Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

I have a virus

  • 21-07-2011 11:52pm
    #1
    Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭


    As the title says I have a virus.
    PC is Dell Dimension 2400
    OS is Windows XP Home SP3
    I ran updates and scans with everything I had: AVG, Adaware, Spybots, EMCO, Malwarebytes and Super-antispyware. Adaware was the only one that found anything and I thought that was problem solved. Not so.
    So I tried installing PC Tools Antivirus as that has resolved issues for me in the past. It just seemed to make matters worse, particularly as it installed Browser Defender Tool without asking and Add/ Remove Programs won't delete it.
    I tried running the steps in the I have a virus thread but not all of the steps worked. I did manage to get the log files which I'll post below.
    In the meantime I read some of the stickies here and the consensus seems to be that Microsoft Security Essentials is the way to go and that AVG isn't what it used to be. So I followed the instructions for installing MSE including deleting all my existing anti-virus software only to find that MSE can't complete it's install. And this is the same for just about everything I've tried since. I get runtime errors or messages saying windows explorer has to close.
    I ran an online scan using Trend which found nothing and I managed to install Panda but again it also found nothing.
    I don't have a clue where I am at this stage and I would really appreciate some help in solving this.
    Here are the log files firstly from yesterday and again from just now:
    DDS (Ver_2011-07-14.01) - NTFS_x86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
    Run by Owner at 22:32:05 on 2011-07-19
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.353.1033.18.1015.345 [GMT 1:00]
    .
    AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
    .
    ============== Running Processes ================
    .
    \??\C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\AVG\AVG10\avgnsx.exe
    C:\Program Files\AVG\AVG10\avgemcx.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\PC Tools Security\BDT\FGuard.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    \??\C:\PROGRA~1\AVG\AVG10\avgrsx.exe
    \??\C:\Program Files\AVG\AVG10\avgcsrvx.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.expatshield.com/g/?c=h
    uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg10\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295893113083
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 89.101.160.4 89.101.160.5
    TCP: Interfaces\{69483A58-0085-49EC-8312-6BAE553AD016} : DHCPNameServer = 89.101.160.4 89.101.160.5
    Handler: ipp - <Clsid value has no data>
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
    Handler: msdaipp - <Clsid value has no data>
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - <orphaned>
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    IFEO: Your Image File Name Here without a path - ntsd -d
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\52tqz8gr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.boards.ie/?filter=all
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-25 64288]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 248656]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 297168]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-1-24 366640]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-1-24 22712]
    S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\pctsd.sys --> c:\windows\system32\drivers\PCTSD.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 2151640]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15232]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
    .
    =============== Created Last 30 ================
    .
    2011-07-19 19:24:41 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2011-07-19 19:24:41
    d
    w- c:\program files\Eusing Free Registry Cleaner
    2011-07-19 15:49:30
    d
    w- C:\FU_Backup
    2011-07-19 15:49:30
    d
    w- c:\documents and settings\owner\application data\CheeseSoft
    2011-07-19 15:49:21
    d
    w- c:\program files\FinalUninstaller
    2011-07-19 10:25:17 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-07-19 10:25:16 2000848 ----a-w- c:\windows\PCTBDCore.dll
    2011-07-19 10:25:16 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2011-07-19 10:25:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-07-14 18:39:25
    d
    w- C:\Expat Shield
    2011-07-09 22:06:42
    d
    w- c:\documents and settings\owner\local settings\application data\Freemake
    2011-07-09 21:41:53
    d
    w- c:\program files\Freemake
    2011-07-09 21:39:35
    d
    w- c:\documents and settings\owner\application data\AnvSoft
    2011-07-09 20:59:03
    d
    w- c:\documents and settings\owner\local settings\application data\Wondershare
    2011-07-09 20:59:00
    d
    w- c:\program files\common files\Wondershare
    2011-07-09 20:58:36 496640 ----a-w- c:\windows\system32\xvid.ax
    2011-07-09 20:58:35 892928 ----a-w- c:\windows\system32\iconv.dll
    2011-07-09 20:58:35 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2011-07-09 20:58:31
    d
    w- c:\program files\Wondershare
    2011-07-09 20:51:06
    d
    w- c:\documents and settings\all users\application data\AVS4YOU
    2011-07-09 20:51:01
    d
    w- c:\documents and settings\owner\application data\AVS4YOU
    2011-07-09 20:49:19 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
    2011-07-09 20:49:16 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2011-07-09 20:49:16 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
    2011-07-09 20:49:15 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2011-07-09 20:48:51
    d
    w- c:\program files\AVS4YOU
    2011-07-09 20:48:41
    d
    w- c:\program files\common files\AVSMedia
    2011-07-06 14:30:00 719872 ----a-w- c:\windows\system32\devil.dll
    2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
    2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
    2011-07-06 14:30:00 369152 ----a-w- c:\windows\system32\avisynth.dll
    2011-07-06 14:30:00 32256 ----a-w- c:\windows\system32\AVSredirect.dll
    2011-07-06 14:30:00
    d
    w- c:\program files\AviSynth 2.5
    2011-07-06 14:24:41
    d
    w- c:\program files\eRightSoft
    2011-06-21 19:34:15 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-06-21 19:34:14 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    .
    ==================== Find3M ====================
    .
    2011-07-19 14:53:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-09 21:07:05 9200
    w- c:\windows\system32\drivers\cdralw2k.sys
    2011-07-09 21:07:05 9072
    w- c:\windows\system32\drivers\cdr4_xp.sys
    2011-07-09 21:07:05 45200
    w- c:\windows\system32\drivers\PxHelp20.sys
    2011-07-09 21:06:50 59888
    w- c:\windows\system32\pxwma.dll
    2011-07-06 18:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-07-06 18:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-20 10:39:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-14 23:03:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-06-14 23:03:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 15:51:57 78336
    w- c:\windows\system32\ieencode.dll
    2011-04-25 15:51:57 1830912
    w- c:\windows\system32\inetcpl.cpl
    2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-04-25 12:01:21 389120
    w- c:\windows\system32\html.iec
    2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
    .
    ============= FINISH: 22:32:24.46 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-07-14.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/01/2011 17:32:56
    System Uptime: 19/07/2011 22:11:52 (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0G1548
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 59 GiB total, 15.638 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP73: 21/04/2011 14:23:58 - System Checkpoint
    RP74: 22/04/2011 14:43:43 - System Checkpoint
    RP75: 23/04/2011 23:42:14 - System Checkpoint
    RP76: 25/04/2011 12:46:55 - System Checkpoint
    RP77: 27/04/2011 19:40:06 - Software Distribution Service 3.0
    RP78: 28/04/2011 20:18:51 - System Checkpoint
    RP79: 30/04/2011 10:21:27 - System Checkpoint
    RP80: 02/05/2011 14:43:56 - System Checkpoint
    RP81: 08/05/2011 15:28:19 - System Checkpoint
    RP82: 09/05/2011 21:48:56 - System Checkpoint
    RP83: 11/05/2011 16:57:43 - Software Distribution Service 3.0
    RP84: 12/05/2011 14:29:13 - Printer Driver HP Officejet 4300 series fax Installed
    RP85: 12/05/2011 15:09:46 - Removed HP Photosmart Essential
    RP86: 13/05/2011 15:56:47 - System Checkpoint
    RP87: 13/05/2011 16:44:52 - Software Distribution Service 3.0
    RP88: 14/05/2011 10:32:12 - Software Distribution Service 3.0
    RP89: 16/05/2011 13:48:49 - System Checkpoint
    RP90: 18/05/2011 18:19:02 - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    4300
    4300_Help
    4300Trb
    Abexo Free Registry Cleaner
    Ad-Aware
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.5
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AVG 2011
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    CCleaner
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    Dell ResourceCD
    Fax_CDA
    FLV Player 2.0 (build 25)
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows XP (KB976002-v5)
    HP PSC & OfficeJet 6.1.A
    HP Update
    Image Resizer Powertoy for Windows XP
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Malware Destroyer
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 7.0
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NewCopy_CDA
    ProductContextNPI
    QuickTime
    Readme
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows XP (KB923789)
    SoundMAX
    Spybot - Search & Destroy
    SpywareBlaster 4.4
    SUPERAntiSpyware Free Edition
    VideoLAN VLC media player 0.8.6i
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    19/07/2011 16:14:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    19/07/2011 16:13:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    19/07/2011 16:11:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    19/07/2011 16:11:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    17/07/2011 19:42:16, error: Dhcp [1002] - The IP address lease 10.201.48.54 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.203.47.254 (The DHCP Server sent a DHCPNACK message).
    17/07/2011 14:38:50, error: Dhcp [1002] - The IP address lease 10.201.24.57 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.55.254 (The DHCP Server sent a DHCPNACK message).
    15/07/2011 14:04:35, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000F1F549173. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    14/07/2011 20:57:53, error: Dhcp [1002] - The IP address lease 10.201.24.32 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.31.254 (The DHCP Server sent a DHCPNACK message).
    14/07/2011 20:07:35, error: Dhcp [1002] - The IP address lease 10.201.48.7 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.31.254 (The DHCP Server sent a DHCPNACK message).
    14/07/2011 20:01:51, error: Dhcp [1002] - The IP address lease 10.204.24.111 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.55.254 (The DHCP Server sent a DHCPNACK message).
    14/07/2011 19:55:17, error: Dhcp [1002] - The IP address lease 10.204.56.47 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.204.31.254 (The DHCP Server sent a DHCPNACK message).
    14/07/2011 19:53:02, error: Dhcp [1002] - The IP address lease 10.204.64.31 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.204.63.254 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================
    DDS (Ver_2011-07-14.01) - NTFS_x86
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_26
    Run by Owner at 0:39:05 on 2011-07-22
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.353.1033.18.1015.460 [GMT 1:00]
    .
    AV: Panda Antivirus Pro 2012 *Enabled/Updated* {EEE2D94A-D4C1-421A-AB2C-2CE8FE51747A}
    .
    ============== Running Processes ================
    .
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
    C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\PC Tools Security\BDT\BDTUpdateService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
    C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\PC Tools Security\BDT\FGuard.exe
    C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k LocalService
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.expatshield.com/g/?c=h
    uURLSearchHooks: PC Tools Browser Guard: {472734EA-242A-422b-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: PC Tools Browser Guard BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    TB: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} - c:\program files\pc tools security\bdt\PCTBrowserDefender.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [PCTools FGuard] c:\program files\pc tools security\bdt\FGuard.exe
    mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2012\APVXDWIN.EXE" /s
    mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2012\Inicio.exe"
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    LSP: c:\windows\system32\ESPFSPI.DLL
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295893113083
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    TCP: NameServer = 89.101.160.4 89.101.160.5
    TCP: Interfaces\{69483A58-0085-49EC-8312-6BAE553AD016} : DHCPNameServer = 89.101.160.4 89.101.160.5
    Handler: ipp - <Clsid value has no data>
    Handler: msdaipp - <Clsid value has no data>
    Notify: avldr - avldr.dll
    Notify: igfxcui - igfxsrvc.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
    mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
    IFEO: Your Image File Name Here without a path - ntsd -d
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\52tqz8gr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.boards.ie/?filter=all
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-1-25 64288]
    R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2011-7-21 26696]
    R0 XPacket;XFilter Packet;c:\windows\system32\xpacket.sys [2004-4-1 44671]
    R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2011-7-21 37448]
    R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [2011-7-21 59080]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\pc tools security\bdt\BDTUpdateService.exe [2011-7-21 337872]
    R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2012\PsCtrlS.exe [2011-7-21 173312]
    R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2012\PavFnSvr.exe [2011-7-21 202048]
    R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2011-7-21 163848]
    R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2011-7-21 62768]
    R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2012\pavsrvx86.exe [2011-7-21 314176]
    R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2012\psksvc.exe [2011-7-21 28992]
    R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
    R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
    R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys --> c:\windows\system32\drivers\ew_hwusbdev.sys [?]
    S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys --> c:\windows\system32\drivers\ewusbnet.sys [?]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-25 136176]
    S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys --> c:\windows\system32\drivers\ew_jubusenum.sys [?]
    .
    =============== File Associations ===============
    .
    FileExt: .vbe: VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
    FileExt: .vbs: VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
    FileExt: .js: JSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
    FileExt: .jse: JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
    FileExt: .wsf: WSFFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
    .
    =============== Created Last 30 ================
    .
    2011-07-21 22:47:03 1060864 ----a-w- c:\windows\system32\MFC71.dll
    2011-07-21 22:20:05
    d
    w- c:\documents and settings\owner\local settings\application data\Threat Expert
    2011-07-21 21:22:07
    d
    w- c:\documents and settings\owner\local settings\application data\Panda Security
    2011-07-21 21:19:22 753664 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iKernel.dll
    2011-07-21 21:19:22 69714 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\ctor.dll
    2011-07-21 21:19:22 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\DotNetInstaller.exe
    2011-07-21 21:19:22 32768 ----a-w- c:\program files\common files\installshield\professional\runtime\Objectps.dll
    2011-07-21 21:19:22 274432 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iscript.dll
    2011-07-21 21:19:22 184320 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iuser.dll
    2011-07-21 21:19:19 331908 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\setup.dll
    2011-07-21 21:19:19 200836 ----a-w- c:\program files\common files\installshield\professional\runtime\11\00\intel32\iGdi.dll
    2011-07-21 21:19:16 37448 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys
    2011-07-21 21:19:16 163848 ----a-w- c:\windows\system32\drivers\PavProc.sys
    2011-07-21 21:19:16
    d
    w- c:\program files\common files\Panda Security
    2011-07-21 21:05:51
    d
    w- c:\program files\PC Tools Security
    2011-07-21 20:59:59
    d
    w- c:\program files\Microsoft Security Client
    2011-07-21 20:46:37
    d
    w- c:\program files\Enigma Software Group
    2011-07-19 19:24:41 32768 ----a-w- c:\windows\system32\drivers\taphss.sys
    2011-07-19 19:24:41
    d
    w- c:\program files\Eusing Free Registry Cleaner
    2011-07-19 15:49:30
    d
    w- C:\FU_Backup
    2011-07-19 15:49:30
    d
    w- c:\documents and settings\owner\application data\CheeseSoft
    2011-07-19 15:49:21
    d
    w- c:\program files\FinalUninstaller
    2011-07-19 10:25:17 767952 ----a-w- c:\windows\BDTSupport.dll
    2011-07-19 10:25:16 2078672 ----a-w- c:\windows\PCTBDCore.dll
    2011-07-19 10:25:16 1533904 ----a-w- c:\windows\PCTBDRes.dll
    2011-07-19 10:25:16 149456 ----a-w- c:\windows\SGDetectionTool.dll
    2011-07-14 18:39:25
    d
    w- C:\Expat Shield
    2011-07-09 22:06:42
    d
    w- c:\documents and settings\owner\local settings\application data\Freemake
    2011-07-09 21:39:35
    d
    w- c:\documents and settings\owner\application data\AnvSoft
    2011-07-09 20:59:03
    d
    w- c:\documents and settings\owner\local settings\application data\Wondershare
    2011-07-09 20:59:00
    d
    w- c:\program files\common files\Wondershare
    2011-07-09 20:58:36 496640 ----a-w- c:\windows\system32\xvid.ax
    2011-07-09 20:58:35 892928 ----a-w- c:\windows\system32\iconv.dll
    2011-07-09 20:58:35 675840 ----a-w- c:\windows\system32\ac3filter.ax
    2011-07-09 20:58:31
    d
    w- c:\program files\Wondershare
    2011-07-09 20:51:06
    d
    w- c:\documents and settings\all users\application data\AVS4YOU
    2011-07-09 20:51:01
    d
    w- c:\documents and settings\owner\application data\AVS4YOU
    2011-07-09 20:49:19 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
    2011-07-09 20:49:16 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
    2011-07-09 20:49:16 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
    2011-07-09 20:49:15 24576 ----a-w- c:\windows\system32\msxml3a.dll
    2011-07-06 14:30:00 719872 ----a-w- c:\windows\system32\devil.dll
    2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
    2011-07-06 14:30:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
    2011-07-06 14:30:00 369152 ----a-w- c:\windows\system32\avisynth.dll
    2011-07-06 14:30:00 32256 ----a-w- c:\windows\system32\AVSredirect.dll
    .
    ==================== Find3M ====================
    .
    2011-07-19 14:53:09 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
    2011-07-09 21:07:05 9200
    w- c:\windows\system32\drivers\cdralw2k.sys
    2011-07-09 21:07:05 9072
    w- c:\windows\system32\drivers\cdr4_xp.sys
    2011-07-09 21:07:05 45200
    w- c:\windows\system32\drivers\PxHelp20.sys
    2011-07-09 21:06:50 59888
    w- c:\windows\system32\pxwma.dll
    2011-06-20 10:39:59 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-06-14 23:03:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2011-06-14 23:03:31 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
    2011-05-04 03:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-05-04 01:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
    2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-04-26 11:07:50 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2011-04-26 11:07:50 293376 ----a-w- c:\windows\system32\winsrv.dll
    2011-04-25 15:51:58 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-04-25 15:51:57 78336
    w- c:\windows\system32\ieencode.dll
    2011-04-25 15:51:57 1830912
    w- c:\windows\system32\inetcpl.cpl
    2011-04-25 15:51:57 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-04-25 12:01:21 389120
    w- c:\windows\system32\html.iec
    .
    ============= FINISH: 0:41:48.51 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-07-14.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 24/01/2011 17:32:56
    System Uptime: 22/07/2011 00:16:01 (0 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0G1548
    Processor: Intel(R) Pentium(R) 4 CPU 2.80GHz | Microprocessor | 2790/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 59 GiB total, 16.066 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    4300
    4300_Help
    4300Trb
    Abexo Free Registry Cleaner
    Ad-Aware
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.5
    Adobe Shockwave Player 11.5
    AiO_Scan_CDA
    AiOSoftwareNPI
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Bonjour
    Broadcom 440x 10/100 Integrated Controller
    Browser Defender 3.0
    CCleaner
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    Dell ResourceCD
    EnigmaFireWall
    Fax_CDA
    FLV Player 2.0 (build 25)
    Google Earth Plug-in
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Windows XP (KB976002-v5)
    HP PSC & OfficeJet 6.1.A
    HP Update
    Image Resizer Powertoy for Windows XP
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics Driver
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 26
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 97, Professional Edition
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works 7.0
    Mozilla Firefox 5.0 (x86 en-US)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NewCopy_CDA
    Panda Antivirus Pro 2012
    Panda Secure Vault 5
    ProductContextNPI
    QuickTime
    Readme
    RealNetworks - Microsoft Visual C++ 2005 Runtime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    RealUpgrade 1.1
    Scan
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB2497640)
    Security Update for Windows Internet Explorer 7 (KB2530548)
    Security Update for Windows Internet Explorer 7 (KB2544521)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows XP (KB923789)
    SoundMAX
    VideoLAN VLC media player 0.8.6i
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    .
    ==== Event Viewer Messages From Past Week ========
    .
    19/07/2011 16:14:02, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    19/07/2011 16:13:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    19/07/2011 16:11:53, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    19/07/2011 16:11:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    17/07/2011 19:42:16, error: Dhcp [1002] - The IP address lease 10.201.48.54 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.203.47.254 (The DHCP Server sent a DHCPNACK message).
    17/07/2011 14:38:50, error: Dhcp [1002] - The IP address lease 10.201.24.57 for the Network Card with network address 00FF41CC1CE8 has been denied by the DHCP server 10.201.55.254 (The DHCP Server sent a DHCPNACK message).
    15/07/2011 14:04:35, error: Dhcp [1001] - Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 000F1F549173. The following error occurred: The operation was canceled by the user. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.
    .
    ==== End Of File ===========================

    Genealogy Forum Mod



Comments

  • Registered Users Posts: 6,794 ✭✭✭cookie1977


    Try kaspersky virus removal tool:
    http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/avptool11/setup_11.0.0.1245.x01_2011_07_22_09_19.exe

    performa a full scan. It might be worth booting into safe mode and running kaspersky then.


  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    Thanks for the reply cookie.
    Kaspersky wasn't visible in Safe Mode so I ran it in normal mode and it found nothing.
    What would you suggest next?

    Genealogy Forum Mod



  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    Anyone?
    I'm really stuck.:(

    Genealogy Forum Mod



  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    doesn't look like this is virus related


    Download OTL to your Desktop
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Quick Scan button. Do not change any settings. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files here


  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    Thanks ASJ - will do.

    EDIT: I'd agree that it may not be virus related but clicking a dodgey link on Facebook was what I think started the problem. In trying to repair it I may have deleted something I shouldn't have.
    The first thing that I noticed was that AVG wouldn't update.
    Also the search function on Windows wouldn't work - I get the message Windows Explorer has detected a [problem and needs to close.
    Adaware won't install either - it says Microsoft Visual C++ Runtime 9.0 Service Pack 1 could not be installed. (Adaware was the only program to pick up a fault - a trojan I think)
    PC Tools wouldn't install either and that's usually what I use when AVG fails. It displays the following: Runtime error (at -1.0)
    I don't really know what any of this means but I hope it might help.

    Genealogy Forum Mod



  • Advertisement
  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    OTL.txt
    OTL logfile created on: 22/07/2011 17:22:51 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1015.00 Mb Total Physical Memory | 681.42 Mb Available Physical Memory | 67.13% Memory free
    2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.17% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 58.65 Gb Total Space | 15.75 Gb Free Space | 26.86% Space Free | Partition Type: NTFS

    Computer Name: DEFMITE | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/07/22 17:18:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
    PRC - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
    PRC - [2011/04/13 16:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
    PRC - [2010/10/20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
    PRC - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
    PRC - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
    PRC - [2010/05/28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
    PRC - [2010/04/22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
    PRC - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
    PRC - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
    PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
    PRC - [1997/08/01 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


    ========== Modules (SafeList) ==========

    MOD - [2011/07/22 17:18:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\My Documents\Downloads\OTL.exe
    MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
    MOD - [2010/06/21 17:01:46 | 000,520,000 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\PavSHook.dll
    MOD - [2007/02/08 10:53:40 | 000,107,568 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- -- (HidServ)
    SRV - File not found [Auto | Stopped] -- -- (aswUpdSv)
    SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
    SRV - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe -- (TPSrv)
    SRV - [2010/10/20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
    SRV - [2010/08/16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
    SRV - [2010/06/04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
    SRV - [2009/08/10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
    SRV - [2008/06/19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
    SRV - [2008/02/04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
    SRV - [2007/08/09 08:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
    DRV - File not found [Kernel | On_Demand | Running] -- -- (PavSRK.sys)
    DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
    DRV - [2011/07/22 10:38:32 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\uti4ntuy.sys -- (uti4ntuy)
    DRV - [2011/05/25 00:40:10 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
    DRV - [2011/02/21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ShlDrv51.sys -- (ShldDrv)
    DRV - [2010/08/12 13:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - [2010/06/22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\Drivers\pavboot.sys -- (pavboot)
    DRV - [2010/05/21 13:50:26 | 000,059,080 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\amm8651.sys -- (AmFSM)
    DRV - [2010/05/06 17:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
    DRV - [2004/06/15 23:52:40 | 000,061,157 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
    DRV - [2004/04/01 13:07:58 | 000,044,671 | ---- | M] (Enigma Software Group, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\xpacket.sys -- (XPacket)
    DRV - [2004/03/05 23:15:34 | 000,647,929 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
    DRV - [2004/03/05 23:14:42 | 001,233,525 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
    DRV - [2004/03/05 23:13:38 | 000,037,048 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
    DRV - [2003/06/30 19:11:52 | 000,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2001/08/22 09:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.expatshield.com/g/?c=h
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.boards.ie/?filter=all&quot;

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/06/29 18:27:28 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/15 00:05:03 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/21 20:34:17 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/17 17:37:20 | 000,000,000 | ---D | M]

    [2011/05/08 20:55:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
    [2011/07/02 12:12:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\extensions
    [2011/06/22 17:35:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2011/05/09 00:39:13 | 000,001,986 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\boardsie.xml
    [2011/07/21 18:11:51 | 000,006,250 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\discogs.xml
    [2011/05/30 19:53:23 | 000,012,703 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\imdb.xml
    [2011/07/21 18:11:51 | 000,001,942 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\mycroft-project.xml
    [2011/07/21 18:11:51 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\uncyclopedia.xml
    [2011/05/09 00:39:50 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\52tqz8gr.default\searchplugins\youtube-video-search.xml
    [2011/07/19 20:27:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/26 00:49:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/01/26 16:23:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/01 22:26:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/06/22 00:06:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    File not found (No name found) --
    () (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\52TQZ8GR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    [2011/06/29 18:27:28 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
    [2011/01/26 00:48:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/06/21 20:34:14 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2010/01/01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/07/20 23:13:58 | 000,436,064 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 15010 more lines...
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
    O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\ESPFSPI.DLL (Enigma Software )
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1295893113083 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 89.101.160.4 89.101.160.5
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/01/24 18:22:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2003/08/29 10:47:40 | 000,000,025 | ---- | M] () - C:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{59e7be8f-27e5-11e0-ada4-000f1f549173}\Shell - "" = AutoRun
    O33 - MountPoints2\{59e7be8f-27e5-11e0-ada4-000f1f549173}\Shell\AutoRun - "" = Auto&Play
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/07/22 13:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
    [2011/07/22 13:16:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/07/22 12:46:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    [2011/07/22 01:28:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
    [2011/07/22 01:03:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Revo Uninstaller
    [2011/07/22 01:03:15 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
    [2011/07/22 00:53:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/22 00:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/07/22 00:53:06 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/07/22 00:53:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/07/21 23:47:03 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MFC71.dll
    [2011/07/21 23:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Threat Expert
    [2011/07/21 22:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Panda Security
    [2011/07/21 22:20:48 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys
    [2011/07/21 22:20:34 | 000,054,832 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\pavcpl.cpl
    [2011/07/21 22:20:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Antivirus Pro 2012
    [2011/07/21 22:20:24 | 000,520,000 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavSHook.dll
    [2011/07/21 22:20:24 | 000,193,344 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\TpUtil.dll
    [2011/07/21 22:20:24 | 000,107,568 | ---- | C] (Panda Software) -- C:\WINDOWS\System32\SYSTOOLS.DLL
    [2011/07/21 22:20:24 | 000,087,360 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\PavLspHook.dll
    [2011/07/21 22:20:24 | 000,055,616 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\pavipc.dll
    [2011/07/21 22:20:20 | 000,059,080 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\amm8651.sys
    [2011/07/21 22:20:20 | 000,055,552 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\WINDOWS\System32\avldr.dll
    [2011/07/21 22:20:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PAV
    [2011/07/21 22:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
    [2011/07/21 22:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Panda Security
    [2011/07/21 22:20:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    [2011/07/21 22:19:16 | 000,163,848 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PavProc.sys
    [2011/07/21 22:19:16 | 000,037,448 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\ShlDrv51.sys
    [2011/07/21 22:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
    [2011/07/21 22:05:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/07/21 21:59:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2011/07/21 21:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EnigmaFireWall
    [2011/07/21 21:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2011/07/19 21:58:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/07/19 20:24:41 | 000,032,768 | ---- | C] (AnchorFree Inc) -- C:\WINDOWS\System32\drivers\taphss.sys
    [2011/07/19 20:24:41 | 000,000,000 | ---D | C] -- C:\Program Files\Eusing Free Registry Cleaner
    [2011/07/19 19:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\WinRAR
    [2011/07/19 19:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
    [2011/07/19 16:49:30 | 000,000,000 | ---D | C] -- C:\FU_Backup
    [2011/07/19 16:49:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\CheeseSoft
    [2011/07/19 16:49:21 | 000,000,000 | ---D | C] -- C:\Program Files\FinalUninstaller
    [2011/07/19 11:25:16 | 002,078,672 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
    [2011/07/19 11:25:16 | 001,533,904 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
    [2011/07/19 11:25:16 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
    [2011/07/14 19:39:25 | 000,000,000 | ---D | C] -- C:\Expat Shield
    [2011/07/09 23:06:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Freemake
    [2011/07/09 22:48:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\assembly
    [2011/07/09 22:46:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2011/07/09 22:46:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
    [2011/07/09 22:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AnvSoft
    [2011/07/09 22:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    [2011/07/09 22:07:12 | 002,087,408 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
    [2011/07/09 22:07:12 | 000,678,384 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
    [2011/07/09 22:07:12 | 000,563,696 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
    [2011/07/09 22:07:12 | 000,440,816 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
    [2011/07/09 22:07:12 | 000,219,632 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
    [2011/07/09 22:07:12 | 000,088,560 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
    [2011/07/09 22:07:12 | 000,072,176 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
    [2011/07/09 22:07:12 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
    [2011/07/09 22:07:12 | 000,068,080 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
    [2011/07/09 22:07:12 | 000,059,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
    [2011/07/09 22:07:12 | 000,009,200 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
    [2011/07/09 22:07:12 | 000,009,072 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
    [2011/07/09 21:59:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Wondershare
    [2011/07/09 21:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wondershare
    [2011/07/09 21:58:35 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\WINDOWS\System32\iconv.dll
    [2011/07/09 21:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Wondershare
    [2011/07/09 21:51:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
    [2011/07/09 21:51:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVS4YOU
    [2011/07/09 21:49:19 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxsw32.dll
    [2011/07/09 21:49:16 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\libmfxhw32.dll
    [2011/07/09 21:49:16 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\GdiPlus.dll
    [2011/07/09 21:49:15 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msxml3a.dll
    [2011/07/06 15:30:00 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\WINDOWS\System32\devil.dll
    [2011/07/06 15:30:00 | 000,369,152 | ---- | C] (The Public) -- C:\WINDOWS\System32\avisynth.dll
    [2011/07/06 15:30:00 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
    [2011/07/06 15:30:00 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\i420vfw.dll
    [2011/07/04 22:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\vlc
    [2011/07/04 12:24:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
    [2011/06/30 16:09:41 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools

    ========== Files - Modified Within 30 Days ==========

    [2011/07/22 16:58:11 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2011/07/22 13:17:03 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
    [2011/07/22 13:07:42 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-688789844-682003330-1003.job
    [2011/07/22 13:07:41 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-688789844-682003330-1003.job
    [2011/07/22 13:01:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/07/22 10:51:21 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2011/07/22 10:51:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1659004503-688789844-682003330-1004.job
    [2011/07/22 10:51:13 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
    [2011/07/22 10:50:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/07/22 10:38:32 | 000,007,168 | ---- | M] () -- C:\WINDOWS\System32\drivers\uti4ntuy.sys
    [2011/07/22 10:09:23 | 099,222,768 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\setup_11.0.0.1245.x01_2011_07_22_09_19.exe
    [2011/07/22 10:05:00 | 000,008,627 | ---- | M] () -- C:\WINDOWS\System32\PAV_FOG.OPC
    [2011/07/22 01:36:23 | 000,008,627 | ---- | M] () -- C:\Documents and Settings\Owner\PAV_FOG.OPC
    [2011/07/22 01:03:17 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
    [2011/07/22 00:53:21 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/22 00:14:33 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2011/07/21 23:49:18 | 000,000,130 | ---- | M] () -- C:\WINDOWS\ODBC.INI
    [2011/07/21 23:33:31 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
    [2011/07/21 22:20:57 | 000,646,130 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
    [2011/07/21 22:20:55 | 000,000,250 | ---- | M] () -- C:\WINDOWS\System32\PavCPL.dat
    [2011/07/21 22:20:50 | 000,001,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Panda Antivirus Pro 2012.lnk
    [2011/07/21 22:17:45 | 000,181,469 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
    [2011/07/21 22:17:33 | 000,164,626 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
    [2011/07/21 22:11:42 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2011/07/21 21:47:04 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EnigmaFireWall.lnk
    [2011/07/21 20:44:30 | 000,002,052 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
    [2011/07/20 23:38:24 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\SYSTEM
    [2011/07/20 23:13:58 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110722-132309.backup
    [2011/07/20 23:13:58 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110722-132121.backup
    [2011/07/20 23:13:58 | 000,436,064 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/07/20 23:11:55 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110720-231358.backup
    [2011/07/19 15:53:09 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
    [2011/07/19 13:42:01 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110720-231155.backup
    [2011/07/18 23:03:27 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2011/07/16 14:52:00 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1659004503-688789844-682003330-1004.job
    [2011/07/15 14:15:55 | 000,435,650 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110719-134201.backup
    [2011/07/13 11:23:23 | 000,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2011/07/12 20:01:24 | 000,081,656 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01855 (Small).JPG
    [2011/07/12 17:16:38 | 002,713,306 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\DSC01855.JPG
    [2011/07/11 14:31:40 | 000,000,010 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
    [2011/07/10 14:25:38 | 000,369,812 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2011/07/10 14:25:38 | 000,047,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2011/07/09 22:07:05 | 000,009,200 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
    [2011/07/09 22:07:05 | 000,009,072 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
    [2011/07/09 22:07:04 | 000,072,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
    [2011/07/09 22:07:04 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
    [2011/07/09 22:07:03 | 000,068,080 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
    [2011/07/09 22:06:59 | 002,087,408 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
    [2011/07/09 22:06:59 | 000,678,384 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
    [2011/07/09 22:06:57 | 000,563,696 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
    [2011/07/09 22:06:57 | 000,440,816 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
    [2011/07/09 22:06:54 | 000,219,632 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
    [2011/07/09 22:06:52 | 000,088,560 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
    [2011/07/09 22:06:50 | 000,059,888 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\pxwma.dll
    [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/07/01 18:33:19 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/06/30 16:56:06 | 000,435,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110715-141555.backup
    [2011/06/30 16:48:15 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/06/25 19:13:30 | 000,435,276 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110630-165606.backup
    [2011/06/25 19:12:07 | 000,435,122 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20110625-191330.backup

    ========== Files Created - No Company Name ==========

    [2011/07/22 13:17:03 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
    [2011/07/22 10:38:26 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\uti4ntuy.sys
    [2011/07/22 10:08:04 | 099,222,768 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\setup_11.0.0.1245.x01_2011_07_22_09_19.exe
    [2011/07/22 01:13:07 | 000,001,864 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Panda Antivirus Pro 2012.lnk
    [2011/07/22 01:03:17 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Revo Uninstaller.lnk
    [2011/07/22 00:53:21 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/07/21 23:49:14 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2011/07/21 23:33:35 | 000,008,627 | ---- | C] () -- C:\Documents and Settings\Owner\PAV_FOG.OPC
    [2011/07/21 23:33:31 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
    [2011/07/21 23:33:31 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
    [2011/07/21 22:26:58 | 000,008,627 | ---- | C] () -- C:\WINDOWS\System32\PAV_FOG.OPC
    [2011/07/21 22:20:55 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\PavCPL.dat
    [2011/07/21 22:17:45 | 000,181,469 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\census.cache
    [2011/07/21 22:17:33 | 000,164,626 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\ars.cache
    [2011/07/21 22:11:42 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
    [2011/07/21 21:47:04 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EnigmaFireWall.lnk
    [2011/07/21 20:44:30 | 000,002,052 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
    [2011/07/20 23:38:24 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM
    [2011/07/19 11:25:17 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
    [2011/07/19 11:25:16 | 000,002,125 | ---- | C] () -- C:\WINDOWS\UDB.zip
    [2011/07/19 11:25:16 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
    [2011/07/19 11:25:16 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
    [2011/07/19 11:25:16 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
    [2011/07/12 20:01:24 | 000,081,656 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01855 (Small).JPG
    [2011/07/12 17:16:38 | 002,713,306 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\DSC01855.JPG
    [2011/07/09 21:58:36 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\xvid.ax
    [2011/07/09 21:58:35 | 000,675,840 | ---- | C] () -- C:\WINDOWS\System32\ac3filter.ax
    [2011/07/06 15:30:00 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
    [2011/05/12 14:23:28 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
    [2011/05/12 14:17:23 | 000,110,051 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
    [2011/05/12 14:17:22 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
    [2011/04/30 09:56:16 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
    [2011/04/30 09:56:16 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
    [2011/02/22 22:20:42 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/01/25 01:32:38 | 000,000,010 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
    [2011/01/24 22:13:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2011/01/24 19:36:04 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2011/01/24 18:33:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2011/01/24 18:20:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2011/01/24 18:10:33 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2011/01/24 18:09:36 | 000,132,480 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/07/16 21:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2003/07/16 21:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2003/07/16 21:41:25 | 000,369,812 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/07/16 21:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2003/07/16 21:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2003/07/16 21:41:21 | 000,047,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/07/16 21:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/07/16 21:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2003/07/16 21:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2003/07/16 21:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2003/07/16 21:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
    [1997/08/01 00:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
    [1997/08/01 00:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
    [1997/08/01 00:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
    [1997/08/01 00:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

    < End of report >
    Extras.Txt
    OTL Extras logfile created on: 22/07/2011 17:22:51 - Run 1
    OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Owner\My Documents\Downloads
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00001809 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

    1015.00 Mb Total Physical Memory | 681.42 Mb Available Physical Memory | 67.13% Memory free
    2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.17% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 58.65 Gb Total Space | 15.75 Gb Free Space | 26.86% Space Free | Partition Type: NTFS

    Computer Name: DEFMITE | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .js [@ = JSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
    .jse [@ = JSEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
    .vbe [@ = VBEFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
    .vbs [@ = VBSFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsf [@ = WSFFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
    .wsh [@ = WSHFile] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
    "DisableMonitoring" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
    "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe" = C:\Program Files\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe:*:Enabled:Panda permanent protection -- (Panda Security, S.L.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{4672244E-16F9-43C8-BAEE-DF9B73E4B81E}" = EnigmaFireWall
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
    "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{61B1A9C8-B2AD-4F54-B916-388FFD07BDE7}" = 4300
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
    "{A744C7C3-76F5-42F5-9E15-497A3DFBC709}" = 4300Trb
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
    "{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
    "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
    "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
    "{E769999E-D0D9-4D51-AEFE-1BD44289E550}" = 4300_Help
    "{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "CCleaner" = CCleaner
    "FLV Player" = FLV Player 2.0 (build 25)
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
    "Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Office8.0" = Microsoft Office 97, Professional Edition
    "RealPlayer 12.0" = RealPlayer
    "Revo Uninstaller" = Revo Uninstaller 1.92
    "VLC media player" = VideoLAN VLC media player 0.8.6i
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 21/07/2011 19:22:23 | Computer Name = DEFMITE | Source = Application Error | ID = 1000
    Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
    module mscoree.dll, version 4.0.31106.0, fault address 0x00034524.

    Error - 21/07/2011 20:08:18 | Computer Name = DEFMITE | Source = MsiInstaller | ID = 1013
    Description = Internal MSI error. Installer terminated prematurely.

    Error - 21/07/2011 20:15:34 | Computer Name = DEFMITE | Source = Application Error | ID = 1000
    Description = Faulting application msiexec.exe, version 3.1.4001.5512, faulting
    module mscoree.dll, version 4.0.31106.0, fault address 0x00034524.

    Error - 21/07/2011 20:16:11 | Computer Name = DEFMITE | Source = Application Error | ID = 1001
    Description = Fault bucket 1707898838.

    Error - 22/07/2011 07:43:19 | Computer Name = DEFMITE | Source = MsiInstaller | ID = 1013
    Description = Internal MSI error. Installer terminated prematurely.

    Error - 22/07/2011 07:58:39 | Computer Name = DEFMITE | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
    module mscoree.dll, version 4.0.31106.0, fault address 0x00034524.

    Error - 22/07/2011 08:00:13 | Computer Name = DEFMITE | Source = JavaQuickStarterService | ID = 1
    Description =

    Error - 22/07/2011 08:05:29 | Computer Name = DEFMITE | Source = Application Hang | ID = 1002
    Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 22/07/2011 08:05:33 | Computer Name = DEFMITE | Source = Application Hang | ID = 1001
    Description = Fault bucket 734037209.

    Error - 22/07/2011 12:20:59 | Computer Name = DEFMITE | Source = MsiInstaller | ID = 1013
    Description = Internal MSI error. Installer terminated prematurely.

    [ System Events ]
    Error - 05/07/2011 07:18:50 | Computer Name = DEFMITE | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.10 on
    the Network Card with network address 000F1F549173.

    Error - 05/07/2011 17:23:15 | Computer Name = DEFMITE | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.10 on
    the Network Card with network address 000F1F549173.

    Error - 05/07/2011 17:55:20 | Computer Name = DEFMITE | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\D.

    Error - 09/07/2011 11:10:43 | Computer Name = DEFMITE | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.10 on
    the Network Card with network address 000F1F549173.

    Error - 10/07/2011 09:55:55 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
    XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).

    Error - 10/07/2011 09:56:06 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
    XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).

    Error - 10/07/2011 09:58:26 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
    XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).

    Error - 10/07/2011 09:58:38 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
    XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).

    Error - 10/07/2011 10:23:44 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
    XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2446708).

    Error - 10/07/2011 10:23:51 | Computer Name = DEFMITE | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Security Update for Microsoft .NET Framework 4 on Windows
    XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008 x86 (KB2478663).


    < End of report >

    Genealogy Forum Mod



  • Registered Users Posts: 1,268 ✭✭✭Zapho


    Hi Hermy - what symptoms do you have that make you think you have a virus? I don't believe you've mentioned them yet and I didn't take the time to examine your logs in detail yet.

    Having all those competing anti-virus scanners can't be helping things either so you might want to disable all but the one you're using (remove them if necessary).

    I often recommend AVAST because of its free and can do a boot-up scan (make sure you select the thorough option if its there) which often picks up things that the one within windows doesn't pick up. Microsoft security essentials is also very good.

    Finally, I'd recommend giving ComboFix a go. Its a stand-alone (no need for install) malware/spyware remover and has worked for me when others have failed. Its particularly good at getting rid of rogue virus scanners!


  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    Hermy wrote: »
    Thanks ASJ - will do.

    EDIT: I'd agree that it may not be virus related but clicking a dodgey link on Facebook was what I think started the problem. In trying to repair it I may have deleted something I shouldn't have.
    The first thing that I noticed was that AVG wouldn't update.
    Also the search function on Windows wouldn't work - I get the message Windows Explorer has detected a [problem and needs to close.
    Adaware won't install either - it says Microsoft Visual C++ Runtime 9.0 Service Pack 1 could not be installed. (Adaware was the only program to pick up a fault - a trojan I think)
    PC Tools wouldn't install either and that's usually what I use when AVG fails. It displays the following: Runtime error (at -1.0)
    I don't really know what any of this means but I hope it might help.

    Hi Zapho - I added a bit to my previous post which you may not have noticed with all those logs.:o
    I don't know enough for certain to know if it's a virus or not but something is definitely not working.
    The first thing as I've already mentioned was that AVG wouldn't update.
    Then there was the problem with the search function.
    Now I'vee been having difficulty installing and uninstalling the various programs I've been using to try to fix things.
    Spybots has reinstalled successfully. PC Tools won't install or uninstall properly. Ditto Avast.
    I'll give Combofix a go and report back.

    Genealogy Forum Mod



  • Site Banned Posts: 1,167 ✭✭✭ASJ112


    well the OTL log is clean

    sounds like your security programs are causing the problems, can happen


  • Registered Users Posts: 9,900 ✭✭✭InTheTrees


    Assuming you are actually infected...

    90% of those anti spyware, anti virus, clean this and clean that, programs are a complete scam.

    We've had this happen three or four times at home and the onyl answer is to wipe the drive and reinstall. buy an external drive and get as much as your data off it before you wipe.

    Do you still haev the OS disks?


  • Advertisement
  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    One thing I was afraid to do was plug in my ext hard drive until I was sure I wasn't going to infect it as well. If ye think I'm in the clear I'll plug it in and transfer what I don't already have copies of and do a re-install.
    Might be the handiest way of getting things straight.
    What ya think?

    @Zapho Panda Antivirus won't let me access the link to Combofix. It says it has catalogued it as a phishing page!

    Genealogy Forum Mod



  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    Just looking for any more advice or suggestions before I do a full reinstall.
    I've deleted all of the various anti-viral software I had installed and I've done a repair install of the OS on the off chance that that would resolve matters.
    The pc is definitely running much smoother than before but the same problems are still there.
    When I click on the Search function [in the Start Menu] a window opens telling me it has encountered a problem and needs to close.
    Of the various anti-virus programs I've attempted to reinstall only Spybots and Malwarebytes successfully reinstalled.
    AVG, Adaware and Microsoft Security Essentials [which I hadn't installed before] all encounter problems when trying to install.

    Does anyone know what might be wrong?
    Even if the fault still means I have to do a full reinstall it would still be nice to know what went wrong if that can be ascertained.

    Thanks again for the advice so far.

    Genealogy Forum Mod



  • Registered Users Posts: 953 ✭✭✭hearny


    Try uninstalling all .net versions on the computer (you can put them back on if it sorts the issue)

    If you cant uninstall .net download the versions you have on the computer and try to reinstall them.

    Make sure you don't have more than 1 antivirus program running if it sorts it.

    If that doesnt work make sure the latest version of Windows installer is running. You can get it from here, use the bottom link for XP

    http://www.microsoft.com/download/en/details.aspx?id=8483

    Have you tested the RAM, Download, burn to a disk and run Memtest.


  • Moderators, Society & Culture Moderators Posts: 11,291 Mod ✭✭✭✭Hermy


    Thanks for the reply hearny.
    I'll give both of those a go and let you know what happens.

    Genealogy Forum Mod



Advertisement