Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable To Access Internet Except In Safe Mode


  • Please log in to reply
3 replies to this topic

#1 jpmurphy

jpmurphy

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 14 January 2007 - 11:52 AM

I have been absolutely unable to get online for the last few days. I have a VIA compatible fast ethernet adapter hooked up to the internet through LAN. The LAN says it is connected at 100.0 MBPS but all attempts to get online or access any of my web based programs (MSN messenger, SKYPE) are met with failure. I have run a full virus scan using Panda but Panda has been having problems itself. It has automatically disabled all protections, as well as my firewall and automatic update. Today, the problem further developed. Now, my computer refuses to play music. I can only assume it is a virus.
Anyway, here's my hijackthis log. I hope someone can help me.

Logfile of HijackThis v1.99.1
Scan saved at 12:51:23 AM, on 1/15/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Panda Software\Panda Internet Security 2007\IFACE.EXE
D:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
D:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
d:\program files\panda software\panda internet security 2007\WebProxy.exe
D:\Documents and Settings\Jamie Murphy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atimes.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Component Manager] "D:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] D:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [snpstd3] D:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [PPFW] d:\program files\panda software\panda internet security 2007\firewall\PPFW.EXE PPFW.EXE /cmd:allowpandarules /prod:platinum /mod:3 /flg:2 /ver:11.0.2
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [AIM] D:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: + &Download Express: download this file - D:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0C3F7D74-ADA5-4976-8908-A8189590DAFA} (3DGreetings.com Player 2.0) - http://www.expressit.com/Plugin/3DGreetings/vroom.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://www.shockwave.com/content/tumblebugs/axhost.cab
O16 - DPF: {880A66FC-DFCB-4950-87DC-0B49BA501517} (BoomerangUploadX Control) - http://www.petridish.net/upload/boomerangupload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://zone.msn.com/binGame/ZAxRcMgr.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.5.0_01) -
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.5.0_02) -
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DAF5D9A2-D982-4671-83E4-0398706A5F6A} (SCEWebLauncherCtl Object) - http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F9F3920B-2F24-437A-A224-D49F0004A172} (CAlambikCtl Class) - http://www.net-viewer.com/dls/AutoInstall.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: avldr - D:\WINDOWS\SYSTEM32\avldr.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - D:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - D:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - D:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - d:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - D:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - D:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - D:\WINDOWS\System32\UAService7.exe

BC AdBot (Login to Remove)

 


m

#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:34 PM

Posted 21 January 2007 - 12:12 PM

Hello jpmurphy and welcome to the BC HijackThis forum. I see no signs of viruses or malware in the log. It is clean.

If the computer is hooked to a router on a LAN then if connected it should always say 100MB. That is the computer to router connection. The problem connecting to the internet would lie in the router to modem or modem to internet connection. You can check which one by removing the router and connecting the computer directly to the modem. If that connects, then the issue is between the router and the modem. If it still doesn't connect then the problem is that the modem isn't connecting to the ISP.

Since the computer can connect when in Safe Mode then the problem probably lies in the Panda software. Since that is not loaded in Safe Mode it does not come into play. And if the protection is disabled in a normal boot it might be corrupted and the firewall portion might not be allowing any outgoing internet connections.

Just to be sure let's try a different scan and see if that shows anything. If not, then an uninstall/reinstall of Panda would be in order.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 jpmurphy

jpmurphy
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:34 AM

Posted 22 January 2007 - 12:03 PM

Hi,
Thanks for your help.
Since my last post I have deleted a few programs that I had recently installed and programs which I never use and this has enabled me to get online but the internet connection is still painfully slow, operating at only 0.5% at most. This is the same whether in safe mode or not. I live in China and the recent Taiwan earthquake broke some undersea cables which affected everyone's internet speed but all my freinds are back up to full speed now whereas I am still stuck. I have also re-installed Panda and this has solved the problem that I had with that.
I tried to repair my LAN using the repair tab and it said 'The following steps of the repair operation failed: Renewing the IP address. Please contact your network administartor or ISP'. However, after my ISP sent a repairperson his only advice was to re-install windows. I don't really see how that could make a difference.
I did, however, reinstall my driver but this has made no discernable difference.
I think that my router connects directly to the internet. I am connected to a cable internet service which is always online and doesn't require dial-up.
Here is the log from winpfind3u.exe. Hopefully you can find something.

WinPFind3 logfile created on: 1/22/2007 10:47:42 PM
WinPFind3U by OldTimer - Version 1.0.11 Folder = D:\Documents and Settings\Jamie Murphy\Desktop\WinPFind3u\
Microsoft Windows XP Service Pack 1 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2800.1106)

785904 Kb Total Physical Memory | 636688 Kb Available Physical Memory | 81.01% Memory free
1922256 Kb Paging File | 1565136 Kb Available in Paging File | 81.42% Paging File free
Paging file location(s): D:\pagefile.sys 0 0;

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 10231392 Kb Total Space | 2673896 Kb Free Space | 26.13% Space Free
Drive D: | 20482843 Kb Total Space | 7795452 Kb Free Space | 38.06% Space Free
Drive E: | 20462832 Kb Total Space | 7465152 Kb Free Space | 36.48% Space Free
Drive F: | 23536272 Kb Total Space | 11815784 Kb Free Space | 50.20% Space Free


[Processes - Non-Microsoft Only]
apvxdwin.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 10/11/2006 12:09:16 PM | Attr = ]
avengine.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\AVENGINE.EXE -> Panda Software International [Ver = 2, 0, 1840, 33 | Size = 106496 bytes | Modified Date = 8/8/2006 6:25:32 PM | Attr = ]
bittorrent.exe -> %ProgramFiles%\BitTorrent\bittorrent.exe -> [Ver = | Size = 43520 bytes | Modified Date = 9/22/2006 5:36:30 AM | Attr = ]
hpcmpmgr.exe -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ]
hpotdd01.exe -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 229437 bytes | Modified Date = 5/21/2003 6:37:08 PM | Attr = ]
hpwuschd2.exe -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
hpztsb09.exe -> %System32%\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.236.4.0 | Size = 176128 bytes | Modified Date = 9/1/2003 7:42:50 PM | Attr = ]
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
jusched.exe -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
nmbgmonitor.exe -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 2, 0, 13 | Size = 94208 bytes | Modified Date = 6/1/2006 1:32:12 PM | Attr = ]
nvsvc32.exe -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 77824 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
pavfnsvr.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 7/21/2006 12:22:32 PM | Attr = ]
pavprsrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 7/25/2005 3:02:22 PM | Attr = ]
pavsrv51.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
pnmsrv.exe -> %ProgramFiles%\panda software\panda internet security 2007\FIREWALL\PNmSrv.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 8/2/2006 2:05:54 PM | Attr = ]
psimsvc.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
pskmssvc.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 3/31/2006 2:50:52 PM | Attr = ]
srvload.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\SrvLoad.exe -> Panda Software International [Ver = 6.01.01.00 | Size = 73728 bytes | Modified Date = 1/31/2006 4:42:04 PM | Attr = ]
tpsrv.exe -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 10/9/2006 4:15:38 PM | Attr = ]
uaservice7.exe -> %System32%\UAService7.exe -> [Ver = | Size = 126976 bytes | Modified Date = 10/7/2005 1:44:18 PM | Attr = ]
vsnpstd3.exe -> %SystemRoot%\vsnpstd3.exe -> [Ver = 1, 0, 2, 2 | Size = 339968 bytes | Modified Date = 9/5/2005 3:55:08 PM | Attr = ]
webproxy.exe -> %ProgramFiles%\panda software\panda internet security 2007\WebProxy.exe -> Panda Software International [Ver = 6, 2, 22, 533 | Size = 69632 bytes | Modified Date = 6/29/2006 11:04:42 AM | Attr = ]
winpfind3u.exe -> %UserDesktop%\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.11.0 | Size = 306176 bytes | Modified Date = 1/18/2007 6:01:14 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.0.503.0 | Size = 204800 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\11\Intel 32\IDriverT.exe -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69632 bytes | Modified Date = 4/4/2005 12:41:10 AM | Attr = ]
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 492608 bytes | Modified Date = 10/30/2006 9:36:32 AM | Attr = ]
(NBService) NBService [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBService.exe -> Nero AG [Ver = 2, 2, 7, 0 | Size = 208896 bytes | Modified Date = 6/8/2006 8:29:08 PM | Attr = ]
(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Running] -> %System32%\nvsvc32.exe -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 77824 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
(PAVFNSVR) Panda Function Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE -> Panda Software International [Ver = 7.06.03.00 | Size = 159744 bytes | Modified Date = 7/21/2006 12:22:32 PM | Attr = ]
(PavPrSrv) Panda Process Protection Service [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Modified Date = 7/25/2005 3:02:22 PM | Attr = ]
(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE -> Panda Software International [Ver = 2, 0, 1840, 32 | Size = 151552 bytes | Modified Date = 8/8/2006 6:26:18 PM | Attr = ]
(pmshellsrv) Panda Antispam Engine [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -> Panda Software International [Ver = 1, 3, 1, 0 | Size = 411096 bytes | Modified Date = 3/31/2006 2:50:52 PM | Attr = ]
(PNMSRV) Panda Network Manager [Win32_Own | Auto | Running] -> %ProgramFiles%\panda software\panda internet security 2007\FIREWALL\PNmSrv.exe -> Panda Software International [Ver = 3, 0, 0,21 | Size = 811008 bytes | Modified Date = 8/2/2006 2:05:54 PM | Attr = ]
(PSIMSVC) Panda IManager Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PsImSvc.exe -> Panda Software [Ver = 2, 6, 36, 0 | Size = 102400 bytes | Modified Date = 7/4/2006 2:25:34 PM | Attr = ]
(TPSrv) Panda TPSrv [Win32_Own | Auto | Running] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\TPSrv.exe -> Panda Software [Ver = 7, 0, 2, 0 | Size = 348160 bytes | Modified Date = 10/9/2006 4:15:38 PM | Attr = ]
(UserAccess7) SecuROM User Access Service (V7) [Win32_Own | Auto | Running] -> %System32%\UAService7.exe -> [Ver = | Size = 126976 bytes | Modified Date = 10/7/2005 1:44:18 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
APVXDWIN -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\apvxdwin.exe -> Panda Software International [Ver = 7.10.06.02 | Size = 364544 bytes | Modified Date = 10/11/2006 12:09:16 PM | Attr = ]
Cmaudio -> cmicnfg.CPL -> File not found
DeviceDiscovery -> %ProgramFiles%\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe -> Hewlett-Packard [Ver = 1, 0, 0, 1 | Size = 229437 bytes | Modified Date = 5/21/2003 6:37:08 PM | Attr = ]
HP Component Manager -> %ProgramFiles%\HP\hpcoretech\hpcmpmgr.exe -> Hewlett-Packard Company [Ver = 2.1.1.0 | Size = 241664 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ]
HP Software Update -> %ProgramFiles%\Hewlett-Packard\HP Software Update\HPWuSchd2.exe -> Hewlett-Packard Co. [Ver = 50.0.146.000 | Size = 49152 bytes | Modified Date = 2/16/2005 11:11:42 PM | Attr = ]
HPDJ Taskbar Utility -> %System32%\spool\drivers\w32x86\3\hpztsb09.exe -> HP [Ver = 2.236.4.0 | Size = 176128 bytes | Modified Date = 9/1/2003 7:42:50 PM | Attr = ]
KernelFaultCheck -> -> File not found
NvCplDaemon -> %System32%\nvcpl.dll [RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup] -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 3022848 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
nwiz -> %System32%\nwiz.exe -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 753664 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.4 | Size = 282624 bytes | Modified Date = 12/3/2006 1:03:42 PM | Attr = ]
SCANINICIO -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\Inicio.exe -> Panda Software International [Ver = 6.1.1.1 | Size = 22528 bytes | Modified Date = 2/1/2006 6:13:08 PM | Attr = ]
snpstd3 -> %SystemRoot%\vsnpstd3.exe -> [Ver = 1, 0, 2, 2 | Size = 339968 bytes | Modified Date = 9/5/2005 3:55:08 PM | Attr = ]
SunJavaUpdateSched -> %ProgramFiles%\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 11/9/2006 3:07:30 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} -> %CommonProgramFiles%\Ahead\Lib\NMBgMonitor.exe -> Nero AG [Ver = 1, 2, 0, 13 | Size = 94208 bytes | Modified Date = 6/1/2006 1:32:12 PM | Attr = ]
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 18577448 bytes | Modified Date = 5/11/2006 5:24:50 PM | Attr = ]
updateMgr -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe -> Adobe Systems Incorporated [Ver = 3.1.0.10 | Size = 313472 bytes | Modified Date = 3/30/2006 4:45:08 PM | Attr = R ]
< Common Startup > -> D:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Adobe Reader Speed Launch.lnk -> %ProgramFiles%\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> Adobe Systems Incorporated [Ver = 7.0.5.2005092300 | Size = 29696 bytes | Modified Date = 9/23/2005 10:05:26 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
AIM -> %ProgramFiles%\AIM\aim.exe -cnetwait.odl -> File not found
iTunesHelper -> %ProgramFiles%\iTunes\iTunesHelper.exe -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 256576 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
NeroFilterCheck -> %CommonProgramFiles%\Ahead\Lib\NeroCheck.exe -> Nero AG [Ver = 1, 0, 0, 5 | Size = 155648 bytes | Modified Date = 1/12/2006 4:40:44 PM | Attr = ]
QuickTime Task -> %ProgramFiles%\QuickTime\qttask.exe -> Apple Computer, Inc. [Ver = 7.1.4 | Size = 282624 bytes | Modified Date = 12/3/2006 1:03:42 PM | Attr = ]
RealPlayer -> %ProgramFiles%\Real\RealPlayer\realplay.exe -> File not found
Skype -> %ProgramFiles%\Skype\Phone\Skype.exe -> [Ver = | Size = 18577448 bytes | Modified Date = 5/11/2006 5:24:50 PM | Attr = ]
TkBellExe -> %CommonProgramFiles%\Real\Update_OB\realsched.exe -> File not found
WinampAgent -> %ProgramFiles%\Winamp\winampa.exe -> [Ver = | Size = 35328 bytes | Modified Date = 6/22/2006 1:14:50 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run\\wininet.dll -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> D:\WINDOWS\System32\drivers\etc\Hosts
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com ->
HKCU: Default_Search_URL -> http://ie.search.msn.com ->
HKCU: Local Page -> D:\WINDOWS\System32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> http://www.atimes.com/ ->
HKCU: ProxyEnable -> 0 ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> Adobe Systems Incorporated [Ver = 7.0.9.2006121800 | Size = 59032 bytes | Modified Date = 12/18/2006 4:16:42 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
< Internet Explorer Bars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer Bars [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKLM] -> Reg Data - Key not found [Reg Data - Key not found] -> File not found
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8198 - Sun Java Console ->
{4528BBE0-4E08-11D5-AD55-00010333D0AD} -> 8193 - Reg Data - Key not found ->
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> 8194 - Reg Data - Value does not exist ->
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> 8195 - Reg Data - Value does not exist ->
{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -> 8192 - Reg Data - Key not found ->
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -> 8200 - Reg Data - Key not found ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8197 - Windows Messenger ->
NextId -> 8201 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 11/9/2006 3:21:54 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> %ProgramFiles%\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 11/9/2006 3:21:52 PM | Attr = ]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -> Reg Data - Value does not exist [ButtonText: Research] -> File not found
{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} -> %ProgramFiles%\AIM\aim.exe [ButtonText: AIM] -> America Online, Inc. [Ver = 5.9.6089 | Size = 67112 bytes | Modified Date = 8/1/2006 3:35:36 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
+ &Download Express: download this file -> %ProgramFiles%\Download Express\add_url.htm -> [Ver = | Size = 1028 bytes | Modified Date = 7/8/2002 2:10:10 PM | Attr = ]
E&xport to Microsoft Excel -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{1CDB2949-8F65-4355-8456-263E7C208A5D} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer] -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 450560 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} [HKLM] -> %System32%\nvshell.dll [Desktop Explorer Menu] -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 450560 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView Desktop Context Menu] -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 450560 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
{32020A01-506E-484D-A2A8-BE3CF17601C3} [HKLM] -> Reg Data - Key not found [AlcoholShellEx] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PavOLE.dll [Panda Antivirus] -> Panda Software [Ver = 11.10.06.01 | Size = 73728 bytes | Modified Date = 10/11/2006 11:45:46 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR shell extension] -> [Ver = | Size = 124416 bytes | Modified Date = 4/22/2005 5:16:28 PM | Attr = ]
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} [HKLM] -> %ProgramFiles%\iTunes\iTunesMiniPlayer.dll [iTunes] -> Apple Computer, Inc. [Ver = 7.0.2.16 | Size = 132672 bytes | Modified Date = 10/30/2006 9:36:36 AM | Attr = ]
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} [HKLM] -> Reg Data - Key not found [Shell Extensions for RealOne Player] -> File not found
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 2, 7, 0 | Size = 73728 bytes | Modified Date = 6/8/2006 8:29:30 PM | Attr = ]
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PavOLE.dll [Panda Antivirus] -> Panda Software [Ver = 11.10.06.01 | Size = 73728 bytes | Modified Date = 10/11/2006 11:45:46 AM | Attr = ]
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 124416 bytes | Modified Date = 4/22/2005 5:16:28 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 124416 bytes | Modified Date = 4/22/2005 5:16:28 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} [HKLM] -> %System32%\nvshell.dll [nView] -> NVIDIA Corporation [Ver = 6.14.10.5303 | Size = 450560 bytes | Modified Date = 11/17/2003 10:33:00 AM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} [HKLM] -> %ProgramFiles%\Nero\Nero 7\Nero BackItUp\NBShell.dll [NBShellHook Class] -> Nero AG [Ver = 2, 2, 7, 0 | Size = 73728 bytes | Modified Date = 6/8/2006 8:29:30 PM | Attr = ]
{65756541-C65C-11CD-0000-4B656E696100} [HKLM] -> %ProgramFiles%\Panda Software\Panda Internet Security 2007\PavOLE.dll [Panda Antivirus] -> Panda Software [Ver = 11.10.06.01 | Size = 73728 bytes | Modified Date = 10/11/2006 11:45:46 AM | Attr = ]
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} [HKLM] -> Reg Data - Key not found [PowerISO] -> File not found
{B41DB860-8EE4-11D2-9906-E49FADC173CA} [HKLM] -> %ProgramFiles%\WinRAR\RarExt.dll [WinRAR] -> [Ver = | Size = 124416 bytes | Modified Date = 4/22/2005 5:16:28 PM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll [PDF Shell Extension] -> Adobe Systems, Inc. [Ver = 7.0.0.0 | Size = 110592 bytes | Modified Date = 12/14/2004 2:20:02 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
sv1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{61AAB80E-412A-47E0-9960-23CC18AC80E8} -> () ->
{8B7FD66F-5471-4F82-B971-0E117092FF44} -> (VIA Compatable Fast Ethernet Adapter) ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
cetihpz -> %ProgramFiles%\HP\hpcoretech\comp\hpuiprot.dll -> Hewlett-Packard Company [Ver = 2.1.5 | Size = 81920 bytes | Modified Date = 5/12/2004 3:18:56 PM | Attr = ]
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
vnd.ms.radio -> %System32%\msdxm.ocx -> [Ver = | Size = 844048 bytes | Modified Date = 9/17/2003 11:01:28 AM | Attr = ]
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} -> QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab ->
{0C3F7D74-ADA5-4976-8908-A8189590DAFA} -> 3DGreetings.com Player 2.0 - CodeBase = http://www.expressit.com/Plugin/3DGreetings/vroom.CAB ->
{166B1BCA-3F9C-11CF-8075-444553540000} -> Shockwave ActiveX Control - CodeBase = http://fpdownload.macromedia.com/get/shock...director/sw.cab ->
{2B323CD9-50E3-11D3-9466-00A0C9700498} -> Yahoo! Audio Conferencing - CodeBase = http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab ->
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} -> YInstStarter Class - CodeBase = http://download.yahoo.com/dl/installs/yinst0401.cab ->
{3334504D-9980-0010-8000-00AA00389B71} -> - CodeBase = http://download.microsoft.com/download/0/C...C4D/mp43dmo.CAB ->
{3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} -> WebGameLoader Class - CodeBase = http://zone.msn.com/bingame/rtlw/default/R...bGameLoader.cab ->
{4F1E5B1A-2A80-42CA-8532-2D05CB959537} -> MSN Photo Upload Tool - CodeBase = http://spaces.msn.com//PhotoUpload/MsnPUpld.cab ->
{7D1E9C49-BD6A-11D3-87A8-009027A35D73} -> Yahoo! Audio UI1 - CodeBase = http://chat.yahoo.com/cab/yacsui.cab ->
{7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} -> MJLauncherCtrl Class - CodeBase = http://zone.msn.com/bingame/luxr/default/mjolauncher.cab ->
{87056D28-9730-4A47-B9F9-7E890B62C58A} -> WildfireActiveXHost Class - CodeBase = http://www.shockwave.com/content/tumblebugs/axhost.cab ->
{880A66FC-DFCB-4950-87DC-0B49BA501517} -> BoomerangUploadX Control - CodeBase = http://www.petridish.net/upload/boomerangupload.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -> ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab ->
{9AA73F41-EC64-489E-9A73-9CD52E528BC4} -> ZoneAxRcMgr Class - CodeBase = http://zone.msn.com/binGame/ZAxRcMgr.cab ->
{9F1C11AA-197B-4942-BA54-47A8489BB47F} -> - CodeBase = http://v4.windowsupdate.microsoft.com/CAB/...8177.4005439815 ->
{A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} -> Aurigma Image Uploader 3.5 Control - CodeBase = http://filelodge.bolt.com/ImageUploader3.cab ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} -> ZoneIntro Class - CodeBase = http://cdn2.zone.msn.com/binFramework/v10/...ro.cab53083.cab ->
{B9191F79-5613-4C76-AA2A-398534BB8999} -> - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab ->
{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_01 - CodeBase = ->
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_02 - CodeBase = ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_09 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://download.macromedia.com/pub/shockwa...ash/swflash.cab ->
{D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} -> TikGames Online Control - CodeBase = http://zone.msn.com/bingame/gold/default/gf.cab ->
{DAF5D9A2-D982-4671-83E4-0398706A5F6A} -> SCEWebLauncherCtl Object - CodeBase = http://zone.msn.com/bingame/hsol/default/SCEWebLauncher.cab ->
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -> - CodeBase = http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab ->
{E5D419D6-A846-4514-9FAD-97E826C84822} -> HeartbeatCtl Class - CodeBase = http://fdl.msn.com/zone/datafiles/heartbeat.cab ->
{F9F3920B-2F24-437A-A224-D49F0004A172} -> CAlambikCtl Class - CodeBase = http://www.net-viewer.com/dls/AutoInstall.exe ->


[Files - Created Within 30 days]
PavPrSrv.exe -> %CommonProgramFiles%\Panda Software\PavShld\PavPrSrv.exe -> Panda Software [Ver = 1.3.0.0 | Size = 32768 bytes | Created Date = 1/20/2007 4:54:47 PM | Attr = ]
PavShld.dll -> %CommonProgramFiles%\Panda Software\PavShld\PavShld.dll -> Panda Software International [Ver = 1, 1, 7, 16 | Size = 155648 bytes | Created Date = 1/20/2007 4:54:47 PM | Attr = ]
PAVSHLD.RPE -> %CommonProgramFiles%\Panda Software\PavShld\PAVSHLD.RPE -> [Ver = | Size = 289 bytes | Created Date = 1/20/2007 4:54:47 PM | Attr = ]
ProcProt.dll -> %CommonProgramFiles%\Panda Software\PavShld\ProcProt.dll -> Panda Software [Ver = 1.3.6.3 | Size = 69632 bytes | Created Date = 1/20/2007 4:54:47 PM | Attr = ]
PAVSHRB.INI -> %SystemRoot%\PAVSHRB.INI -> [Ver = | Size = 0 bytes | Created Date = 1/15/2007 1:00:30 AM | Attr = ]
avldr.dll -> %System32%\avldr.dll -> Panda Software [Ver = 2, 0, 1840, 1 | Size = 45056 bytes | Created Date = 1/20/2007 4:57:08 PM | Attr = ]
HHActiveX.dll -> %System32%\HHActiveX.dll -> eHelp Corporation. [Ver = 9.20.566 | Size = 446464 bytes | Created Date = 1/20/2007 4:57:19 PM | Attr = ]
pavipc.dll -> %System32%\pavipc.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 57344 bytes | Created Date = 1/20/2007 4:57:15 PM | Attr = ]
PavSHook.dll -> %System32%\PavSHook.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 245760 bytes | Created Date = 1/20/2007 4:57:15 PM | Attr = ]
SI.bin -> %System32%\SI.bin -> [Ver = | Size = 1 bytes | Created Date = 1/16/2007 2:21:58 PM | Attr = ]
SYSTOOLS.DLL -> %System32%\SYSTOOLS.DLL -> Panda Software [Ver = 7.0.2.0 | Size = 101888 bytes | Created Date = 1/20/2007 4:57:14 PM | Attr = ]
TpUtil.dll -> %System32%\TpUtil.dll -> Panda Software [Ver = 7, 0, 2, 0 | Size = 139264 bytes | Created Date = 1/20/2007 4:57:15 PM | Attr = ]
APPFCONT.DAT -> %System32%\drivers\APPFCONT.DAT -> [Ver = | Size = 181696 bytes | Created Date = 1/20/2007 4:57:37 PM | Attr = ]
APPFLT.SYS -> %System32%\drivers\APPFLT.SYS -> Panda Software [Ver = 2.0.1.23 | Size = 44544 bytes | Created Date = 1/20/2007 4:57:32 PM | Attr = ]
APPFLTR.CFG -> %System32%\drivers\APPFLTR.CFG -> [Ver = | Size = 1132 bytes | Created Date = 1/20/2007 4:57:37 PM | Attr = ]
cpoint.sys -> %System32%\drivers\cpoint.sys -> Panda Software [Ver = 1, 2, 0, 2 | Size = 16640 bytes | Created Date = 1/20/2007 4:57:15 PM | Attr = ]
dsaflt.sys -> %System32%\drivers\dsaflt.sys -> Panda Software International [Ver = 1, 3, 0, 10 | Size = 36864 bytes | Created Date = 1/20/2007 4:57:32 PM | Attr = ]
fnetmon.sys -> %System32%\drivers\fnetmon.sys -> Panda Software [Ver = 2.00.00.14 | Size = 9216 bytes | Created Date = 1/20/2007 4:57:32 PM | Attr = ]
idsflt.sys -> %System32%\drivers\idsflt.sys -> Panda Software International [Ver = 1, 3, 0, 4 | Size = 185472 bytes | Created Date = 1/20/2007 4:57:32 PM | Attr = ]
netflt.sys -> %System32%\drivers\netflt.sys -> Panda Software International [Ver = 1, 3, 0, 34 | Size = 141312 bytes | Created Date = 1/20/2007 4:57:31 PM | Attr = ]
netfltdi.sys -> %System32%\drivers\netfltdi.sys -> Panda Software [Ver = 2.0.0.0 | Size = 103936 bytes | Created Date = 1/20/2007 4:57:31 PM | Attr = ]
pavdrv51.sys -> %System32%\drivers\pavdrv51.sys -> Panda Software International [Ver = 5.1.2600.1017 (av05_rtm.050613-1650) | Size = 71552 bytes | Created Date = 1/20/2007 4:54:41 PM | Attr = ]
PavProc.sys -> %System32%\drivers\PavProc.sys -> Panda Software [Ver = 1.1.2.0 | Size = 165120 bytes | Created Date = 1/20/2007 4:54:47 PM | Attr = ]
ShldDrv.sys -> %System32%\drivers\ShldDrv.sys -> Panda Software [Ver = 1.3.6.0 | Size = 26752 bytes | Created Date = 1/20/2007 4:54:47 PM | Attr = ]
smsflt.sys -> %System32%\drivers\smsflt.sys -> Panda Software International [Ver = 1, 3, 0, 10 | Size = 23296 bytes | Created Date = 1/20/2007 4:57:32 PM | Attr = ]
wnmflt.sys -> %System32%\drivers\wnmflt.sys -> Panda Software International [Ver = 1, 3, 0, 31 | Size = 16256 bytes | Created Date = 1/20/2007 4:57:32 PM | Attr = ]
wnmsav.dat -> %System32%\drivers\wnmsav.dat -> [Ver = | Size = 0 bytes | Created Date = 1/14/2007 7:09:33 PM | Attr = ]

[Files - Modified Within 30 days]
PAVSHLD.RPE -> %CommonProgramFiles%\Panda Software\PavShld\PAVSHLD.RPE -> [Ver = | Size = 289 bytes | Modified Date = 1/20/2007 4:54:48 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 1/22/2007 8:54:48 PM | Attr = S]
imsins.BAK -> %SystemRoot%\imsins.BAK -> [Ver = | Size = 4566 bytes | Modified Date = 1/13/2007 6:02:42 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 1/22/2007 12:36:38 AM | Attr = ]
PAVSHRB.INI -> %SystemRoot%\PAVSHRB.INI -> [Ver = | Size = 0 bytes | Modified Date = 1/15/2007 1:00:32 AM | Attr = ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 261 bytes | Modified Date = 1/13/2007 6:26:08 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1030 bytes | Modified Date = 1/14/2007 1:55:36 PM | Attr = ]
perfc009.dat -> %System32%\perfc009.dat -> [Ver = | Size = 40836 bytes | Modified Date = 1/13/2007 6:02:30 PM | Attr = ]
perfh009.dat -> %System32%\perfh009.dat -> [Ver = | Size = 314508 bytes | Modified Date = 1/13/2007 6:02:30 PM | Attr = ]
PerfStringBackup.INI -> %System32%\PerfStringBackup.INI -> [Ver = | Size = 359090 bytes | Modified Date = 1/13/2007 6:02:30 PM | Attr = ]
SI.bin -> %System32%\SI.bin -> [Ver = | Size = 1 bytes | Modified Date = 1/16/2007 2:22:00 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2262 bytes | Modified Date = 1/19/2007 6:33:22 PM | Attr = ]
APPFCONT.DAT -> %System32%\drivers\APPFCONT.DAT -> [Ver = | Size = 181696 bytes | Modified Date = 1/22/2007 10:32:58 PM | Attr = ]
APPFLTR.CFG -> %System32%\drivers\APPFLTR.CFG -> [Ver = | Size = 1132 bytes | Modified Date = 1/22/2007 8:56:26 PM | Attr = ]
secdrv.sys -> %System32%\drivers\secdrv.sys -> Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K. [Ver = 4.00.060 | Size = 163644 bytes | Modified Date = 1/20/2007 2:14:52 AM | Attr = ]
wnmsav.dat -> %System32%\drivers\wnmsav.dat -> [Ver = | Size = 0 bytes | Modified Date = 1/14/2007 7:09:34 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 3/2/2006 5:18:34 PM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_09.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4490872 bytes | Modified Date = 10/12/2006 3:41:58 AM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 11/9/2006 3:38:38 PM | Attr = ]
PEC2 , -> %SystemRoot%\SOX.EXE -> [Ver = | Size = 621309 bytes | Modified Date = 9/19/2000 8:18:04 PM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 8/23/2001 8:00:00 PM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:34 PM

Posted 22 January 2007 - 06:34 PM

Hi jpmurphy. That is squeaky clean also. I do not see any malware issues in the log.

If the computer is hooked directly to the modem then it cannot renew the IP address because the computer doesn't obtain the IP address, the modem does. If the IP from the ISP is not fixed then to get a new IP shut the modem down for about 5 minutes and then turn it back on. The ISP will drop the current IP and assign a new one when the connection comes back online.

If the repair tech did a speed test through the modem with their own equipment and did not have a speed issue then it would point to an issue within the computer. You could test that by hooking the computer up to someone else's connection who does not have any problems and see what the performance is like (or hook a different computer up to this connection and see if it has problems or not). If this computer is fine on another connection or a different computer has the same problems on this connection, then the problem would lie with the ISP (possibly with the physical connection between the modem and the ISP). If this computer still has problems on another connection or a different computer has no problems on this connection, then it would point to an issue with this computer (either with an application or the configuration). In that case, I would suggest posting in the Web Browsing forum here: http://www.bleepingcomputer.com/forums/f/14/web-browsingemail-and-other-internet-applications/ . They can help sort out non-malware related performance issues. Let them know that you have already been to this forum and that no malware was found.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users