2010-12-15 18:06 . 2010-12-17 01:01 -------- d-----w- C:\(3)dotnetfix_cleanup
2010-12-15 17:14 . 2010-12-15 17:14 -------- d-sh--w- c:\documents and settings\John Flynn\IECompatCache
2010-12-15 16:26 . 2010-12-15 16:26 -------- d-----w- c:\program files\Microsoft Easy Assist
2010-12-15 16:26 . 2010-12-15 16:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Applications
2010-12-14 20:48 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-14 20:47 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-12 21:20 . 2010-12-12 21:20 -------- d-----w- c:\documents and settings\John Flynn\Application Data\SUPERAntiSpyware.com
2010-12-12 21:20 . 2010-12-12 21:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-12-12 21:19 . 2010-12-17 22:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-10 19:21 . 2010-12-10 19:24 -------- d-----w- C:\gmer
2010-12-09 21:38 . 2010-12-09 21:38 -------- d-----w- c:\documents and settings\John Flynn\Application Data\Malwarebytes
2010-12-09 21:37 . 2010-11-30 16:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-09 21:37 . 2010-12-09 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-09 21:37 . 2010-12-09 21:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-09 21:37 . 2010-11-30 16:22 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-09 21:35 . 2010-12-10 14:35 -------- d-----w- C:\MBAM
2010-12-09 20:11 . 2010-12-09 20:12 -------- d-----w- C:\RKILL
2010-12-04 17:07 . 2010-12-12 14:38 -------- d-----w- C:\Dr Who

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-24 16:07 . 2010-11-18 18:19 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-11-18 18:12 . 2002-08-29 11:00 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 17:40 . 2010-11-09 17:40 1409 ----a-w- c:\windows\QTFont.for
2010-11-06 00:26 . 2006-06-23 15:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2002-08-29 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2002-08-29 11:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2002-08-29 11:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2002-08-29 11:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-10-26 20:05 . 2009-10-26 20:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-10-26 20:10 . 2009-10-26 20:10 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-10-26 20:08 . 2009-10-26 20:08 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2009-10-26 20:09 . 2009-10-26 20:09 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-10-26 20:08 . 2009-10-26 20:08 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-10-26 20:06 . 2009-10-26 20:06 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-10-26 20:08 . 2009-10-26 20:08 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-10-26 20:09 . 2009-10-26 20:09 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-10-19 22:58 . 2009-10-19 22:58 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-10-26 20:08 . 2009-10-26 20:08 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2002-08-29 11:00 92032 --shatr- c:\windows\SYSTEM32\mga.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-06 5058560]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 28672]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-10-08 53248]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Disc Detector"="c:\program files\Creative\ShareDLL\CtNotify.exe" [2001-12-26 191488]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-04-10 2595792]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-04-10 909208]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-04-10 136472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"RDListener"="c:\program files\Registry Defense\RDListener.exe" [2009-02-07 115312]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-12-16 479232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"RDFNSListener"="c:\program files\RegDefense\RDFNSListener.exe" [2010-12-06 105472]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-10-26 103768]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2011\APVXDWIN.EXE" [2010-08-26 988480]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2011\Inicio.exe" [2010-06-11 68928]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"RDFNSAgent"="c:\program files\RegDefense\RDFNSAgent.exe" [2010-12-06 211456]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2003-2-25 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 17:55 55552 ----a-w- c:\windows\SYSTEM32\avldr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;Panda boot driver;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [11/18/2010 1:11 PM 26696]
R1 APPFLT;App Filter Plugin;c:\windows\SYSTEM32\DRIVERS\APPFLT.SYS [11/18/2010 1:12 PM 76296]
R1 DSAFLT;DSA Filter Plugin;c:\windows\SYSTEM32\DRIVERS\dsaflt.sys [11/18/2010 1:12 PM 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\SYSTEM32\DRIVERS\fnetmon.sys [11/18/2010 1:12 PM 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\SYSTEM32\DRIVERS\idsflt.sys [11/18/2010 1:12 PM 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\SYSTEM32\DRIVERS\NETFLTDI.SYS [11/18/2010 1:12 PM 159112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [11/18/2010 1:07 PM 37896]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\SYSTEM32\DRIVERS\wnmflt.sys [11/18/2010 1:12 PM 46856]
R2 AmFSM;AmFSM;c:\windows\SYSTEM32\DRIVERS\amm8651.sys [11/18/2010 1:09 PM 59080]
R2 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [11/18/2010 1:07 PM 163336]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2011\psksvc.exe [11/18/2010 1:11 PM 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\SYSTEM32\DRIVERS\COMFiltr.sys [11/18/2010 1:19 PM 13880]
R3 NETIMFLT01060042;PANDA NDIS IM Filter Miniport v1.6.0.42;c:\windows\SYSTEM32\DRIVERS\neti1642.sys [11/18/2010 1:09 PM 199688]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2003-03-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\System32\OOBE\OOBEBALN.EXE [2002-08-29 00:12]

2010-12-24 c:\windows\Tasks\User_Feed_Synchronization-{67EB1B04-375D-4C57-805D-B84B0FFFD548}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: musicmatch.com
DPF: {D06A22B4-6087-4D3D-B7AF-82B113E9ABD4} - hxxp://www2.verizon.net/update/msnwebinstall/includes/vzWebIns.CAB
FF - ProfilePath - c:\documents and settings\John Flynn\Application Data\Mozilla\Firefox\Profiles\x7edr3ze.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -

AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-24 11:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Disc Detector = c:\program files\Creative\ShareDLL\CtNotify.exe?X???\???????????????E?@?Disc Detector?A????? ?A???????B?e!@???@???@?? C?????E?@?????????@?B???A????? ?A???????B???@?????P?????@?????????~?B~??????????@???????????????????B?????????????????????????????????r?B

scanning hidden files ...


c:\windows\system32\drivers\av5flt.sys 105088 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1557272208-2023390021-2826664556-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2db7b099-5213-4978-a7d0-95219e8f05f2}\InprocServer32]
@DACL=(02 0000)
@="c:\\WINDOWS\\system32\\ffesym.dll"
"ThreadingModel"="free"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1184)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(4632)
c:\windows\system32\WININET.dll
c:\program files\Panda Security\Panda Internet Security 2011\pavoepl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda Security\Panda Internet Security 2011\TPSrv.exe
c:\program files\PANDA SECURITY\PANDA INTERNET SECURITY 2011\WebProxy.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\CTsvcCDA.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\System32\nvsvc32.exe
c:\program files\Panda Security\Panda Internet Security 2011\PsCtrls.exe
c:\program files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda internet security 2011\firewall\PSHOST.EXE
c:\program files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
c:\program files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
c:\windows\System32\MsPMSPSv.exe
c:\program files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
c:\program files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Creative\ShareDLL\Mediadet.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Panda Security\Panda Internet Security 2011\SRVLOAD.EXE
c:\program files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2010-12-24 11:49:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-24 16:48

Pre-Run: 170,229,690,368 bytes free
Post-Run: 170,084,220,928 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 2B30EDDB9FBBDEE464BDD91DC5D15295


++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Here is the MBRCheck_12.24.10_12.13.06.txt file:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 146):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EE000 \WINDOWS\system32\hal.dll
0xF79DB000 \WINDOWS\system32\KDCOM.DLL
0xF78EB000 \WINDOWS\system32\BOOTVID.dll
0xF748C000 ACPI.sys
0xF79DD000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF747B000 pci.sys
0xF74DB000 isapnp.sys
0xF7AA3000 pciide.sys
0xF775B000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF74EB000 MountMgr.sys
0xF745C000 ftdisk.sys
0xF7763000 PartMgr.sys
0xF74FB000 pavboot.sys
0xF750B000 VolSnap.sys
0xF7444000 atapi.sys
0xF751B000 disk.sys
0xF752B000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7424000 fltmgr.sys
0xF7412000 sr.sys
0xF776B000 PxHelp20.sys
0xF73FB000 KSecDD.sys
0xF73E8000 WudfPf.sys
0xF735B000 Ntfs.sys
0xF732E000 NDIS.sys
0xF72C3000 timntr.sys
0xF753B000 Combo-Fix.sys
0xF726A000 tdrpman.sys
0xF724B000 snapman.sys
0xF7231000 Mup.sys
0xF754B000 agp440.sys
0xF774B000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6906000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF68F2000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF77DB000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF68CE000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF77E3000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF68A7000 \SystemRoot\System32\DRIVERS\HSFHWBS2.sys
0xF679C000 \SystemRoot\System32\DRIVERS\HSF_DP.sys
0xF6710000 \SystemRoot\System32\DRIVERS\HSF_CNXT.sys
0xF77EB000 \SystemRoot\System32\Drivers\Modem.SYS
0xF64DF000 \SystemRoot\system32\drivers\P16X.sys
0xF64BC000 \SystemRoot\system32\drivers\ks.sys
0xF6498000 \SystemRoot\system32\drivers\portcls.sys
0xF757B000 \SystemRoot\system32\drivers\drmk.sys
0xF646C000 \SystemRoot\System32\DRIVERS\ctoss2k.sys
0xF1D02000 \SystemRoot\System32\DRIVERS\ctsfm2k.sys
0xF79CB000 \SystemRoot\System32\DRIVERS\gameenum.sys
0xF1CDF000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF7783000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF75DB000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF778B000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7793000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF760B000 \SystemRoot\System32\DRIVERS\serial.sys
0xF79CF000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF1C7B000 \SystemRoot\System32\DRIVERS\parport.sys
0xF75EB000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF3FED000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF3FDD000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF79D3000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xF3D25000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF3FCD000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF71FC000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF1BC4000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF3FBD000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF3FAD000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF78BB000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF1BB3000 \SystemRoot\System32\DRIVERS\psched.sys
0xF3F9D000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF779B000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF77A3000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF1B83000 \SystemRoot\system32\DRIVERS\neti1642.sys
0xF3F8D000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF3F7D000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7A4D000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF1B09000 \SystemRoot\System32\DRIVERS\update.sys
0xF77AB000 \SystemRoot\System32\DRIVERS\omci.sys
0xF71DC000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF764B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF758B000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7A77000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF1FFB000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF78C3000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF02EA000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xF7A41000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7B42000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A43000 \SystemRoot\System32\Drivers\Beep.SYS
0xF1CD7000 \SystemRoot\System32\drivers\vga.sys
0xF7A47000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A45000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF1CBF000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF1CB7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF010A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF00D7000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xF007E000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xF0058000 \??\C:\WINDOWS\system32\Drivers\NETFLTDI.SYS
0xF0008000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEFFE2000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF01A1000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xEFFC0000 \SystemRoot\System32\drivers\afd.sys
0xF762B000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF768B000 \??\C:\WINDOWS\system32\Drivers\WNMFLT.SYS
0xF1CAF000 \SystemRoot\System32\DRIVERS\ShlDrv51.sys
0xEFF9E000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF1C9F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xEFF73000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xEFF03000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xEFED5000 \??\C:\WINDOWS\system32\Drivers\IDSFLT.SYS
0xF71BC000 \??\C:\WINDOWS\system32\Drivers\fnetmon.SYS
0xF76AB000 \SystemRoot\System32\Drivers\Fips.SYS
0xF76CB000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF76DB000 \??\C:\WINDOWS\system32\Drivers\DSAFLT.SYS
0xEFE9C000 \??\C:\WINDOWS\system32\Drivers\APPFLT.SYS
0xF1C5B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEFE84000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A5D000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF0126000 \SystemRoot\System32\drivers\Dxapi.sys
0xF1C8F000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF2838000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xF213A000 \SystemRoot\system32\DRIVERS\amm8651.sys
0xF1C0B000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xF216A000 \??\C:\WINDOWS\system32\PavTPK.sys
0xEED13000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xEE2BE000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7A0D000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEE313000 \SystemRoot\System32\Drivers\Aspi32.SYS
0xEE110000 \SystemRoot\system32\DRIVERS\css-dvp.sys
0xEE0EC000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xEEBDF000 \SystemRoot\System32\DRIVERS\mdmxsdk.sys
0xEE06C000 \SystemRoot\System32\DRIVERS\srv.sys
0xEDF55000 \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys
0xF7A2D000 \??\C:\WINDOWS\System32\PfModNT.sys
0xEDAB8000 \SystemRoot\system32\drivers\wdmaud.sys
0xEDC45000 \SystemRoot\system32\drivers\sysaudio.sys
0xED5C1000 \SystemRoot\System32\Drivers\HTTP.sys
0xED27A000 \SystemRoot\system32\drivers\av5flt.sys
0xED5A9000 \??\C:\WINDOWS\system32\PavSRK.sys
0xF77F3000 \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys
0xF77B3000 \??\C:\ComboFix\catchme.sys
0xF7A0B000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xED01F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\SYSTEM32\ntdll.dll

Processes (total 59):
0 System Idle Process
4 System
1052 C:\WINDOWS\SYSTEM32\smss.exe
1160 csrss.exe
1184 C:\WINDOWS\SYSTEM32\winlogon.exe
1228 C:\WINDOWS\SYSTEM32\services.exe
1240 C:\WINDOWS\SYSTEM32\lsass.exe
1396 C:\WINDOWS\SYSTEM32\svchost.exe
1476 svchost.exe
1600 C:\WINDOWS\SYSTEM32\svchost.exe
1624 C:\Program Files\Panda Security\Panda Internet Security 2011\TPSrv.exe
1700 C:\WINDOWS\SYSTEM32\svchost.exe
1804 C:\Program Files\Panda Security\Panda Internet Security 2011\WebProxy.exe
652 svchost.exe
1764 svchost.exe
1084 C:\WINDOWS\SYSTEM32\spoolsv.exe
1848 svchost.exe
404 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
680 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
932 C:\Program Files\Bonjour\mDNSResponder.exe
1380 C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE
1164 C:\Program Files\Common Files\Command Software\dvpapi.exe
336 C:\Program Files\Java\jre6\bin\jqs.exe
2016 C:\WINDOWS\SYSTEM32\nvsvc32.exe
1004 C:\Program Files\Panda Security\Panda Internet Security 2011\PsCtrlS.exe
1884 C:\Program Files\Panda Security\Panda Internet Security 2011\PavFnSvr.exe
644 C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
1312 C:\Program Files\Panda Security\Panda Internet Security 2011\FIREWALL\PSHost.exe
1036 C:\Program Files\Panda Security\Panda Internet Security 2011\PsImSvc.exe
472 C:\Program Files\Panda Security\Panda Internet Security 2011\psksvc.exe
1988 C:\WINDOWS\SYSTEM32\svchost.exe
1896 C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
1428 C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
2140 C:\Program Files\Panda Security\Panda Internet Security 2011\pavsrvx86.exe
2640 C:\Program Files\Panda Security\Panda Internet Security 2011\AVENGINE.EXE
3852 C:\Program Files\Canon\CAL\CALMAIN.exe
3428 alg.exe
2528 C:\WINDOWS\SYSTEM32\DSentry.exe
2444 C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
2584 C:\Program Files\Common Files\Dell\EUSW\Support.exe
3232 C:\Program Files\Creative\ShareDLL\CTNotify.exe
3132 C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
1372 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
448 C:\WINDOWS\SYSTEM32\svchost.exe
3220 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
2448 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
3180 C:\Program Files\Registry Defense\RDListener.exe
2152 C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
3496 C:\Program Files\Creative\ShareDLL\Mediadet.exe
3096 C:\Program Files\RegDefense\RDFNSListener.exe
4008 C:\Program Files\Citrix\ICA Client\concentr.exe
648 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3024 C:\Program Files\Citrix\ICA Client\wfcrun32.exe
2716 C:\Program Files\Digital Line Detect\DLG.exe
3992 C:\Program Files\Panda Security\Panda Internet Security 2011\PavBckPT.exe
4632 C:\WINDOWS\explorer.exe
4784 C:\ComboFix\pev.exe
8128 C:\WINDOWS\SYSTEM32\wscntfy.exe
7916 C:\Documents and Settings\John Flynn\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: WDCWD3200AAJB-22WGA0, Rev: 00.02C01

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!


+++++++++++++++++++++++++++++++++++++++++

Thanks, again!

#14 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:04:30 PM

Posted 26 December 2010 - 09:45 PM

Hi-

It looks like ComboFix did a good job of cleaning out the leftovers, but it also uncovered some other possible problems which we need to check on by uploading two files to have them checked for infections.

First, before we start, please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows


Please click this link-->Jotti
When the Jotti page has finished loading, click Jotti's Browse button and navigate to the following files in turn and click the Submit file button within Jotti.

c:\windows\SYSTEM32\mga.dll
c:\program files\mozilla firefox\plugins\icafile.dll


If Jotti reports that the file has been scanned before and gives you those results, click on the Scan Again button.
To scan the next file, click on the Next File button.
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal

Your logs show that you are using peer-to-peer (P2P) or file-sharing programs like uTorrent and LimeWire.

These programs allow to share files between users as the name(s) suggest. In today's world, the cyber crime has grown to an enormous business and any means is used to infect personal computers and to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject - Risks of File-Sharing Technology

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall uTorrent and LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

You also have Viewpoint Manager installed which is considered to be foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Next, please run Malwarebytes' Anti-Malware (MBAM)
  • Click on the Update tab and click the Check for Updates button.
  • When the update is finished, click on the Scanner tab.
  • Select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.

Then, I'd like for you to scan your machine with ESET OnlineScan
  • Hold down Control key and click on the following link to open ESET OnlineScan in a new window.
  • ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip the next two steps)
  • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

In your reply, please copy in the MBAM report and the ESET Online report(if it gives you one). Also, please let me know the results of the Jotti upload. Also, please let me know how your computer is running now.
Shannon

#15 jflynnde

jflynnde
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:04:30 PM

Posted 28 December 2010 - 12:43 PM

Happy Holidays Shannon,

Thanks for your response - however, I didn't exactly follow it in the order you specified; I hope that doesn't hurt anything.
I didn't see the part about doing the MBAM scan before the ESET scan, so I had to do the MBAM scan last.

However, here are the results:

JottiScans

Jotti's malware scan
Filename: mga.dll
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 27 Dec 2010 15:53:27 (CET)


Jotti's malware scan
Filename: icafile.dll
Status: Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 27 Dec 2010 15:57:02 (CET)


+++++++++++++++++++++++++++++++++++++++++++++++++++

ESET Scan

C:\Dad's Files\Music - Ryan\Guitar Tabs Books\Bodybuilding_-_Weightlifting_Training_Database_Book.iso probably unknown NewHeur_PE virus deleted - quarantined
C:\Nero7\Nero-7.5.9.0A_eng.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Nero9\Nero-9.0.9.4d_update.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\Nero9\Nero_BackItUp-4.0.38.0c_update.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1920\A0213925.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1920\A0213926.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1920\A0213927.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\WinRAR_Compression software\netpumper-1.25.1-setup-NP_0210.exe multiple threats deleted - quarantined



+++++++++++++++++++++++++++++++++++++++++++++++++++

MBAM log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5406

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/28/2010 12:22:20 PM
mbam-log-2010-12-28 (12-22-20).txt

Scan type: Full scan (C:\|)
Objects scanned: 275306
Time elapsed: 2 hour(s), 59 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


+++++++++++++++++++++++++++++++++++++++++++++++++++

The PC seems to be running OK. The ESET scan took almost 9 hours to complete, so I think
(when we are finished here) it's about time to relocate some of these files to another hard drive
and then try to do a checkdisk and defrag (if you think it's a good idea - maybe you could
suggest something to use?).
Anyway, thanks for your help and will wait for your reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users