Boards.ie uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Click here to find out more x
Post Reply  
 
Thread Tools Search this Thread
22-07-2011, 00:52   #1
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
I have a virus

As the title says I have a virus.
PC is Dell Dimension 2400
OS is Windows XP Home SP3
I ran updates and scans with everything I had: AVG, Adaware, Spybots, EMCO, Malwarebytes and Super-antispyware. Adaware was the only one that found anything and I thought that was problem solved. Not so.
So I tried installing PC Tools Antivirus as that has resolved issues for me in the past. It just seemed to make matters worse, particularly as it installed Browser Defender Tool without asking and Add/ Remove Programs won't delete it.
I tried running the steps in the I have a virus thread but not all of the steps worked. I did manage to get the log files which I'll post below.
In the meantime I read some of the stickies here and the consensus seems to be that Microsoft Security Essentials is the way to go and that AVG isn't what it used to be. So I followed the instructions for installing MSE including deleting all my existing anti-virus software only to find that MSE can't complete it's install. And this is the same for just about everything I've tried since. I get runtime errors or messages saying windows explorer has to close.
I ran an online scan using Trend which found nothing and I managed to install Panda but again it also found nothing.
I don't have a clue where I am at this stage and I would really appreciate some help in solving this.
Here are the log files firstly from yesterday and again from just now:
Quote:
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Owner at 22:32:05 on 2011-07-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.353.1033.18.1015.345 [GMT 1:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ================
.
\??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
\??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
\??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.expatshield.com/g/?c=h
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295893113083
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{69483A58-0085-49EC-8312-6BAE553AD016} : DHCPNameServer = 89.101.160.4 89.101.160.5
Handler: ipp - <Clsid value has no data>
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: msdaipp - <Clsid value has no data>
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\52tqz8gr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.boards.ie/?filter=all
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-25 64288]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-24 366640]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-24 22712]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\pctsd.sys --> c:\windows\system32\drivers\PCTSD.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2151640]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
.
=============== Created Last 30 ================
.
2011-07-19 19:24:41 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2011-07-19 19:24:41 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-07-19 15:49:30 -------- d-----w- C:\FU_Backup
2011-07-19 15:49:30 -------- d-----w- c:\documents and settings\owner\application data\CheeseSoft
2011-07-19 15:49:21 -------- d-----w- c:\program files\FinalUninstaller
2011-07-19 10:25:17 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-19 10:25:16 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-07-19 10:25:16 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-19 10:25:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-14 18:39:25 -------- d-----w- C:\Expat Shield
2011-07-09 22:06:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\Freemake
2011-07-09 21:41:53 -------- d-----w- c:\program files\Freemake
2011-07-09 21:39:35 -------- d-----w- c:\documents and settings\owner\application data\AnvSoft
2011-07-09 20:59:03 -------- d-----w- c:\documents and settings\owner\local settings\application data\Wondershare
2011-07-09 20:59:00 -------- d-----w- c:\program files\common files\Wondershare
2011-07-09 20:58:36 496640 ----a-w- c:\windows\system32\xvid.ax
2011-07-09 20:58:35 892928 ----a-w- c:\windows\system32\iconv.dll
2011-07-09 20:58:35 675840 ----a-w- c:\windows\system32\ac3filter.ax
2011-07-09 20:58:31 -------- d-----w- c:\program files\Wondershare
2011-07-09 20:51:06 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2011-07-09 20:51:01 -------- d-----w- c:\documents and settings\owner\application data\AVS4YOU
2011-07-09 20:49:19 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-07-09 20:49:16 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-09 20:49:16 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-07-09 20:49:15 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-07-09 20:48:51 -------- d-----w- c:\program files\AVS4YOU
2011-07-09 20:48:41 -------- d-----w- c:\program files\common files\AVSMedia
2011-07-06 14:30:00 719872 ----a-w- c:\windows\system32\devil.dll
2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2011-07-06 14:30:00 369152 ----a-w- c:\windows\system32\avisynth.dll
2011-07-06 14:30:00 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2011-07-06 14:30:00 -------- d-----w- c:\program files\AviSynth 2.5
2011-07-06 14:24:41 -------- d-----w- c:\program files\eRightSoft
2011-06-21 19:34:15 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-21 19:34:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
.
==================== Find3M ====================
.
2011-07-19 14:53:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-09 21:07:05 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-07-09 21:07:05 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-07-09 21:07:05 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-07-09 21:06:50 59888 ------w- c:\windows\system32\pxwma.dll
2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-20 10:39:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 23:03:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-14 23:03:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ------w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ------w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 22:32:24.46 ===============
Quote:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 24/01/2011 17:32:56
System Uptime: 19/07/2011 22:11:52 (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 15.638 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP73: 21/04/2011 14:23:58 - System Checkpoint
RP74: 22/04/2011 14:43:43 - System Checkpoint
RP75: 23/04/2011 23:42:14 - System Checkpoint
RP76: 25/04/2011 12:46:55 - System Checkpoint
RP77: 27/04/2011 19:40:06 - Software Distribution Service 3.0
RP78: 28/04/2011 20:18:51 - System Checkpoint
RP79: 30/04/2011 10:21:27 - System Checkpoint
RP80: 02/05/2011 14:43:56 - System Checkpoint
RP81: 08/05/2011 15:28:19 - System Checkpoint
RP82: 09/05/2011 21:48:56 - System Checkpoint
RP83: 11/05/2011 16:57:43 - Software Distribution Service 3.0
RP84: 12/05/2011 14:29:13 - Printer Driver HP Officejet 4300 series fax Installed
RP85: 12/05/2011 15:09:46 - Removed HP Photosmart Essential
RP86: 13/05/2011 15:56:47 - System Checkpoint
RP87: 13/05/2011 16:44:52 - Software Distribution Service 3.0
RP88: 14/05/2011 10:32:12 - Software Distribution Service 3.0
RP89: 16/05/2011 13:48:49 - System Checkpoint
RP90: 18/05/2011 18:19:02 - System Checkpoint
.
==== Installed Programs ======================
.
4300
4300_Help
4300Trb
Abexo Free Registry Cleaner
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2011
Bonjour
Broadcom 440x 10/100 Integrated Controller
CCleaner
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Dell ResourceCD
Fax_CDA
FLV Player 2.0 (build 25)
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB976002-v5)
HP PSC & OfficeJet 6.1.A
HP Update
Image Resizer Powertoy for Windows XP
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Malware Destroyer
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy_CDA
ProductContextNPI
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB923789)
SoundMAX
Spybot - Search & Destroy
SpywareBlaster 4.4
SUPERAntiSpyware Free Edition
VideoLAN VLC media player 0.8.6i
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
19/07/2011 16:14:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
19/07/2011 16:13:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
19/07/2011 16:11:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
19/07/2011 16:11:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/07/2011 19:42:16, error: Dhcp [1002] - The IP address lease 10.201.48.54 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.203.47.254 (The DHCP Server sent a DHCPNACK message).
17/07/2011 14:38:50, error: Dhcp [1002] - The IP address lease 10.201.24.57 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.55.254 (The DHCP Server sent a DHCPNACK message).
15/07/2011 14:04:35, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000F1F549173. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
14/07/2011 20:57:53, error: Dhcp [1002] - The IP address lease 10.201.24.32 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.31.254 (The DHCP Server sent a DHCPNACK message).
14/07/2011 20:07:35, error: Dhcp [1002] - The IP address lease 10.201.48.7 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.31.254 (The DHCP Server sent a DHCPNACK message).
14/07/2011 20:01:51, error: Dhcp [1002] - The IP address lease 10.204.24.111 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.55.254 (The DHCP Server sent a DHCPNACK message).
14/07/2011 19:55:17, error: Dhcp [1002] - The IP address lease 10.204.56.47 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.204.31.254 (The DHCP Server sent a DHCPNACK message).
14/07/2011 19:53:02, error: Dhcp [1002] - The IP address lease 10.204.64.31 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.204.63.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
Quote:
DDS (Ver_2011-07-14.01) - NTFS_x86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
Run by Owner at 0:39:05 on 2011-07-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.353.1033.18.1015.460 [GMT 1:00]
.
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
.
============== Running Processes ================
.
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Security\BDT\FGuard.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.expatshield.com/g/?c=h
uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2012\Inicio.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\windows\system32\ESPFSPI.DLL
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295893113083
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: NameServer = 89.101.160.4 89.101.160.5
TCP: Interfaces\{69483A58-0085-49EC-8312-6BAE553AD016} : DHCPNameServer = 89.101.160.4 89.101.160.5
Handler: ipp - <Clsid value has no data>
Handler: msdaipp - <Clsid value has no data>
Notify: avldr - avldr.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
IFEO: Your Image File Name Here without a path - ntsd -d
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\52tqz8gr.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.boards.ie/?filter=all
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-25 64288]
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2011-7-21 26696]
R0 XPacket;XFilter Packet;c:\windows\system32\xpacket.sys [2004-4-1 44671]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2011-7-21 37448]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2011-7-21 59080]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-21 337872]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2012\PsCtrlS.exe [2011-7-21 173312]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2012\PavFnSvr.exe [2011-7-21 202048]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2011-7-21 163848]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2011-7-21 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2012\pavsrvx86.exe [2011-7-21 314176]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2012\psksvc.exe [2011-7-21 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
FileExt: .vbs: VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
FileExt: .js: JSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
FileExt: .jse: JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
FileExt: .wsf: WSFFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
.
=============== Created Last 30 ================
.
2011-07-21 22:47:03 1060864 ----a-w- c:\windows\system32\MFC71.dll
2011-07-21 22:20:05 -------- d-----w- c:\documents and settings\owner\local settings\application data\Threat Expert
2011-07-21 21:22:07 -------- d-----w- c:\documents and settings\owner\local settings\application data\Panda Security
2011-07-21 21:19:22 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
2011-07-21 21:19:22 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
2011-07-21 21:19:22 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
2011-07-21 21:19:22 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
2011-07-21 21:19:22 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
2011-07-21 21:19:22 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
2011-07-21 21:19:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
2011-07-21 21:19:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
2011-07-21 21:19:16 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
2011-07-21 21:19:16 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys
2011-07-21 21:19:16 -------- d-----w- c:\program files\common files\Panda Security
2011-07-21 21:05:51 -------- d-----w- c:\program files\PC Tools Security
2011-07-21 20:59:59 -------- d-----w- c:\program files\Microsoft Security Client
2011-07-21 20:46:37 -------- d-----w- c:\program files\Enigma Software Group
2011-07-19 19:24:41 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
2011-07-19 19:24:41 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2011-07-19 15:49:30 -------- d-----w- C:\FU_Backup
2011-07-19 15:49:30 -------- d-----w- c:\documents and settings\owner\application data\CheeseSoft
2011-07-19 15:49:21 -------- d-----w- c:\program files\FinalUninstaller
2011-07-19 10:25:17 767952 ----a-w- c:\windows\BDTSupport.dll
2011-07-19 10:25:16 2078672 ----a-w- c:\windows\PCTBDCore.dll
2011-07-19 10:25:16 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-07-19 10:25:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-07-14 18:39:25 -------- d-----w- C:\Expat Shield
2011-07-09 22:06:42 -------- d-----w- c:\documents and settings\owner\local settings\application data\Freemake
2011-07-09 21:39:35 -------- d-----w- c:\documents and settings\owner\application data\AnvSoft
2011-07-09 20:59:03 -------- d-----w- c:\documents and settings\owner\local settings\application data\Wondershare
2011-07-09 20:59:00 -------- d-----w- c:\program files\common files\Wondershare
2011-07-09 20:58:36 496640 ----a-w- c:\windows\system32\xvid.ax
2011-07-09 20:58:35 892928 ----a-w- c:\windows\system32\iconv.dll
2011-07-09 20:58:35 675840 ----a-w- c:\windows\system32\ac3filter.ax
2011-07-09 20:58:31 -------- d-----w- c:\program files\Wondershare
2011-07-09 20:51:06 -------- d-----w- c:\documents and settings\all users\application data\AVS4YOU
2011-07-09 20:51:01 -------- d-----w- c:\documents and settings\owner\application data\AVS4YOU
2011-07-09 20:49:19 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-07-09 20:49:16 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-09 20:49:16 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-07-09 20:49:15 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-07-06 14:30:00 719872 ----a-w- c:\windows\system32\devil.dll
2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2011-07-06 14:30:00 369152 ----a-w- c:\windows\system32\avisynth.dll
2011-07-06 14:30:00 32256 ----a-w- c:\windows\system32\AVSredirect.dll
.
==================== Find3M ====================
.
2011-07-19 14:53:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-09 21:07:05 9200 ------w- c:\windows\system32\drivers\cdralw2k.sys
2011-07-09 21:07:05 9072 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2011-07-09 21:07:05 45200 ------w- c:\windows\system32\drivers\PxHelp20.sys
2011-07-09 21:06:50 59888 ------w- c:\windows\system32\pxwma.dll
2011-06-20 10:39:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-14 23:03:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-06-14 23:03:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 15:51:57 78336 ------w- c:\windows\system32\ieencode.dll
2011-04-25 15:51:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
2011-04-25 12:01:21 389120 ------w- c:\windows\system32\html.iec
.
============= FINISH: 0:41:48.51 ===============
Quote:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-07-14.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 24/01/2011 17:32:56
System Uptime: 22/07/2011 00:16:01 (0 hours ago)
.
Motherboard: Dell Computer Corp. | | 0G1548
Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 59 GiB total, 16.066 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
4300
4300_Help
4300Trb
Abexo Free Registry Cleaner
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
AiO_Scan_CDA
AiOSoftwareNPI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Broadcom 440x 10/100 Integrated Controller
Browser Defender 3.0
CCleaner
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Dell ResourceCD
EnigmaFireWall
Fax_CDA
FLV Player 2.0 (build 25)
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Windows XP (KB976002-v5)
HP PSC & OfficeJet 6.1.A
HP Update
Image Resizer Powertoy for Windows XP
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 97, Professional Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works 7.0
Mozilla Firefox 5.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NewCopy_CDA
Panda Antivirus Pro 2012
Panda Secure Vault 5
ProductContextNPI
QuickTime
Readme
RealNetworks - Microsoft Visual C++ 2005 Runtime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Scan
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows XP (KB923789)
SoundMAX
VideoLAN VLC media player 0.8.6i
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
19/07/2011 16:14:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
19/07/2011 16:13:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
19/07/2011 16:11:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
19/07/2011 16:11:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
17/07/2011 19:42:16, error: Dhcp [1002] - The IP address lease 10.201.48.54 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.203.47.254 (The DHCP Server sent a DHCPNACK message).
17/07/2011 14:38:50, error: Dhcp [1002] - The IP address lease 10.201.24.57 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.55.254 (The DHCP Server sent a DHCPNACK message).
15/07/2011 14:04:35, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000F1F549173. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
.
==== End Of File ===========================
Hermy is offline  
Advertisement
22-07-2011, 07:16   #2
cookie1977
Registered User
 
cookie1977's Avatar
 
Join Date: Jul 2009
Posts: 6,063
Try kaspersky virus removal tool:
http://devbuilds.kaspersky-labs.com/...7_22_09_19.exe

performa a full scan. It might be worth booting into safe mode and running kaspersky then.
cookie1977 is offline  
Thanks from:
22-07-2011, 10:57   #3
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
Thanks for the reply cookie.
Kaspersky wasn't visible in Safe Mode so I ran it in normal mode and it found nothing.
What would you suggest next?
Hermy is offline  
22-07-2011, 12:38   #4
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
Anyone?
I'm really stuck.
Hermy is offline  
22-07-2011, 14:01   #5
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
doesn't look like this is virus related


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files here
ASJ112 is offline  
Advertisement
22-07-2011, 17:21   #6
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
Thanks ASJ - will do.

EDIT: I'd agree that it may not be virus related but clicking a dodgey link on Facebook was what I think started the problem. In trying to repair it I may have deleted something I shouldn't have.
The first thing that I noticed was that AVG wouldn't update.
Also the search function on Windows wouldn't work - I get the message Windows Explorer has detected a [problem and needs to close.
Adaware won't install either - it says Microsoft Visual C++ Runtime 9.0 Service Pack 1 could not be installed. (Adaware was the only program to pick up a fault - a trojan I think)
PC Tools wouldn't install either and that's usually what I use when AVG fails. It displays the following: Runtime error (at -1.0)
I don't really know what any of this means but I hope it might help.

Last edited by Hermy; 22-07-2011 at 17:36.
Hermy is offline  
22-07-2011, 17:28   #7
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
OTL.txt
Quote:
OTL logfile created on: 22/07/2011 17:22:51 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1015.00 Mb Total Physical Memory | 681.42 Mb Available Physical Memory | 67.13% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.65 Gb Total Space | 15.75 Gb Free Space | 26.86% Space Free | Partition Type: NTFS

Computer Name: DEFMITE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/22 17:18:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
PRC - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
PRC - [2011/04/13 16:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2010/10/20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
PRC - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
PRC - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
PRC - [2010/05/28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
PRC - [2010/04/22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [1997/08/01 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (SafeList) ==========

MOD - [2011/07/22 17:18:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/06/21 17:01:46 | 000,520,000 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2007/02/08 10:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe -- (TPSrv)
SRV - [2010/10/20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2011/07/22 10:38:32 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti4ntuy.sys -- (uti4ntuy)
DRV - [2011/05/25 00:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011/02/21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/06/22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 13:50:26 | 000,059,080 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
DRV - [2010/05/06 17:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2004/06/15 23:52:40 | 000,061,157 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2004/04/01 13:07:58 | 000,044,671 | ---- | M] (Enigma Software Group, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
DRV - [2004/03/05 23:15:34 | 000,647,929 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 23:14:42 | 001,233,525 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 23:13:38 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.expatshield.com/g/?c=h
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.boards.ie/?filter=all"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/29 18:27:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/15 00:05:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 20:34:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 17:37:20 | 000,000,000 | ---D | M]

[2011/05/08 20:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/07/02 12:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\extensions
[2011/06/22 17:35:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/05/09 00:39:13 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\boardsie.xml
[2011/07/21 18:11:51 | 000,006,250 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\discogs.xml
[2011/05/30 19:53:23 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\imdb.xml
[2011/07/21 18:11:51 | 000,001,942 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\mycroft-project.xml
[2011/07/21 18:11:51 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\uncyclopedia.xml
[2011/05/09 00:39:50 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\youtube-video-search.xml
[2011/07/19 20:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/26 00:49:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/26 16:23:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/01 22:26:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/06/22 00:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\52TQZ8GR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/06/29 18:27:28 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011/01/26 00:48:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/21 20:34:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/20 23:13:58 | 000,436,064 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15010 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1295893113083 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/24 18:22:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/29 10:47:40 | 000,000,025 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{59e7be8f-27e5-11e0-ada4-000f1f549173}\Shell - "" = AutoRun
O33 - MountPoints2\{59e7be8f-27e5-11e0-ada4-000f1f549173}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/22 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/07/22 13:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/22 12:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2011/07/22 01:28:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/07/22 01:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
[2011/07/22 01:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/07/22 00:53:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/22 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/22 00:53:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/22 00:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/21 23:47:03 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
[2011/07/21 23:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
[2011/07/21 22:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Panda Security
[2011/07/21 22:20:48 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
[2011/07/21 22:20:34 | 000,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl
[2011/07/21 22:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Antivirus Pro 2012
[2011/07/21 22:20:24 | 000,520,000 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll
[2011/07/21 22:20:24 | 000,193,344 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll
[2011/07/21 22:20:24 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL
[2011/07/21 22:20:24 | 000,087,360 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll
[2011/07/21 22:20:24 | 000,055,616 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll
[2011/07/21 22:20:20 | 000,059,080 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\amm8651.sys
[2011/07/21 22:20:20 | 000,055,552 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\WINDOWS\System32\avldr.dll
[2011/07/21 22:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV
[2011/07/21 22:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011/07/21 22:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Panda Security
[2011/07/21 22:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2011/07/21 22:19:16 | 000,163,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys
[2011/07/21 22:19:16 | 000,037,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys
[2011/07/21 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2011/07/21 22:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/07/21 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/07/21 21:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EnigmaFireWall
[2011/07/21 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/07/19 21:58:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/19 20:24:41 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
[2011/07/19 20:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
[2011/07/19 19:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
[2011/07/19 19:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/07/19 16:49:30 | 000,000,000 | ---D | C] -- C:\FU_Backup
[2011/07/19 16:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheeseSoft
[2011/07/19 16:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\FinalUninstaller
[2011/07/19 11:25:16 | 002,078,672 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/07/19 11:25:16 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/07/19 11:25:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/07/14 19:39:25 | 000,000,000 | ---D | C] -- C:\Expat Shield
[2011/07/09 23:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Freemake
[2011/07/09 22:48:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
[2011/07/09 22:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/07/09 22:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2011/07/09 22:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
[2011/07/09 22:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2011/07/09 22:07:12 | 002,087,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/07/09 22:07:12 | 000,678,384 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/07/09 22:07:12 | 000,563,696 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/07/09 22:07:12 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/07/09 22:07:12 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/07/09 22:07:12 | 000,088,560 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/07/09 22:07:12 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/07/09 22:07:12 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/07/09 22:07:12 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/07/09 22:07:12 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2011/07/09 22:07:12 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/07/09 22:07:12 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/07/09 21:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Wondershare
[2011/07/09 21:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
[2011/07/09 21:58:35 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\WINDOWS\System32\iconv.dll
[2011/07/09 21:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2011/07/09 21:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2011/07/09 21:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVS4YOU
[2011/07/09 21:49:19 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxsw32.dll
[2011/07/09 21:49:16 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxhw32.dll
[2011/07/09 21:49:16 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
[2011/07/09 21:49:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
[2011/07/06 15:30:00 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
[2011/07/06 15:30:00 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
[2011/07/06 15:30:00 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2011/07/06 15:30:00 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
[2011/07/04 22:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
[2011/07/04 12:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/30 16:09:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools

========== Files - Modified Within 30 Days ==========

[2011/07/22 16:58:11 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/22 13:17:03 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/07/22 13:07:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-688789844-682003330-1003.job
[2011/07/22 13:07:41 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-688789844-682003330-1003.job
[2011/07/22 13:01:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/22 10:51:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/22 10:51:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-688789844-682003330-1004.job
[2011/07/22 10:51:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/07/22 10:50:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/22 10:38:32 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uti4ntuy.sys
[2011/07/22 10:09:23 | 099,222,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_11.0.0.1245.x01_2011_07_22_09_19.exe
[2011/07/22 10:05:00 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2011/07/22 01:36:23 | 000,008,627 | ---- | M] () -- C:\Documents and Settings\Owner\PAV_FOG.OPC
[2011/07/22 01:03:17 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2011/07/22 00:53:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/22 00:14:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/21 23:49:18 | 000,000,130 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/07/21 23:33:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/07/21 22:20:57 | 000,646,130 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/07/21 22:20:55 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat
[2011/07/21 22:20:50 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Panda Antivirus Pro 2012.lnk
[2011/07/21 22:17:45 | 000,181,469 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/07/21 22:17:33 | 000,164,626 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/07/21 22:11:42 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/07/21 21:47:04 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EnigmaFireWall.lnk
[2011/07/21 20:44:30 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/07/20 23:38:24 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\SYSTEM
[2011/07/20 23:13:58 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110722-132309.backup
[2011/07/20 23:13:58 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110722-132121.backup
[2011/07/20 23:13:58 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/07/20 23:11:55 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110720-231358.backup
[2011/07/19 15:53:09 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/07/19 13:42:01 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110720-231155.backup
[2011/07/18 23:03:27 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/07/16 14:52:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-688789844-682003330-1004.job
[2011/07/15 14:15:55 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110719-134201.backup
[2011/07/13 11:23:23 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/12 20:01:24 | 000,081,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01855 (Small).JPG
[2011/07/12 17:16:38 | 002,713,306 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01855.JPG
[2011/07/11 14:31:40 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011/07/10 14:25:38 | 000,369,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/10 14:25:38 | 000,047,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/09 22:07:05 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2011/07/09 22:07:05 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2011/07/09 22:07:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2011/07/09 22:07:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2011/07/09 22:07:03 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2011/07/09 22:06:59 | 002,087,408 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2011/07/09 22:06:59 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2011/07/09 22:06:57 | 000,563,696 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2011/07/09 22:06:57 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2011/07/09 22:06:54 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2011/07/09 22:06:52 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2011/07/09 22:06:50 | 000,059,888 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/01 18:33:19 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/30 16:56:06 | 000,435,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110715-141555.backup
[2011/06/30 16:48:15 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/06/25 19:13:30 | 000,435,276 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110630-165606.backup
[2011/06/25 19:12:07 | 000,435,122 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110625-191330.backup

========== Files Created - No Company Name ==========

[2011/07/22 13:17:03 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/07/22 10:38:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti4ntuy.sys
[2011/07/22 10:08:04 | 099,222,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_11.0.0.1245.x01_2011_07_22_09_19.exe
[2011/07/22 01:13:07 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Panda Antivirus Pro 2012.lnk
[2011/07/22 01:03:17 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
[2011/07/22 00:53:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/21 23:49:14 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/07/21 23:33:35 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\Owner\PAV_FOG.OPC
[2011/07/21 23:33:31 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2011/07/21 23:33:31 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2011/07/21 22:26:58 | 000,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC
[2011/07/21 22:20:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
[2011/07/21 22:17:45 | 000,181,469 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
[2011/07/21 22:17:33 | 000,164,626 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
[2011/07/21 22:11:42 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2011/07/21 21:47:04 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EnigmaFireWall.lnk
[2011/07/21 20:44:30 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/07/20 23:38:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM
[2011/07/19 11:25:17 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/07/19 11:25:16 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/07/19 11:25:16 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/07/19 11:25:16 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/07/19 11:25:16 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/07/12 20:01:24 | 000,081,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01855 (Small).JPG
[2011/07/12 17:16:38 | 002,713,306 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01855.JPG
[2011/07/09 21:58:36 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
[2011/07/09 21:58:35 | 000,675,840 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax
[2011/07/06 15:30:00 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2011/05/12 14:23:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/05/12 14:17:23 | 000,110,051 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2011/05/12 14:17:22 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2011/04/30 09:56:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/30 09:56:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/02/22 22:20:42 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/25 01:32:38 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2011/01/24 22:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/24 19:36:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2011/01/24 18:33:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/24 18:20:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/24 18:10:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/24 18:09:36 | 000,132,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/07/16 21:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 21:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 21:41:25 | 000,369,812 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 21:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 21:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 21:41:21 | 000,047,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 21:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 21:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 21:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 21:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 21:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1997/08/01 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/08/01 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/08/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
Extras.Txt
Quote:
OTL Extras logfile created on: 22/07/2011 17:22:51 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

1015.00 Mb Total Physical Memory | 681.42 Mb Available Physical Memory | 67.13% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.17% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 58.65 Gb Total Space | 15.75 Gb Free Space | 26.86% Space Free | Partition Type: NTFS

Computer Name: DEFMITE | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe" = C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe:*:Enabled:Panda permanent protection -- (Panda Security, S.L.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4672244E-16F9-43C8-BAEE-DF9B73E4B81E}" = EnigmaFireWall
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
"{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"FLV Player" = FLV Player 2.0 (build 25)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21/07/2011 19:22:23 | Computer Name = DEFMITE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module mscoree.dll, version 4.0.31106.0, fault address 0x00034524.

Error - 21/07/2011 20:08:18 | Computer Name = DEFMITE | Source = MsiInstaller | ID = 1013
Description = Internal MSI error. Installer terminated prematurely.

Error - 21/07/2011 20:15:34 | Computer Name = DEFMITE | Source = Application Error | ID = 1000
Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
module mscoree.dll, version 4.0.31106.0, fault address 0x00034524.

Error - 21/07/2011 20:16:11 | Computer Name = DEFMITE | Source = Application Error | ID = 1001
Description = Fault bucket 1707898838.

Error - 22/07/2011 07:43:19 | Computer Name = DEFMITE | Source = MsiInstaller | ID = 1013
Description = Internal MSI error. Installer terminated prematurely.

Error - 22/07/2011 07:58:39 | Computer Name = DEFMITE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module mscoree.dll, version 4.0.31106.0, fault address 0x00034524.

Error - 22/07/2011 08:00:13 | Computer Name = DEFMITE | Source = JavaQuickStarterService | ID = 1
Description =

Error - 22/07/2011 08:05:29 | Computer Name = DEFMITE | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 22/07/2011 08:05:33 | Computer Name = DEFMITE | Source = Application Hang | ID = 1001
Description = Fault bucket 734037209.

Error - 22/07/2011 12:20:59 | Computer Name = DEFMITE | Source = MsiInstaller | ID = 1013
Description = Internal MSI error. Installer terminated prematurely.

[ System Events ]
Error - 05/07/2011 07:18:50 | Computer Name = DEFMITE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 000F1F549173.

Error - 05/07/2011 17:23:15 | Computer Name = DEFMITE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 000F1F549173.

Error - 05/07/2011 17:55:20 | Computer Name = DEFMITE | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk1\D.

Error - 09/07/2011 11:10:43 | Computer Name = DEFMITE | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.10 on
the Network Card with network address 000F1F549173.

Error - 10/07/2011 09:55:55 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).

Error - 10/07/2011 09:56:06 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).

Error - 10/07/2011 09:58:26 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).

Error - 10/07/2011 09:58:38 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).

Error - 10/07/2011 10:23:44 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).

Error - 10/07/2011 10:23:51 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).


< End of report >
Hermy is offline  
22-07-2011, 17:40   #8
Zapho
Registered User
 
Zapho's Avatar
 
Join Date: Nov 2004
Location: Galway City
Posts: 1,235
Hi Hermy - what symptoms do you have that make you think you have a virus? I don't believe you've mentioned them yet and I didn't take the time to examine your logs in detail yet.

Having all those competing anti-virus scanners can't be helping things either so you might want to disable all but the one you're using (remove them if necessary).

I often recommend AVAST because of its free and can do a boot-up scan (make sure you select the thorough option if its there) which often picks up things that the one within windows doesn't pick up. Microsoft security essentials is also very good.

Finally, I'd recommend giving ComboFix a go. Its a stand-alone (no need for install) malware/spyware remover and has worked for me when others have failed. Its particularly good at getting rid of rogue virus scanners!
Zapho is offline  
22-07-2011, 17:59   #9
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
Quote:
Originally Posted by Hermy View Post
Thanks ASJ - will do.

EDIT: I'd agree that it may not be virus related but clicking a dodgey link on Facebook was what I think started the problem. In trying to repair it I may have deleted something I shouldn't have.
The first thing that I noticed was that AVG wouldn't update.
Also the search function on Windows wouldn't work - I get the message Windows Explorer has detected a [problem and needs to close.
Adaware won't install either - it says Microsoft Visual C++ Runtime 9.0 Service Pack 1 could not be installed. (Adaware was the only program to pick up a fault - a trojan I think)
PC Tools wouldn't install either and that's usually what I use when AVG fails. It displays the following: Runtime error (at -1.0)
I don't really know what any of this means but I hope it might help.
Hi Zapho - I added a bit to my previous post which you may not have noticed with all those logs.
I don't know enough for certain to know if it's a virus or not but something is definitely not working.
The first thing as I've already mentioned was that AVG wouldn't update.
Then there was the problem with the search function.
Now I'vee been having difficulty installing and uninstalling the various programs I've been using to try to fix things.
Spybots has reinstalled successfully. PC Tools won't install or uninstall properly. Ditto Avast.
I'll give Combofix a go and report back.
Hermy is offline  
Advertisement
22-07-2011, 18:17   #10
ASJ112
Banned
 
Join Date: Jan 2010
Posts: 1,155
well the OTL log is clean

sounds like your security programs are causing the problems, can happen
ASJ112 is offline  
22-07-2011, 18:23   #11
InTheTrees
Registered User
 
Join Date: Dec 2009
Posts: 5,527
Assuming you are actually infected...

90% of those anti spyware, anti virus, clean this and clean that, programs are a complete scam.

We've had this happen three or four times at home and the onyl answer is to wipe the drive and reinstall. buy an external drive and get as much as your data off it before you wipe.

Do you still haev the OS disks?
InTheTrees is offline  
22-07-2011, 18:38   #12
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
One thing I was afraid to do was plug in my ext hard drive until I was sure I wasn't going to infect it as well. If ye think I'm in the clear I'll plug it in and transfer what I don't already have copies of and do a re-install.
Might be the handiest way of getting things straight.
What ya think?

@Zapho Panda Antivirus won't let me access the link to Combofix. It says it has catalogued it as a phishing page!

Last edited by Hermy; 22-07-2011 at 18:40.
Hermy is offline  
26-07-2011, 17:26   #13
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
Just looking for any more advice or suggestions before I do a full reinstall.
I've deleted all of the various anti-viral software I had installed and I've done a repair install of the OS on the off chance that that would resolve matters.
The pc is definitely running much smoother than before but the same problems are still there.
When I click on the Search function [in the Start Menu] a window opens telling me it has encountered a problem and needs to close.
Of the various anti-virus programs I've attempted to reinstall only Spybots and Malwarebytes successfully reinstalled.
AVG, Adaware and Microsoft Security Essentials [which I hadn't installed before] all encounter problems when trying to install.

Does anyone know what might be wrong?
Even if the fault still means I have to do a full reinstall it would still be nice to know what went wrong if that can be ascertained.

Thanks again for the advice so far.
Hermy is offline  
27-07-2011, 01:18   #14
hearny
Registered User
 
Join Date: Apr 2010
Location: Waterford
Posts: 887
Try uninstalling all .net versions on the computer (you can put them back on if it sorts the issue)

If you cant uninstall .net download the versions you have on the computer and try to reinstall them.

Make sure you don't have more than 1 antivirus program running if it sorts it.

If that doesnt work make sure the latest version of Windows installer is running. You can get it from here, use the bottom link for XP

http://www.microsoft.com/download/en...s.aspx?id=8483

Have you tested the RAM, Download, burn to a disk and run Memtest.
hearny is offline  
27-07-2011, 16:14   #15
Hermy
Registered User
 
Hermy's Avatar
 
Join Date: Feb 2007
Posts: 4,526
Thanks for the reply hearny.
I'll give both of those a go and let you know what happens.
Hermy is offline  
Post Reply

Quick Reply
Message:
Remove Text Formatting
Bold
Italic
Underline

Insert Image
Wrap [QUOTE] tags around selected text
 
Decrease Size
Increase Size
Please sign up or log in to join the discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search



Share Tweet