Jump to content

Infected with Keylogger?? Help!


Recommended Posts

Alright so, i got mixed up with this scam artist on the internet, and i remember downloading something stupid from him but im not sure if i disinfected it or not. I DO NOT KNOW IF I HAVE A KEYLOGGER SO DO NOT ASK. And i know that if something did install it would definetly be a keylogger. But like i said im not even sure if i did get any virus at all. I was wondering since ive read on hacking forums how hackers will encrpyt their keyloggers to make it slide pass antiviruses. So i was wondering if a keylogger was encrypted would malware bytes or spyware doctor detect it? I have professional version of both. Thanks im on right now so ill reply to anything quickly!

This is my HiJackThis Log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 2:33:27 PM, on 8/17/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Support.com\bin\tgcmd.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\SnoopFreeUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\DISC\DiscGui.exe

C:\Documents and Settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Program Files\Sierra\Planner\Plnrnote.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\PowerMenu\PowerMenu.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe

C:\WINDOWS\System32\SnoopFreeSvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\ehome\mcrdsvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE

C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Spyware Doctor\pctsAuxs.exe

C:\Program Files\Spyware Doctor\pctsSvc.exe

C:\Program Files\Spyware Doctor\pctsTray.exe

C:\Program Files\Flock\flock.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 169.235.24.133:80

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: RUPK - {604B283A-4E26-4504-98E7-72859F949547} - (no file)

O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare\BearShareIEHelper.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll

O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [DISCover] C:\Program Files\DISC\DISCover.exe

O4 - HKLM\..\Run: [DiscUpdateManager] C:\Program Files\DISC\DiscUpdateMgr.exe

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [iPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [snoopFreeUI] SnoopFreeUI.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKCU\..\Run: [sansaDispatch] C:\Documents and Settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe

O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = ?

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O16 - DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} (GamesCampus Control) - http://fishingchamp.gamescampus.com/luncher/GamesCampus.cab

O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - https://www-secure.symantec.com/techsupp/as...abs/tgctlsr.cab

O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172454058265

O16 - DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} (MLauncher Class) - http://csweb.netgame.com/main/MLauncher.cab

O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

O16 - DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} (MGLaunch_USAv1001 Class) - http://ares.netgame.com/download/mglaunch_USAv1002.cab

O16 - DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} (NeffyLauncherCtl Class) - http://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab

O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://www.solidstatenetworks.com/demos/pl...lidstateion.cab

O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab

O16 - DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} (ZemiDetectHardware Control) - http://global.4story.com/Active_X/ZemiDetectHardware.cab

O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://playgames.comcast.net/Gameshell/Gam...ronGameHost.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O23 - Service: Apache2.2 - Advanced Micro Devices - (no file)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - (no file)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: npkcmsvc - Unknown owner - (no file)

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe

O23 - Service: ScsiAccess - Unknown owner - J:\ScsiAccess.exe (file missing)

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

O23 - Service: Snoop Free Service (SnoopFreeSvc) - Unknown owner - C:\WINDOWS\System32\SnoopFreeSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--

End of file - 15714 bytes

Im not knowledgeable about processes so please help if you can thanks!

Link to post
Share on other sites

  • Staff

Hi sinister65,

Before we continue, configure Windows XP to show hidden files:

Navigate to Start --> My Computer.

Select the Tools menu and click Folder Options. Select the View tab.

Under the Hidden files and folders heading select "Show hidden files and folders".

Uncheck the "Hide protected operating system files (recommended)" option.

Uncheck the "Hide file extensions for known file types" option.

Click Yes to confirm. Click OK.

See if C:\Program.exe exists.

Link to post
Share on other sites

  • Staff

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

Next, please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post please post the one that is not minimized.

Next, please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new HijackThis log so we may continue cleaning the system.

-screen317

DDS (Ver_09-07-30.01) - NTFSx86

Run by Compaq_Administrator at 17:28:42.30 on Mon 08/17/2009

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.111 [GMT -4:00]

AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\AskBarDis\bar\bin\AskService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\SYSTEM32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k Panda

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\TortoiseSVN\bin\TSVNCache.exe

C:\WINDOWS\ehome\ehtray.exe

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdateMgr.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\HP\KBD\KBD.EXE

C:\Program Files\Java\jre6\bin\jusched.exe

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\SnoopFreeUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Documents and Settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\DISC\DiscGui.exe

C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe

C:\Program Files\Sierra\Planner\Plnrnote.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\PowerMenu\PowerMenu.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe

C:\WINDOWS\System32\SnoopFreeSvc.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

svchost.exe

C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE

C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\PROGRA~1\FLOCK\FLOCK.EXE

C:\Program Files\DISC\DiscStreamHub.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\WINDOWS\ALCXMNTR.EXE

C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\Upgrader.exe

C:\Documents and Settings\Compaq_Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 169.235.24.133:80

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll

BHO: QFX Software KeyScrambler: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - KeyScramblerBHO Class

BHO: RUPK: {604b283a-4e26-4504-98e7-72859f949547} - Hitware Popup Killer Lite

BHO: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - UrlHelper Class

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: ZoneAlarm Spy Blocker Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll

TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

TB: &Netcraft Toolbar: {d554d8fc-b36d-4bb4-93db-4a3394d505e3} -

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe

uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

uRun: [sansaDispatch] c:\documents and settings\compaq_administrator\application data\sandisk\sansa updater\SansaDispatch.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [DISCover] c:\program files\disc\DISCover.exe

mRun: [DiscUpdateManager] c:\program files\disc\DiscUpdateMgr.exe

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [iPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [tgcmd] c:\program files\support.com\bin\tgcmd.exe /server /startmonitor /deaf

mRun: [KBD] c:\hp\kbd\KBD.EXE

mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe

mRun: [APVXDWIN] "c:\program files\panda security\panda internet security 2009\APVXDWIN.EXE" /s

mRun: [sCANINICIO] "c:\program files\panda security\panda internet security 2009\Inicio.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [snoopFreeUI] SnoopFreeUI.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\powerm~1.lnk - c:\program files\powermenu\PowerMenu.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\eventp~1.lnk - c:\program files\sierra\planner\Plnrnote.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61}

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {02ECD07A-22D0-4AF0-BA0A-3F6B06086D08} - hxxp://fishingchamp.gamescampus.com/luncher/GamesCampus.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab

DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab

DPF: {556DDE35-E955-11D0-A707-000000521957} - hxxp://www.xblock.com/download/xclean_micro.exe

DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/buxus/docs/OnlineScanner.cab

DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1172454058265

DPF: {7417F730-7BAB-409E-8BB7-6936D361B869} - hxxp://csweb.netgame.com/main/MLauncher.cab

DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} - hxxp://www.ca.com/us/securityadvisor/virusinfo/webscan.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://ares.netgame.com/download/mglaunch_USAv1002.cab

DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} - hxxp://www.solidstatenetworks.com/demos/plugintest/solidstateion.cab

DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab

DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} - hxxp://global.4story.com/Active_X/ZemiDetectHardware.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} - hxxp://playgames.comcast.net/Gameshell/GameHost/1.0/OberonGameHost.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avldr - avldr.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\gnwbcw27.default\

FF - prefs.js: browser.startup.homepage - hxxP://www.comcast.net

FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPcol305.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPHoldemFireLauncher.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: XUL Cache: {9CF789BF-1CF0-4562-9B57-110DC4314B48} - c:\documents and settings\compaq_administrator\local settings\application data\{9CF789BF-1CF0-4562-9B57-110DC4314B48}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-7-9 28544]

R0 SnoopFree;SnoopFree Driver;c:\windows\system32\drivers\SnopFree.sys [2009-8-15 9472]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-7-9 73728]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-7-9 52992]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-5-14 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-5-14 94360]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-7-9 22072]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-7-9 193792]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-7-9 158848]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-7-9 41144]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-7-9 46720]

R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-8-12 464264]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-26 211216]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda internet security 2009\PsCtrlS.exe [2009-7-9 181504]

R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-7-9 84024]

R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda internet security 2009\PavFnSvr.exe [2009-7-9 169216]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-7-9 179640]

R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2009-7-9 62768]

R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda internet security 2009\PAVSRV51.EXE [2009-7-9 288512]

R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda internet security 2009\psksvc.exe [2009-7-9 28928]

R2 SnoopFreeSvc;Snoop Free Service;System32\SnoopFreeSvc.exe --> System32\SnoopFreeSvc.exe [?]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-3-14 24652]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-7-9 13880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-26 19096]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-7-9 197888]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]

R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [2009-7-22 28592]

S1 SDManager;SDManager;\??\c:\program files\spywaredetector\sdmanager.sys --> c:\program files\spywaredetector\SDManager.sys [?]

S2 Apache2.2;Apache2.2; [x]

S2 MyWebSearchService;My Web Search Service; [x]

S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\atixpgaa.sys --> c:\pcdr5\ATIXPGAA.SYS [?]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\mediacoder\sysinfo.sys --> c:\program files\mediacoder\SysInfo.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\eraserutilrebootdrv.sys --> c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [?]

S3 HssTrayService;Hotspot Shield Tray Service; [x]

S3 ihupvtlolv;ihupvtlolv;\??\c:\documents and settings\compaq_administrator\desktop\glider\ihupvtlolv.sys --> c:\documents and settings\compaq_administrator\desktop\glider\ihupvtlolv.sys [?]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2009-8-17 114672]

S3 npggsvc;nProtect GameGuard Service; [x]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-5-8 1245064]

S3 XDva007;XDva007;\??\c:\windows\system32\xdva007.sys --> c:\windows\system32\XDva007.sys [?]

S3 XDva020;XDva020;\??\c:\windows\system32\xdva020.sys --> c:\windows\system32\XDva020.sys [?]

S3 XDva075;XDva075;\??\c:\windows\system32\xdva075.sys --> c:\windows\system32\XDva075.sys [?]

S3 XDva098;XDva098;\??\c:\windows\system32\xdva098.sys --> c:\windows\system32\XDva098.sys [?]

S3 XDva136;XDva136;c:\windows\system32\XDva136.sys [2008-8-10 37504]

S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?]

S3 XDva219;XDva219;\??\c:\windows\system32\xdva219.sys --> c:\windows\system32\XDva219.sys [?]

S3 XDva248;XDva248;\??\c:\windows\system32\xdva248.sys --> c:\windows\system32\XDva248.sys [?]

S3 XDva277;XDva277;\??\c:\windows\system32\xdva277.sys --> c:\windows\system32\XDva277.sys [?]

S3 XDva279;XDva279;\??\c:\windows\system32\xdva279.sys --> c:\windows\system32\XDva279.sys [?]

S3 XDva280;XDva280;\??\c:\windows\system32\xdva280.sys --> c:\windows\system32\XDva280.sys [?]

S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-24 419448]

S4 apacheWoW;apacheWoW; [x]

S4 ekrn;ESET Service; [x]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*

VBEFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*

VBSFile=c:\progra~1\pandas~1\pandai~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2009-08-17 15:47 114,672 a------- c:\windows\system32\drivers\keyscrambler.sys

2009-08-17 14:33 <DIR> --d----- c:\program files\Trend Micro

2009-08-15 14:32 <DIR> --d----- c:\program files\Secunia

2009-08-15 14:25 221,184 a------- c:\windows\SnoopFreeUI.exe

2009-08-15 14:25 90,112 a------- c:\windows\system32\SnoopFreeSvc.exe

2009-08-15 14:25 45,056 a------- c:\windows\SnoopFreeDll.dll

2009-08-15 14:25 9,472 a------- c:\windows\system32\drivers\SnopFree.sys

2009-08-13 10:59 <DIR> --d----- c:\program files\Free Offers from Freeze.com

2009-08-13 10:59 <DIR> --d----- C:\Hotspot Shield

2009-08-12 16:13 <DIR> --d----- C:\48520777da61036a30

2009-08-12 16:07 <DIR> --d----- C:\834b5dced0cea40da73df15f

2009-08-12 14:30 128,512 -------- c:\windows\system32\dllcache\dhtmled.ocx

2009-08-12 14:29 1,315,328 -------- c:\windows\system32\dllcache\msoe.dll

2009-08-12 09:36 4,212 a---h--- c:\windows\system32\zllictbl.dat

2009-08-12 09:36 <DIR> --d----- c:\program files\Zone Labs

2009-08-12 09:34 <DIR> --d----- c:\program files\AskBarDis

2009-08-12 09:34 <DIR> --d----- c:\windows\Internet Logs

2009-08-11 10:21 <DIR> --d----- c:\program files\common files\Merge Modules

2009-08-10 18:13 <DIR> --d----- c:\docume~1\compaq~1\applic~1\LimeWire

2009-08-09 09:29 <DIR> --d----- c:\program files\ESET

2009-08-07 03:12 <DIR> --d----- c:\program files\Desktop Lighter

2009-08-03 08:02 <DIR> --d----- c:\program files\World of Warcraft

2009-08-01 09:42 107,864 a------- c:\windows\system32\tsccvid.dll

2009-08-01 09:42 <DIR> --d----- c:\program files\common files\TechSmith Shared

2009-07-31 18:10 604,488 a------- c:\windows\system32\TUProgSt.exe

2009-07-31 18:10 <DIR> --d----- c:\docume~1\compaq~1\applic~1\TuneUp Software

2009-07-31 18:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\TuneUp Software

2009-07-31 18:08 <DIR> --dsh--- c:\docume~1\alluse~1\applic~1\{55A29068-F2CE-456C-9148-C869879E2357}

2009-07-31 17:49 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Orca Profiles

2009-07-31 17:45 <DIR> --d----- c:\docume~1\compaq~1\applic~1\MxBoost

2009-07-31 15:35 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Tor

2009-07-31 06:11 1,089,593 -------- c:\windows\system32\dllcache\ntprint.cat

2009-07-30 16:35 50,200 a------- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll

2009-07-30 16:35 79,896 a------- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll

2009-07-30 16:34 <DIR> --d----- c:\windows\system32\RsFx

2009-07-30 16:17 <DIR> --d----- c:\program files\Microsoft SQL Server

2009-07-30 16:16 <DIR> --d----- c:\program files\Microsoft Synchronization Services

2009-07-30 16:16 <DIR> --d----- c:\program files\Microsoft SQL Server Compact Edition

2009-07-30 10:45 <DIR> --d----- c:\program files\Neffy

2009-07-30 09:44 <DIR> --d----- c:\program files\PC Drivers HeadQuarters

2009-07-30 09:38 <DIR> --d----- C:\474f469cd6d1b039d159373d43e778a0

2009-07-29 16:05 266,240 a------- c:\windows\system32\MyRossoPlugin.dll

2009-07-29 16:05 <DIR> --d----- c:\program files\MyRosso

2009-07-27 17:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ijjigame

2009-07-27 13:05 <DIR> --d----- c:\docume~1\compaq~1\applic~1\GrabPro

2009-07-27 12:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SpeedBit

2009-07-26 16:09 <DIR> --d----- C:\Binaries

2009-07-26 16:09 <DIR> --d----- c:\windows\system32\QuickTime

2009-07-26 16:09 <DIR> --d----- c:\program files\OLYMPUS

2009-07-26 16:09 319,488 -------- c:\windows\system32\Pvmjpg21.dll

2009-07-26 16:09 13,184 -------- c:\windows\system32\drivers\bsaspi32.sys

2009-07-26 16:09 9,688 -------- c:\windows\system32\drivers\cdrbsvsd.sys

2009-07-26 16:09 13,567 -------- c:\windows\system32\drivers\CDRBSDRV.SYS

2009-07-26 16:08 <DIR> --d----- c:\program files\PIXELA

2009-07-26 15:57 <DIR> --d----- c:\program files\Hotspot Shield

2009-07-26 12:12 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-26 12:12 19,096 a------- c:\windows\system32\drivers\mbam.sys

2009-07-26 12:12 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware

2009-07-24 10:59 5,174 a------- c:\windows\system32\nppt9x.vxd

2009-07-24 10:59 4,682 a------- c:\windows\system32\npptNT2.sys

2009-07-22 15:13 28,592 a------- c:\windows\system32\drivers\tap0901.sys

2009-07-21 10:52 <DIR> --d----- c:\program files\Panicware

2009-07-19 14:14 <DIR> --d----- c:\program files\mIRC

2009-07-19 12:54 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Malwarebytes

2009-07-19 12:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes

2009-07-18 21:05 <DIR> --dsh--- c:\documents and settings\compaq_administrator\IECompatCache

2009-07-18 19:01 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Nexon

==================== Find3M ====================

2009-08-17 16:28 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-08-17 16:28 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG

2009-08-17 16:28 352,408 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-08-17 16:28 352,408 a------- c:\windows\system32\drivers\APPFCONT.DAT

2009-08-17 16:28 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys

2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll

2009-08-05 05:01 204,800 a------- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-25 07:50 25,280 a------- c:\windows\system32\drivers\hamachi.sys

2009-07-22 17:04 34 a------- c:\documents and settings\compaq_administrator\jagex_runescape_preferences.dat

2009-07-20 16:32 65,536 a------- c:\windows\IFinst27.exe

2009-07-19 18:48 11,067,392 a------- c:\windows\system32\dllcache\ieframe.dll

2009-07-19 09:18 5,937,152 a------- c:\windows\system32\dllcache\mshtml.dll

2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll

2009-07-17 15:01 58,880 -------- c:\windows\system32\dllcache\atl.dll

2009-07-13 23:43 10,841,088 a------- c:\windows\system32\dllcache\wmp.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll

2009-07-13 23:43 286,208 a------- c:\windows\system32\dllcache\wmpdxm.dll

2009-07-09 19:22 99,256 a------- c:\windows\system32\drivers\av5flt.sys

2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll

2009-07-03 13:09 915,456 a------- c:\windows\system32\dllcache\wininet.dll

2009-07-03 13:09 12,800 -------- c:\windows\system32\dllcache\xpshims.dll

2009-07-03 13:09 1,208,832 a------- c:\windows\system32\dllcache\urlmon.dll

2009-07-03 13:09 206,848 a------- c:\windows\system32\dllcache\occache.dll

2009-07-03 13:09 594,432 a------- c:\windows\system32\dllcache\msfeeds.dll

2009-07-03 13:09 55,296 a------- c:\windows\system32\dllcache\msfeedsbs.dll

2009-07-03 13:09 1,985,536 a------- c:\windows\system32\dllcache\iertutil.dll

2009-07-03 13:09 25,600 a------- c:\windows\system32\dllcache\jsproxy.dll

2009-07-03 13:09 184,320 a------- c:\windows\system32\dllcache\iepeers.dll

2009-07-03 13:09 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll

2009-07-03 13:09 386,048 a------- c:\windows\system32\dllcache\iedkcs32.dll

2009-07-03 07:01 173,056 a------- c:\windows\system32\dllcache\ie4uinit.exe

2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll

2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll

2009-06-16 10:36 119,808 -------- c:\windows\system32\dllcache\t2embed.dll

2009-06-16 10:36 81,920 -------- c:\windows\system32\dllcache\fontsub.dll

2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe

2009-06-12 08:31 80,896 -------- c:\windows\system32\dllcache\tlntsess.exe

2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe

2009-06-12 08:31 76,288 -------- c:\windows\system32\dllcache\telnet.exe

2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll

2009-06-10 10:13 84,992 -------- c:\windows\system32\dllcache\avifil32.dll

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll

2009-06-10 09:19 2,066,432 a------- c:\windows\system32\dllcache\mstscax.dll

2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll

2009-06-10 02:14 132,096 -------- c:\windows\system32\dllcache\wkssvc.dll

2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll

2009-06-03 15:09 1,291,264 -------- c:\windows\system32\dllcache\quartz.dll

2008-12-16 19:56 9,656 a------- c:\docume~1\compaq~1\applic~1\wklnhst.dat

2008-11-26 16:07 4,822 a------- c:\program files\install.ini

2008-11-26 16:02 660,612,519 a------- c:\program files\data1.pck

2008-11-26 16:02 623,501,266 a------- c:\program files\data4.pck

2008-11-26 16:02 1,222,776 a------- c:\program files\check.md

2008-11-26 16:00 660,569,555 a------- c:\program files\data3.pck

2008-11-26 15:57 660,636,086 a------- c:\program files\data2.pck

2008-08-04 14:52 29,256 a------- c:\program files\CopyRight.txt

2006-12-17 18:30 32 a----r-- c:\documents and settings\all users\hash.dat

2005-11-10 18:49 44 a------- c:\program files\AutoRun.inf

2005-07-14 15:12 4,150 a------- c:\program files\icon.ico

2005-05-10 18:54 258,352 a------- c:\program files\unicows.dll

2000-09-15 15:51 372,736 a------- c:\program files\ijl15.dll

2007-02-15 12:24 22 a--sh--- c:\windows\sminst\HPCD.sys

2008-01-17 07:27 56 ---shr-- c:\windows\system32\429A7A71EA.sys

2008-01-17 07:27 848 a--sh--- c:\windows\system32\KGyGaAvL.sys

2009-05-17 08:09 245,760 a--sh--- c:\windows\system32\config\systemprofile\ietldcache\index.dat

2008-09-12 14:40 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091220080913\index.dat

============= FINISH: 17:29:56.64 ===============

DDS LOG

Link to post
Share on other sites

ComboFix 09-08-10.06 - Compaq_Administrator 08/17/2009 17:33.1.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.156 [GMT -4:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk

c:\documents and settings\Compaq_Administrator\Local Settings\Temp\IadHide5.dll

c:\program files\autorun.inf

c:\recycler\S-1-5-21-3186271738-10155601-3647051748-500

c:\recycler\S-1-5-21-776561741-1229272821-725345543-500

c:\windows\COUPON~1.OCX

c:\windows\CouponPrinter.ocx

c:\windows\Installer\106c8f.msp

c:\windows\Installer\106c96.msp

c:\windows\Installer\2c51f08.msi

c:\windows\Installer\4ce6a6.msp

c:\windows\Installer\4ce6a7.msp

c:\windows\Installer\4ce6a8.msp

c:\windows\Installer\4ce6a9.msp

c:\windows\Installer\4ce6aa.msp

c:\windows\Installer\4ce6ab.msp

c:\windows\Installer\4ce6ac.msp

c:\windows\Installer\4ce6ad.msp

c:\windows\Installer\4ce6ae.msp

c:\windows\Installer\766b7.msi

c:\windows\kb913800.exe

c:\windows\system32\BSTIEPrintCtl1.dll

c:\windows\system32\drivers\etc\lmhosts

c:\windows\system32\launcher.exe

D:\Autorun.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MYWEBSEARCHSERVICE

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))

.

2009-08-17 19:47 . 2009-07-30 20:10 114672 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2009-08-17 18:33 . 2009-08-17 18:33 -------- d-----w- c:\program files\Trend Micro

2009-08-15 18:32 . 2009-08-15 18:32 -------- d-----w- c:\program files\Secunia

2009-08-15 18:25 . 2009-08-15 18:25 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys

2009-08-15 18:25 . 2009-08-15 18:25 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe

2009-08-15 18:25 . 2009-08-15 18:25 45056 ----a-w- c:\windows\SnoopFreeDll.dll

2009-08-15 18:25 . 2009-08-15 18:25 221184 ----a-w- c:\windows\SnoopFreeUI.exe

2009-08-13 14:59 . 2009-08-13 14:59 -------- d-----w- c:\program files\Free Offers from Freeze.com

2009-08-13 14:59 . 2009-08-13 14:59 -------- d-----w- C:\Hotspot Shield

2009-08-12 20:13 . 2009-08-13 01:02 -------- d-----w- C:\48520777da61036a30

2009-08-12 20:07 . 2009-08-12 20:07 -------- d-----w- C:\834b5dced0cea40da73df15f

2009-08-12 18:29 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 13:36 . 2009-08-12 13:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-08-12 13:36 . 2009-08-12 13:36 -------- d-----w- c:\program files\Zone Labs

2009-08-12 13:34 . 2009-08-12 13:40 -------- d-----w- c:\program files\AskBarDis

2009-08-12 13:34 . 2009-08-15 20:23 -------- d-----w- c:\windows\Internet Logs

2009-08-11 14:26 . 2009-08-11 14:26 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll

2009-08-11 14:21 . 2009-08-11 14:22 -------- d-----w- c:\program files\Common Files\Merge Modules

2009-08-09 13:29 . 2009-08-09 13:29 -------- d-----w- c:\program files\ESET

2009-08-09 13:29 . 2009-08-09 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-08-07 07:12 . 2009-08-07 07:12 -------- d-----w- c:\program files\Desktop Lighter

2009-08-04 22:29 . 2009-08-12 13:48 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\CurseClient

2009-08-03 12:02 . 2009-08-15 14:38 -------- d-----w- c:\program files\World of Warcraft

2009-08-01 19:05 . 2009-07-23 20:20 564736 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Flock\Browser\Profiles\mhnubimd.default\extensions\CSLauncher@cyberstep.com\plugins\npCsLauncher.dll

2009-08-01 15:11 . 2009-08-01 15:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-08-01 13:42 . 2008-07-10 17:56 107864 ----a-w- c:\windows\system32\tsccvid.dll

2009-08-01 13:42 . 2009-08-01 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2009-08-01 13:42 . 2009-08-01 13:42 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-08-01 13:41 . 2009-08-01 13:41 -------- d-----w- c:\program files\TechSmith

2009-07-31 22:10 . 2009-07-31 22:10 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-07-31 22:10 . 2009-07-31 22:10 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\TuneUp Software

2009-07-31 22:09 . 2009-07-31 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-07-31 22:08 . 2009-07-31 22:08 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-07-31 21:49 . 2009-07-31 21:49 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Orca Profiles

2009-07-31 21:45 . 2009-07-31 21:46 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\MxBoost

2009-07-31 21:39 . 2009-07-31 21:39 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\K-Meleon

2009-07-31 19:35 . 2009-07-31 19:44 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Tor

2009-07-30 20:35 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll

2009-07-30 20:35 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll

2009-07-30 20:34 . 2009-07-30 20:34 -------- d-----w- c:\windows\system32\RsFx

2009-07-30 20:17 . 2009-07-30 20:34 -------- d-----w- c:\program files\Microsoft SQL Server

2009-07-30 20:16 . 2009-07-30 20:16 -------- d-----w- c:\program files\Microsoft Synchronization Services

2009-07-30 20:16 . 2009-07-30 20:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-07-30 20:15 . 2009-07-30 20:15 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll

2009-07-30 20:14 . 2009-08-11 14:25 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2009-07-30 20:13 . 2009-07-30 20:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Microsoft Help

2009-07-30 20:10 . 2009-08-11 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2009-07-30 20:10 . 2009-08-11 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-07-30 20:09 . 2009-07-30 20:09 -------- d-----w- c:\program files\Microsoft SDKs

2009-07-30 14:45 . 2009-07-30 19:30 -------- d-----w- c:\program files\Neffy

2009-07-30 13:47 . 2009-07-30 13:47 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PC_Drivers_Headquarters

2009-07-30 13:44 . 2009-07-30 13:44 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2009-07-30 13:38 . 2009-07-30 13:39 -------- d-----w- C:\474f469cd6d1b039d159373d43e778a0

2009-07-29 20:05 . 2007-03-30 23:49 266240 ----a-w- c:\windows\system32\MyRossoPlugin.dll

2009-07-29 20:05 . 2009-07-29 20:05 -------- d-----w- c:\program files\MyRosso

2009-07-27 21:27 . 2009-07-27 21:27 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\ijjigame

2009-07-27 21:25 . 2009-07-28 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame

2009-07-27 17:05 . 2009-07-27 17:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\GrabPro

2009-07-27 17:05 . 2009-07-27 19:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Orbit

2009-07-27 16:55 . 2009-07-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit

2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- C:\Binaries

2009-07-26 20:09 . 2009-08-01 13:42 -------- d-----w- c:\windows\system32\QuickTime

2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- c:\program files\OLYMPUS

2009-07-26 20:09 . 2004-06-08 21:41 319488 ------w- c:\windows\system32\Pvmjpg21.dll

2009-07-26 20:09 . 2001-04-10 20:16 13184 ------w- c:\windows\system32\drivers\bsaspi32.sys

2009-07-26 20:09 . 2000-07-05 06:16 9688 ------w- c:\windows\system32\drivers\cdrbsvsd.sys

2009-07-26 20:09 . 2004-03-08 16:55 13567 ------w- c:\windows\system32\drivers\CDRBSDRV.SYS

2009-07-26 20:08 . 2009-07-26 20:08 -------- d-----w- c:\program files\PIXELA

2009-07-26 19:57 . 2009-08-13 15:03 -------- d-----w- c:\program files\Hotspot Shield

2009-07-26 16:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-26 16:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-26 16:12 . 2009-07-26 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-24 20:38 . 2009-07-24 20:38 17 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\godzHell\jag2png.bat

2009-07-24 17:20 . 2009-07-24 17:20 -------- d-----w- c:\program files\Electronic Arts

2009-07-24 14:59 . 2005-01-03 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2009-07-24 14:13 . 2009-08-01 00:42 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-24 13:45 . 2008-07-08 14:16 807936 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Flock\Browser\Profiles\mhnubimd.default\extensions\SolidStateION@solidstatenetworks.com\plugins\solidnm.exe

2009-07-24 13:45 . 2008-07-08 14:16 122880 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Flock\Browser\Profiles\mhnubimd.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll

2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys

2009-07-21 14:52 . 2009-07-21 14:52 -------- d-----w- c:\program files\Panicware

2009-07-21 12:20 . 2009-07-21 12:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Turbine

2009-07-19 18:14 . 2009-08-08 11:51 -------- d-----w- c:\program files\mIRC

2009-07-19 16:54 . 2009-07-19 16:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes

2009-07-19 16:53 . 2009-07-19 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-19 01:05 . 2009-07-19 01:05 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IECompatCache

2009-07-19 00:55 . 2009-07-19 00:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Netcraft

2009-07-18 23:01 . 2009-07-18 23:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Nexon

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-17 21:49 . 2009-07-09 23:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-08-17 21:49 . 2009-07-09 23:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG

2009-08-17 21:49 . 2009-07-09 23:42 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys

2009-08-17 21:32 . 2009-07-09 23:40 354580 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-08-17 21:32 . 2009-07-09 23:40 354580 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2009-08-17 20:29 . 2009-07-05 14:38 -------- d-----w- c:\program files\Flock

2009-08-17 19:59 . 2007-10-28 22:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-17 19:48 . 2009-08-17 19:48 0 ----a-w- c:\documents and settings\Compaq_Administrator\ntuser.tmp

2009-08-17 13:06 . 2009-01-03 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-08-15 20:20 . 2006-01-27 02:05 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-14 23:52 . 2008-06-26 20:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DNA

2009-08-14 10:11 . 2009-04-21 16:56 -------- d-----w- c:\program files\DNA

2009-08-10 22:21 . 2009-08-10 22:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\LimeWire

2009-08-10 21:45 . 2006-02-01 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-08-08 11:51 . 2008-09-01 01:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\mIRC

2009-08-05 09:01 . 2006-01-27 17:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 14:10 . 2009-01-10 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-03 13:11 . 2008-01-21 18:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2009-08-02 23:17 . 2006-01-27 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-02 22:21 . 2009-06-29 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\GetRightToGo

2009-08-01 14:50 . 2006-01-27 01:56 122616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-01 13:57 . 2009-02-02 23:17 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2009-07-30 20:31 . 2006-01-27 02:08 -------- d-----w- c:\program files\Microsoft.NET

2009-07-30 13:47 . 2006-01-31 04:56 122616 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-27 19:16 . 2009-02-05 21:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\teamspeak2

2009-07-26 13:46 . 2009-02-07 15:24 -------- d-----w- c:\program files\Coupons

2009-07-25 12:02 . 2008-09-19 21:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Hamachi

2009-07-25 11:50 . 2008-09-19 21:17 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-07-24 20:38 . 2009-07-05 13:47 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\godzHell

2009-07-24 19:38 . 2008-11-09 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-07-22 21:04 . 2008-08-07 15:14 34 ----a-w- c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat

2009-07-20 20:32 . 2009-01-10 18:33 65536 ----a-w- c:\windows\IFinst27.exe

2009-07-17 21:18 . 2009-07-16 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit

2009-07-17 21:18 . 2009-07-17 20:59 -------- d-----w- c:\program files\RadarSync

2009-07-17 21:04 . 2009-04-27 23:01 -------- d-----w- c:\program files\DIFX

2009-07-17 20:53 . 2009-07-17 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2009-07-17 19:01 . 2006-01-27 17:53 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 11:19 . 2009-07-17 11:19 106942640 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\Sansa Media Converter.EXE

2009-07-17 11:18 . 2006-01-27 02:06 -------- d-----w- c:\program files\Microsoft Money 2005

2009-07-17 02:16 . 2008-12-25 12:52 541696 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe

2009-07-17 00:28 . 2008-12-25 12:52 79872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

2009-07-14 23:20 . 2009-07-14 23:12 96 ---ha-w- c:\windows\system32\HsInfo.dat

2009-07-14 03:43 . 2004-08-10 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 22:11 . 2009-07-13 22:11 -------- d-----w- c:\program files\PowerMenu

2009-07-09 23:40 . 2009-07-09 23:40 261 ----a-w- c:\windows\system32\PavCPL.dat

2009-07-09 23:39 . 2009-07-09 23:39 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Panda Security

2009-07-09 23:39 . 2009-07-09 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security

2009-07-09 23:39 . 2009-01-29 23:21 -------- d-----w- c:\program files\Panda Security

2009-07-09 23:37 . 2009-07-09 23:31 -------- d-----w- c:\program files\Common Files\Panda Security

2009-07-09 23:22 . 2009-07-09 18:13 99256 ----a-w- c:\windows\system32\drivers\av5flt.sys

2009-07-09 16:26 . 2008-12-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee

2009-07-09 16:25 . 2009-07-09 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Screaming Bee

2009-07-08 13:56 . 2009-07-08 13:12 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\ESTsoft

2009-07-08 13:13 . 2009-07-08 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft

2009-07-05 14:42 . 2009-07-05 14:42 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Flock

2009-07-03 19:01 . 2009-07-03 18:59 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Babbel

2009-07-03 17:11 . 2009-07-03 17:11 -------- d-----w- c:\program files\NGD Studios

2009-07-03 17:09 . 2006-01-27 18:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 13:49 . 2009-06-28 18:02 -------- d-----w- c:\program files\Any Video Converter

2009-06-29 13:49 . 2009-06-28 18:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Any Video Converter

2009-06-28 16:13 . 2007-02-26 02:14 -------- d-----w- c:\program files\Windows Media Connect 2

2009-06-28 16:11 . 2009-06-28 15:46 -------- d-----w- c:\program files\Common Files\AVSMedia

2009-06-28 16:08 . 2009-06-28 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2009-06-28 16:08 . 2009-06-28 16:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\NCH Software

2009-06-28 15:48 . 2009-06-28 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2009-06-28 15:48 . 2009-06-28 15:48 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVS4YOU

2009-06-28 15:00 . 2006-01-27 02:23 -------- d-----w- c:\program files\Google

2009-06-27 20:48 . 2008-12-27 13:59 -------- d-----w- c:\program files\Windows Live

2009-06-27 16:58 . 2009-06-27 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2009-06-17 13:51 . 2009-06-29 22:57 781435 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Radical Software Ltd\Wyzo\Profiles\7ujamnf1.default\extensions\firedownload@mozilla.org\Download.dll

2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2009-06-16 14:36 . 2006-01-27 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:36 . 2006-01-27 17:55 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 12:31 . 2006-01-27 18:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-11 02:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2006-01-27 17:53 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 13:19 . 2006-01-27 17:56 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2006-01-27 18:01 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 23:38 . 2009-06-18 21:21 522240 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Radical Software Ltd\Wyzo\Profiles\7ujamnf1.default\extensions\CSLauncher@cyberstep.com\plugins\npCsLauncher.dll

2009-06-03 19:09 . 2006-01-27 17:57 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-11-26 20:07 . 2009-07-15 10:58 4822 ----a-w- c:\program files\install.ini

2008-11-26 20:02 . 2009-07-15 11:08 1222776 ----a-w- c:\program files\check.md

2008-11-26 20:02 . 2009-07-15 11:06 660612519 ----a-w- c:\program files\data1.pck

2008-11-26 20:02 . 2009-07-15 10:58 623501266 ----a-w- c:\program files\data4.pck

2008-11-26 20:00 . 2009-07-15 11:01 660569555 ----a-w- c:\program files\data3.pck

2008-11-26 19:57 . 2009-07-15 11:04 660636086 ----a-w- c:\program files\data2.pck

2008-08-04 18:52 . 2009-07-15 11:08 29256 ----a-w- c:\program files\CopyRight.txt

2005-07-14 19:12 . 2009-07-15 10:58 4150 ----a-w- c:\program files\icon.ico

2005-05-10 22:54 . 2009-07-15 10:58 258352 ----a-w- c:\program files\unicows.dll

2000-09-15 19:51 . 2009-07-15 10:58 372736 ----a-w- c:\program files\ijl15.dll

2007-02-15 16:24 . 2007-02-15 16:24 22 --sha-w- c:\windows\SMINST\HPCD.sys

2008-01-17 11:27 . 2008-01-15 22:56 56 --sh--r- c:\windows\system32\429A7A71EA.sys

2008-01-17 11:27 . 2008-01-15 22:56 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

2008-11-06 22:15 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-06 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-06 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]

[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-10-30 67128]

"SansaDispatch"="c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-07-17 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-01-27 180269]

"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2009-07-15 881920]

"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-03-10 28160]

"SnoopFreeUI"="SnoopFreeUI.exe" - c:\windows\SnoopFreeUI.exe [2009-08-15 221184]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\

PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-1-26 36903]

Event Planner Reminders Tray Icon.lnk - c:\program files\Sierra\Planner\Plnrnote.exe [2007-6-29 184320]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-30 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-20 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 20:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Secunia PSI.lnk]

backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Xfire.lnk]

backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"ekrn"=2 (0x2)

"EhttpSrv"=3 (0x3)

"apacheWoW"=2 (0x2)

"a2free"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138754578\\ee\\aolsoftware.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138754578\\ee\\aim6.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\Flock\\Browser\\Profiles\\mhnubimd.default\\extensions\\SolidStateION@solidstatenetworks.com\\plugins\\solidnm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56501:TCP"= 56501:TCP:*:Disabled:SolidNetworkManager

"56501:UDP"= 56501:UDP:*:Disabled:SolidNetworkManager

"9901:TCP"= 9901:TCP:*:Disabled:SolidNetworkManager

"9901:UDP"= 9901:UDP:*:Disabled:SolidNetworkManager

"51395:TCP"= 51395:TCP:*:Disabled:SolidNetworkManager

"51395:UDP"= 51395:UDP:*:Disabled:SolidNetworkManager

"22758:TCP"= 22758:TCP:*:Disabled:SolidNetworkManager

"22758:UDP"= 22758:UDP:*:Disabled:SolidNetworkManager

"15805:TCP"= 15805:TCP:BitComet 15805 TCP

"15805:UDP"= 15805:UDP:BitComet 15805 UDP

"24306:TCP"= 24306:TCP:BitComet 24306 TCP

"24306:UDP"= 24306:UDP:BitComet 24306 UDP

"15091:TCP"= 15091:TCP:BitComet 15091 TCP

"15091:UDP"= 15091:UDP:BitComet 15091 UDP

"23303:TCP"= 23303:TCP:BitComet 23303 TCP

"23303:UDP"= 23303:UDP:BitComet 23303 UDP

"58341:TCP"= 58341:TCP:Pando Media Booster

"58341:UDP"= 58341:UDP:Pando Media Booster

"56200:TCP"= 56200:TCP:Pando Media Booster

"56200:UDP"= 56200:UDP:Pando Media Booster

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"10530:TCP"= 10530:TCP:*:Disabled:SolidNetworkManager

"10530:UDP"= 10530:UDP:*:Disabled:SolidNetworkManager

"58164:TCP"= 58164:TCP:Pando Media Booster

"58164:UDP"= 58164:UDP:Pando Media Booster

"39559:TCP"= 39559:TCP:*:Disabled:SolidNetworkManager

"39559:UDP"= 39559:UDP:*:Disabled:SolidNetworkManager

"28679:TCP"= 28679:TCP:*:Disabled:SolidNetworkManager

"28679:UDP"= 28679:UDP:*:Disabled:SolidNetworkManager

"36772:TCP"= 36772:TCP:SolidNetworkManager

"36772:UDP"= 36772:UDP:SolidNetworkManager

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [7/9/2009 7:37 PM 28544]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [7/9/2009 7:40 PM 73728]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [7/9/2009 7:40 PM 52992]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [7/9/2009 7:40 PM 22072]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [7/9/2009 7:40 PM 193792]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [7/9/2009 7:40 PM 158848]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [7/9/2009 7:37 PM 41144]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [7/9/2009 7:40 PM 46720]

R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [8/12/2009 9:34 AM 464264]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2009 12:12 PM 211216]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [7/9/2009 7:37 PM 179640]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [7/9/2009 7:39 PM 28928]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/14/2007 5:25 PM 24652]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [7/9/2009 7:42 PM 13880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/26/2009 12:12 PM 19096]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [7/9/2009 7:39 PM 197888]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [7/22/2009 3:13 PM 28592]

S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]

S2 Apache2.2;Apache2.2; [x]

S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS --> c:\pcdr5\ATIXPGAA.SYS [?]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 HssTrayService;Hotspot Shield Tray Service; [x]

S3 ihupvtlolv;ihupvtlolv;\??\c:\documents and settings\Compaq_Administrator\Desktop\Glider\ihupvtlolv.sys --> c:\documents and settings\Compaq_Administrator\Desktop\Glider\ihupvtlolv.sys [?]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [8/17/2009 3:47 PM 114672]

S3 npggsvc;nProtect GameGuard Service; [x]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [11/22/2008 1:53 PM 23064]

S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sys --> c:\windows\system32\XDva007.sys [?]

S3 XDva020;XDva020;\??\c:\windows\system32\XDva020.sys --> c:\windows\system32\XDva020.sys [?]

S3 XDva075;XDva075;\??\c:\windows\system32\XDva075.sys --> c:\windows\system32\XDva075.sys [?]

S3 XDva098;XDva098;\??\c:\windows\system32\XDva098.sys --> c:\windows\system32\XDva098.sys [?]

S3 XDva136;XDva136;c:\windows\system32\XDva136.sys [8/10/2008 7:42 AM 37504]

S3 XDva189;XDva189;\??\c:\windows\system32\XDva189.sys --> c:\windows\system32\XDva189.sys [?]

S3 XDva219;XDva219;\??\c:\windows\system32\XDva219.sys --> c:\windows\system32\XDva219.sys [?]

S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?]

S3 XDva277;XDva277;\??\c:\windows\system32\XDva277.sys --> c:\windows\system32\XDva277.sys [?]

S3 XDva279;XDva279;\??\c:\windows\system32\XDva279.sys --> c:\windows\system32\XDva279.sys [?]

S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]

S4 apacheWoW;apacheWoW; [x]

S4 ekrn;ESET Service; [x]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 8:28 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 8:28 PM 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 21:29]

.

- - - - ORPHANS REMOVED - - - -

BHO-{74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - (no file)

Toolbar-Locked - (no file)

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 169.235.24.133:80

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab

DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} - hxxp://global.4story.com/Active_X/ZemiDetectHardware.cab

FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gnwbcw27.default\

FF - prefs.js: browser.startup.homepage - hxxP://www.comcast.net

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - HiddenExtension: XUL Cache: {9CF789BF-1CF0-4562-9B57-110DC4314B48} - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{9CF789BF-1CF0-4562-9B57-110DC4314B48}

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

.

------- File Associations -------

.

JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-17 17:49

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3219781774-1708424276-1402225139-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(280)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(5560)

c:\windows\system32\WININET.dll

c:\program files\Panda Security\Panda Internet Security 2009\pavoepl.dll

c:\windows\SnoopFreeDll.dll

c:\program files\PowerMenu\PowerMenuHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Panda Security\Panda Internet Security 2009\TPSrv.exe

c:\program files\Panda Security\Panda Internet Security 2009\WebProxy.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\windows\system32\ati2evxx.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Panda Security\Panda Internet Security 2009\PsCtrlS.exe

c:\program files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe

c:\program files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

c:\windows\system32\SnoopFreeSvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE

c:\windows\ehome\mcrdsvc.exe

c:\program files\Panda Security\Panda Internet Security 2009\PAVSRV51.EXE

c:\program files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

c:\program files\Panda Security\Panda Internet Security 2009\FIREWALL\PSHost.exe

c:\windows\system32\dllhost.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Panda Security\Panda Internet Security 2009\SrvLoad.exe

c:\program files\Panda Security\Panda Internet Security 2009\PavBckPT.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

.

**************************************************************************

.

Completion time: 2009-08-17 17:58 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-17 21:56

Pre-Run: 115,417,808,896 bytes free

Post-Run: 115,534,032,896 bytes free

600 --- E O F --- 2009-08-13 10:49

Link to post
Share on other sites

  • Staff

Hi,

Courtest of Dakeyras, to remove ESET remnants, download this removal tool and save it to the Desktop.

It is in Dutch but very simple to use as follows:

1. Double-click on nod32removal to start the application.

2. Click on Yes then on OK.

3. ESET is now removed.

4. Now delete nod32removal and empty the Recycle Bin.

Also, I see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.


  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar

Let me know if you decided to uninstall it.

For the same reason, I also recommend that you uninstall ASK, ASK Toolbar, and AskBarDis.

Now restart your computer.

Let me know when you're done with that.

-screen317

Link to post
Share on other sites

  • Staff

Please open Notepad - don't use any other text editor than notepad or the script will fail.

Copy/paste the text in the quotebox below into Notepad:

Driver::

apacheWoW

XDva007

XDva020

XDva075

XDva098

XDva136

XDva189

XDva219

XDva248

XDva277

XDva279

XDva280

Apache2.2

ekrn

Folder::

C:\Program Files\ESET

KILLALL::

SecCenter::

{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"15805:TCP"=-

"15805:UDP"=-

"24306:TCP"=-

"24306:UDP"=-

"15091:TCP"=-

"15091:UDP"=-

"23303:TCP"=-

"23303:UDP"=-

DDS::

TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

TB: {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File

TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File

Save this as CFScript

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

CFScriptB-4.gif

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.

-screen317

Link to post
Share on other sites

ComboFix 09-08-10.06 - Compaq_Administrator 08/17/2009 18:38.2.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.498 [GMT -4:00]

Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

AV: Panda Internet Security 2009 *On-access scanning enabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}

FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\ESET

c:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_APACHE2.2

-------\Legacy_APACHEWOW

-------\Legacy_EKRN

-------\Legacy_XDVA007

-------\Legacy_XDVA020

-------\Legacy_XDVA075

-------\Legacy_XDVA098

-------\Legacy_XDVA136

-------\Legacy_XDVA189

-------\Legacy_XDVA219

-------\Legacy_XDVA248

-------\Legacy_XDVA277

-------\Legacy_XDVA279

-------\Legacy_XDVA280

-------\Service_Apache2.2

-------\Service_apacheWoW

-------\Service_ekrn

-------\Service_XDva007

-------\Service_XDva020

-------\Service_XDva075

-------\Service_XDva098

-------\Service_XDva136

-------\Service_XDva189

-------\Service_XDva219

-------\Service_XDva248

-------\Service_XDva277

-------\Service_XDva279

-------\Service_XDva280

((((((((((((((((((((((((( Files Created from 2009-07-17 to 2009-08-17 )))))))))))))))))))))))))))))))

.

2009-08-17 19:47 . 2009-07-30 20:10 114672 ----a-w- c:\windows\system32\drivers\keyscrambler.sys

2009-08-17 18:33 . 2009-08-17 18:33 -------- d-----w- c:\program files\Trend Micro

2009-08-15 18:32 . 2009-08-15 18:32 -------- d-----w- c:\program files\Secunia

2009-08-15 18:25 . 2009-08-15 18:25 9472 ----a-w- c:\windows\system32\drivers\SnopFree.sys

2009-08-15 18:25 . 2009-08-15 18:25 90112 ----a-w- c:\windows\system32\SnoopFreeSvc.exe

2009-08-15 18:25 . 2009-08-15 18:25 45056 ----a-w- c:\windows\SnoopFreeDll.dll

2009-08-15 18:25 . 2009-08-15 18:25 221184 ----a-w- c:\windows\SnoopFreeUI.exe

2009-08-13 14:59 . 2009-08-13 14:59 -------- d-----w- c:\program files\Free Offers from Freeze.com

2009-08-13 14:59 . 2009-08-13 14:59 -------- d-----w- C:\Hotspot Shield

2009-08-12 20:13 . 2009-08-13 01:02 -------- d-----w- C:\48520777da61036a30

2009-08-12 20:07 . 2009-08-12 20:07 -------- d-----w- C:\834b5dced0cea40da73df15f

2009-08-12 18:29 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-12 13:36 . 2009-08-12 13:36 4212 ---ha-w- c:\windows\system32\zllictbl.dat

2009-08-12 13:36 . 2009-08-12 13:36 -------- d-----w- c:\program files\Zone Labs

2009-08-12 13:34 . 2009-08-15 20:23 -------- d-----w- c:\windows\Internet Logs

2009-08-11 14:26 . 2009-08-11 14:26 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll

2009-08-11 14:21 . 2009-08-11 14:22 -------- d-----w- c:\program files\Common Files\Merge Modules

2009-08-09 13:29 . 2009-08-09 13:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET

2009-08-07 07:12 . 2009-08-07 07:12 -------- d-----w- c:\program files\Desktop Lighter

2009-08-04 22:29 . 2009-08-12 13:48 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\CurseClient

2009-08-03 12:02 . 2009-08-15 14:38 -------- d-----w- c:\program files\World of Warcraft

2009-08-01 19:05 . 2009-07-23 20:20 564736 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Flock\Browser\Profiles\mhnubimd.default\extensions\CSLauncher@cyberstep.com\plugins\npCsLauncher.dll

2009-08-01 15:11 . 2009-08-01 15:11 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-08-01 13:42 . 2008-07-10 17:56 107864 ----a-w- c:\windows\system32\tsccvid.dll

2009-08-01 13:42 . 2009-08-01 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2009-08-01 13:42 . 2009-08-01 13:42 -------- d-----w- c:\program files\Common Files\TechSmith Shared

2009-08-01 13:41 . 2009-08-01 13:41 -------- d-----w- c:\program files\TechSmith

2009-07-31 22:10 . 2009-07-31 22:10 604488 ----a-w- c:\windows\system32\TUProgSt.exe

2009-07-31 22:10 . 2009-07-31 22:10 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\TuneUp Software

2009-07-31 22:09 . 2009-07-31 22:09 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software

2009-07-31 22:08 . 2009-07-31 22:08 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}

2009-07-31 21:49 . 2009-07-31 21:49 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Orca Profiles

2009-07-31 21:45 . 2009-07-31 21:46 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\MxBoost

2009-07-31 21:39 . 2009-07-31 21:39 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\K-Meleon

2009-07-31 19:35 . 2009-07-31 19:44 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Tor

2009-07-30 20:35 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll

2009-07-30 20:35 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll

2009-07-30 20:34 . 2009-07-30 20:34 -------- d-----w- c:\windows\system32\RsFx

2009-07-30 20:17 . 2009-07-30 20:34 -------- d-----w- c:\program files\Microsoft SQL Server

2009-07-30 20:16 . 2009-07-30 20:16 -------- d-----w- c:\program files\Microsoft Synchronization Services

2009-07-30 20:16 . 2009-07-30 20:16 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-07-30 20:15 . 2009-07-30 20:15 193824 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VBExpress\9.0\1033\ResourceCache.dll

2009-07-30 20:14 . 2009-08-11 14:25 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll

2009-07-30 20:13 . 2009-07-30 20:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Microsoft Help

2009-07-30 20:10 . 2009-08-11 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0

2009-07-30 20:10 . 2009-08-11 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-07-30 20:09 . 2009-07-30 20:09 -------- d-----w- c:\program files\Microsoft SDKs

2009-07-30 14:45 . 2009-07-30 19:30 -------- d-----w- c:\program files\Neffy

2009-07-30 13:47 . 2009-07-30 13:47 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\PC_Drivers_Headquarters

2009-07-30 13:44 . 2009-07-30 13:44 -------- d-----w- c:\program files\PC Drivers HeadQuarters

2009-07-30 13:38 . 2009-07-30 13:39 -------- d-----w- C:\474f469cd6d1b039d159373d43e778a0

2009-07-29 20:05 . 2007-03-30 23:49 266240 ----a-w- c:\windows\system32\MyRossoPlugin.dll

2009-07-29 20:05 . 2009-07-29 20:05 -------- d-----w- c:\program files\MyRosso

2009-07-27 21:27 . 2009-07-27 21:27 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\ijjigame

2009-07-27 21:25 . 2009-07-28 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\ijjigame

2009-07-27 17:05 . 2009-07-27 17:05 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\GrabPro

2009-07-27 17:05 . 2009-07-27 19:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Orbit

2009-07-27 16:55 . 2009-07-27 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit

2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- C:\Binaries

2009-07-26 20:09 . 2009-08-01 13:42 -------- d-----w- c:\windows\system32\QuickTime

2009-07-26 20:09 . 2009-07-26 20:09 -------- d-----w- c:\program files\OLYMPUS

2009-07-26 20:09 . 2004-06-08 21:41 319488 ------w- c:\windows\system32\Pvmjpg21.dll

2009-07-26 20:09 . 2001-04-10 20:16 13184 ------w- c:\windows\system32\drivers\bsaspi32.sys

2009-07-26 20:09 . 2000-07-05 06:16 9688 ------w- c:\windows\system32\drivers\cdrbsvsd.sys

2009-07-26 20:09 . 2004-03-08 16:55 13567 ------w- c:\windows\system32\drivers\CDRBSDRV.SYS

2009-07-26 20:08 . 2009-07-26 20:08 -------- d-----w- c:\program files\PIXELA

2009-07-26 19:57 . 2009-08-13 15:03 -------- d-----w- c:\program files\Hotspot Shield

2009-07-26 16:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-07-26 16:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-07-26 16:12 . 2009-07-26 16:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-07-24 20:38 . 2009-07-24 20:38 17 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\godzHell\jag2png.bat

2009-07-24 17:20 . 2009-07-24 17:20 -------- d-----w- c:\program files\Electronic Arts

2009-07-24 14:59 . 2005-01-03 15:43 4682 ----a-w- c:\windows\system32\npptNT2.sys

2009-07-24 14:13 . 2009-08-01 00:42 -------- d-----w- c:\program files\Microsoft Silverlight

2009-07-24 13:45 . 2008-07-08 14:16 807936 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Flock\Browser\Profiles\mhnubimd.default\extensions\SolidStateION@solidstatenetworks.com\plugins\solidnm.exe

2009-07-24 13:45 . 2008-07-08 14:16 122880 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Flock\Browser\Profiles\mhnubimd.default\extensions\SolidStateION@solidstatenetworks.com\plugins\npssn.dll

2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys

2009-07-21 14:52 . 2009-07-21 14:52 -------- d-----w- c:\program files\Panicware

2009-07-21 12:20 . 2009-07-21 12:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Turbine

2009-07-19 18:14 . 2009-08-08 11:51 -------- d-----w- c:\program files\mIRC

2009-07-19 16:54 . 2009-07-19 16:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes

2009-07-19 16:53 . 2009-07-19 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-07-19 01:05 . 2009-07-19 01:05 -------- d-sh--w- c:\documents and settings\Compaq_Administrator\IECompatCache

2009-07-19 00:55 . 2009-07-19 00:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Netcraft

2009-07-18 23:01 . 2009-07-18 23:01 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Nexon

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-17 22:56 . 2009-07-09 23:40 352408 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-08-17 22:56 . 2009-07-09 23:40 352408 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT

2009-08-17 22:54 . 2009-07-09 23:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-08-17 22:54 . 2009-07-09 23:40 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG

2009-08-17 22:54 . 2009-07-09 23:42 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys

2009-08-17 22:36 . 2009-07-05 14:38 -------- d-----w- c:\program files\Flock

2009-08-17 22:13 . 2006-02-01 00:38 -------- d-----w- c:\program files\Viewpoint

2009-08-17 22:13 . 2006-02-01 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint

2009-08-17 22:13 . 2007-02-01 23:17 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Viewpoint

2009-08-17 19:59 . 2007-10-28 22:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-17 13:06 . 2009-01-03 12:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-08-15 20:20 . 2006-01-27 02:05 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-14 23:52 . 2008-06-26 20:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\DNA

2009-08-14 10:11 . 2009-04-21 16:56 -------- d-----w- c:\program files\DNA

2009-08-10 22:21 . 2009-08-10 22:13 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\LimeWire

2009-08-08 11:51 . 2008-09-01 01:50 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\mIRC

2009-08-05 09:01 . 2006-01-27 17:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 14:10 . 2009-01-10 16:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-03 13:11 . 2008-01-21 18:56 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment

2009-08-02 23:17 . 2006-01-27 01:48 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-08-02 22:21 . 2009-06-29 21:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\GetRightToGo

2009-08-01 14:50 . 2006-01-27 01:56 122616 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-01 13:57 . 2009-02-02 23:17 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2009-07-30 20:31 . 2006-01-27 02:08 -------- d-----w- c:\program files\Microsoft.NET

2009-07-30 13:47 . 2006-01-31 04:56 122616 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-27 19:16 . 2009-02-05 21:20 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\teamspeak2

2009-07-26 13:46 . 2009-02-07 15:24 -------- d-----w- c:\program files\Coupons

2009-07-25 12:02 . 2008-09-19 21:18 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Hamachi

2009-07-25 11:50 . 2008-09-19 21:17 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys

2009-07-24 20:38 . 2009-07-05 13:47 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\godzHell

2009-07-24 19:38 . 2008-11-09 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files

2009-07-22 21:04 . 2008-08-07 15:14 34 ----a-w- c:\documents and settings\Compaq_Administrator\jagex_runescape_preferences.dat

2009-07-20 20:32 . 2009-01-10 18:33 65536 ----a-w- c:\windows\IFinst27.exe

2009-07-17 21:18 . 2009-07-16 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit

2009-07-17 21:18 . 2009-07-17 20:59 -------- d-----w- c:\program files\RadarSync

2009-07-17 21:04 . 2009-04-27 23:01 -------- d-----w- c:\program files\DIFX

2009-07-17 20:53 . 2009-07-17 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters

2009-07-17 19:01 . 2006-01-27 17:53 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 11:19 . 2009-07-17 11:19 106942640 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\Sansa Media Converter.EXE

2009-07-17 11:18 . 2006-01-27 02:06 -------- d-----w- c:\program files\Microsoft Money 2005

2009-07-17 02:16 . 2008-12-25 12:52 541696 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe

2009-07-17 00:28 . 2008-12-25 12:52 79872 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe

2009-07-14 23:20 . 2009-07-14 23:12 96 ---ha-w- c:\windows\system32\HsInfo.dat

2009-07-14 03:43 . 2004-08-10 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-13 22:11 . 2009-07-13 22:11 -------- d-----w- c:\program files\PowerMenu

2009-07-09 23:40 . 2009-07-09 23:40 261 ----a-w- c:\windows\system32\PavCPL.dat

2009-07-09 23:39 . 2009-07-09 23:39 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Panda Security

2009-07-09 23:39 . 2009-07-09 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security

2009-07-09 23:39 . 2009-01-29 23:21 -------- d-----w- c:\program files\Panda Security

2009-07-09 23:37 . 2009-07-09 23:31 -------- d-----w- c:\program files\Common Files\Panda Security

2009-07-09 23:22 . 2009-07-09 18:13 99256 ----a-w- c:\windows\system32\drivers\av5flt.sys

2009-07-09 16:26 . 2008-12-13 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Screaming Bee

2009-07-09 16:25 . 2009-07-09 16:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Screaming Bee

2009-07-08 13:56 . 2009-07-08 13:12 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\ESTsoft

2009-07-08 13:13 . 2009-07-08 13:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Estsoft

2009-07-05 14:42 . 2009-07-05 14:42 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Flock

2009-07-03 19:01 . 2009-07-03 18:59 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Babbel

2009-07-03 17:11 . 2009-07-03 17:11 -------- d-----w- c:\program files\NGD Studios

2009-07-03 17:09 . 2006-01-27 18:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 13:49 . 2009-06-28 18:02 -------- d-----w- c:\program files\Any Video Converter

2009-06-29 13:49 . 2009-06-28 18:02 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Any Video Converter

2009-06-28 16:13 . 2007-02-26 02:14 -------- d-----w- c:\program files\Windows Media Connect 2

2009-06-28 16:11 . 2009-06-28 15:46 -------- d-----w- c:\program files\Common Files\AVSMedia

2009-06-28 16:08 . 2009-06-28 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software

2009-06-28 16:08 . 2009-06-28 16:08 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\NCH Software

2009-06-28 15:48 . 2009-06-28 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU

2009-06-28 15:48 . 2009-06-28 15:48 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\AVS4YOU

2009-06-28 15:00 . 2006-01-27 02:23 -------- d-----w- c:\program files\Google

2009-06-27 20:48 . 2008-12-27 13:59 -------- d-----w- c:\program files\Windows Live

2009-06-27 16:58 . 2009-06-27 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm

2009-06-17 13:51 . 2009-06-29 22:57 781435 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Radical Software Ltd\Wyzo\Profiles\7ujamnf1.default\extensions\firedownload@mozilla.org\Download.dll

2009-06-17 12:20 . 2009-06-17 12:20 12648 ----a-w- c:\windows\system32\drivers\psi_mf.sys

2009-06-16 14:36 . 2006-01-27 18:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:36 . 2006-01-27 17:55 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-12 12:31 . 2006-01-27 18:00 80896 ----a-w- c:\windows\system32\tlntsess.exe

2009-06-12 12:31 . 2004-08-11 02:00 76288 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:13 . 2006-01-27 17:53 84992 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 13:19 . 2006-01-27 17:56 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:14 . 2006-01-27 18:01 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-04 23:38 . 2009-06-18 21:21 522240 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Radical Software Ltd\Wyzo\Profiles\7ujamnf1.default\extensions\CSLauncher@cyberstep.com\plugins\npCsLauncher.dll

2009-06-03 19:09 . 2006-01-27 17:57 1291264 ----a-w- c:\windows\system32\quartz.dll

2008-11-26 20:07 . 2009-07-15 10:58 4822 ----a-w- c:\program files\install.ini

2008-11-26 20:02 . 2009-07-15 11:08 1222776 ----a-w- c:\program files\check.md

2008-11-26 20:02 . 2009-07-15 11:06 660612519 ----a-w- c:\program files\data1.pck

2008-11-26 20:02 . 2009-07-15 10:58 623501266 ----a-w- c:\program files\data4.pck

2008-11-26 20:00 . 2009-07-15 11:01 660569555 ----a-w- c:\program files\data3.pck

2008-11-26 19:57 . 2009-07-15 11:04 660636086 ----a-w- c:\program files\data2.pck

2008-08-04 18:52 . 2009-07-15 11:08 29256 ----a-w- c:\program files\CopyRight.txt

2005-07-14 19:12 . 2009-07-15 10:58 4150 ----a-w- c:\program files\icon.ico

2005-05-10 22:54 . 2009-07-15 10:58 258352 ----a-w- c:\program files\unicows.dll

2000-09-15 19:51 . 2009-07-15 10:58 372736 ----a-w- c:\program files\ijl15.dll

2007-02-15 16:24 . 2007-02-15 16:24 22 --sha-w- c:\windows\SMINST\HPCD.sys

2008-01-17 11:27 . 2008-01-15 22:56 56 --sh--r- c:\windows\system32\429A7A71EA.sys

2008-01-17 11:27 . 2008-01-15 22:56 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((( SnapShot@2009-08-17_21.50.40 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-08-17 22:53 . 2009-08-17 22:53 16384 c:\windows\Temp\Perflib_Perfdata_794.dat

+ 2009-08-17 22:46 . 2009-08-17 22:46 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

- 2009-08-17 21:45 . 2009-08-17 21:45 8192 c:\windows\ERDNT\subs\Users\00000004\UsrClass.dat

- 2009-08-17 21:45 . 2009-08-17 21:45 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

+ 2009-08-17 22:46 . 2009-08-17 22:46 8192 c:\windows\ERDNT\subs\Users\00000002\UsrClass.dat

- 2009-08-17 21:45 . 2009-08-17 21:45 303104 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-17 22:46 . 2009-08-17 22:46 303104 c:\windows\ERDNT\subs\Users\00000006\UsrClass.dat

+ 2009-08-17 22:46 . 2009-08-17 22:46 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

- 2009-08-17 21:45 . 2009-08-17 21:45 237568 c:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT

+ 2009-08-17 22:46 . 2009-08-17 22:46 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

- 2009-08-17 21:45 . 2009-08-17 21:45 241664 c:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT

- 2009-08-17 21:45 . 2009-08-17 21:45 9539584 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT

+ 2009-08-17 22:46 . 2009-08-17 22:46 9539584 c:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]

@="{C5994560-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]

@="{C5994561-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]

@="{C5994562-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]

@="{C5994563-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]

@="{C5994564-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]

@="{C5994565-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]

@="{C5994566-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]

@="{C5994567-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]

@="{C5994568-53D9-4125-87C9-F193FC689CB2}"

[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]

2008-01-16 22:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-13 68856]

"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-10-30 67128]

"SansaDispatch"="c:\documents and settings\Compaq_Administrator\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2009-07-17 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]

"DISCover"="c:\program files\DISC\DISCover.exe" [2005-09-27 1060864]

"DiscUpdateManager"="c:\program files\DISC\DiscUpdateMgr.exe" [2005-09-27 61440]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-01-27 180269]

"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]

"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-19 136600]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]

"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2009-07-15 881920]

"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-07-13 414992]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2005-03-10 28160]

"SnoopFreeUI"="SnoopFreeUI.exe" - c:\windows\SnoopFreeUI.exe [2009-08-15 221184]

c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\

PowerMenu.lnk - c:\program files\PowerMenu\PowerMenu.exe [2002-12-19 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-1-26 36903]

Event Planner Reminders Tray Icon.lnk - c:\program files\Sierra\Planner\Plnrnote.exe [2007-6-29 184320]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-10-30 67128]

Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-20 438272]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 20:58 58672 ----a-w- c:\windows\system32\avldr.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Secunia PSI.lnk]

backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Administrator^Start Menu^Programs^Startup^Xfire.lnk]

backup=c:\windows\pss\Xfire.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iPod Service"=3 (0x3)

"ekrn"=2 (0x2)

"EhttpSrv"=3 (0x3)

"apacheWoW"=2 (0x2)

"a2free"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138754578\\ee\\aolsoftware.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Common Files\\AOL\\1138754578\\ee\\aim6.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

"c:\\Documents and Settings\\Compaq_Administrator\\Application Data\\Flock\\Browser\\Profiles\\mhnubimd.default\\extensions\\SolidStateION@solidstatenetworks.com\\plugins\\solidnm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"56501:TCP"= 56501:TCP:*:Disabled:SolidNetworkManager

"56501:UDP"= 56501:UDP:*:Disabled:SolidNetworkManager

"9901:TCP"= 9901:TCP:*:Disabled:SolidNetworkManager

"9901:UDP"= 9901:UDP:*:Disabled:SolidNetworkManager

"51395:TCP"= 51395:TCP:*:Disabled:SolidNetworkManager

"51395:UDP"= 51395:UDP:*:Disabled:SolidNetworkManager

"22758:TCP"= 22758:TCP:*:Disabled:SolidNetworkManager

"22758:UDP"= 22758:UDP:*:Disabled:SolidNetworkManager

"58341:TCP"= 58341:TCP:Pando Media Booster

"58341:UDP"= 58341:UDP:Pando Media Booster

"56200:TCP"= 56200:TCP:Pando Media Booster

"56200:UDP"= 56200:UDP:Pando Media Booster

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"10530:TCP"= 10530:TCP:*:Disabled:SolidNetworkManager

"10530:UDP"= 10530:UDP:*:Disabled:SolidNetworkManager

"58164:TCP"= 58164:TCP:Pando Media Booster

"58164:UDP"= 58164:UDP:Pando Media Booster

"39559:TCP"= 39559:TCP:*:Disabled:SolidNetworkManager

"39559:UDP"= 39559:UDP:*:Disabled:SolidNetworkManager

"28679:TCP"= 28679:TCP:*:Disabled:SolidNetworkManager

"28679:UDP"= 28679:UDP:*:Disabled:SolidNetworkManager

"36772:TCP"= 36772:TCP:SolidNetworkManager

"36772:UDP"= 36772:UDP:SolidNetworkManager

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [7/9/2009 7:37 PM 28544]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [7/9/2009 7:40 PM 73728]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [7/9/2009 7:40 PM 52992]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [7/9/2009 7:40 PM 22072]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [7/9/2009 7:40 PM 193792]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [7/9/2009 7:40 PM 158848]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [7/9/2009 7:37 PM 41144]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [7/9/2009 7:40 PM 46720]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/26/2009 12:12 PM 211216]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [7/9/2009 7:37 PM 179640]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [7/9/2009 7:39 PM 28928]

R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [7/9/2009 7:42 PM 13880]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/26/2009 12:12 PM 19096]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [7/9/2009 7:39 PM 197888]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [7/22/2009 3:13 PM 28592]

S1 SDManager;SDManager;\??\c:\program files\SpywareDetector\SDManager.sys --> c:\program files\SpywareDetector\SDManager.sys [?]

S2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]

S3 ATIXPGAA;ATIXPGAA;\??\c:\pcdr5\ATIXPGAA.SYS --> c:\pcdr5\ATIXPGAA.SYS [?]

S3 CrystalSysInfo;CrystalSysInfo;\??\c:\program files\MediaCoder\SysInfo.sys --> c:\program files\MediaCoder\SysInfo.sys [?]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]

S3 HssTrayService;Hotspot Shield Tray Service; [x]

S3 ihupvtlolv;ihupvtlolv;\??\c:\documents and settings\Compaq_Administrator\Desktop\Glider\ihupvtlolv.sys --> c:\documents and settings\Compaq_Administrator\Desktop\Glider\ihupvtlolv.sys [?]

S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [8/17/2009 3:47 PM 114672]

S3 npggsvc;nProtect GameGuard Service; [x]

S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]

S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [11/22/2008 1:53 PM 23064]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 8:28 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 2:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 8:28 PM 369688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

panda REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Contents of the 'Scheduled Tasks' folder

2009-08-17 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-14 21:29]

.

- - - - ORPHANS REMOVED - - - -

BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll

Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 169.235.24.133:80

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab

DPF: {C9A2CBF3-B7F9-463E-A690-82CC077DCFC6} - hxxp://global.4story.com/Active_X/ZemiDetectHardware.cab

FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\gnwbcw27.default\

FF - prefs.js: browser.startup.homepage - hxxP://www.comcast.net

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol305.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPHoldemFireLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMFireLauncher.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - HiddenExtension: XUL Cache: {9CF789BF-1CF0-4562-9B57-110DC4314B48} - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\{9CF789BF-1CF0-4562-9B57-110DC4314B48}

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-08-17 18:54

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3219781774-1708424276-1402225139-1008\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(364)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\avldr.dll

- - - - - - - > 'explorer.exe'(1848)

c:\windows\system32\WININET.dll

c:\program files\Panda Security\Panda Internet Security 2009\pavoepl.dll

c:\windows\SnoopFreeDll.dll

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll

c:\program files\PowerMenu\PowerMenuHook.dll

c:\program files\Logitech\SetPoint\lgscroll.dll

c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

c:\program files\TortoiseSVN\bin\TortoiseStub.dll

c:\program files\TortoiseSVN\bin\TortoiseSVN.dll

c:\program files\TortoiseSVN\bin\intl3_tsvn.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\msi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\Panda Security\Panda Internet Security 2009\TPSrv.exe

c:\program files\Panda Security\Panda Internet Security 2009\WebProxy.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\ehome\ehrecvr.exe

c:\windows\ehome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\ati2evxx.exe

c:\program files\TortoiseSVN\bin\TSVNCache.exe

c:\program files\MySQL\MySQL Server 5.1\bin\mysqld.exe

c:\program files\HP\Digital Imaging\bin\hpqste08.exe

c:\program files\Panda Security\Panda Internet Security 2009\PsCtrlS.exe

c:\program files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe

c:\program files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

c:\windows\system32\SnoopFreeSvc.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\Panda Security\Panda Internet Security 2009\PAVSRV51.EXE

c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE

c:\windows\ehome\mcrdsvc.exe

c:\program files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

c:\program files\Panda Security\Panda Internet Security 2009\FIREWALL\PSHost.exe

c:\windows\system32\dllhost.exe

c:\program files\Panda Security\Panda Internet Security 2009\SrvLoad.exe

c:\windows\ehome\ehmsas.exe

c:\program files\Panda Security\Panda Internet Security 2009\PavBckPT.exe

.

**************************************************************************

.

Completion time: 2009-08-17 19:03 - machine was rebooted

ComboFix-quarantined-files.txt 2009-08-17 23:02

ComboFix2.txt 2009-08-17 21:58

Pre-Run: 115,555,770,368 bytes free

Post-Run: 115,515,408,384 bytes free

578 --- E O F --- 2009-08-13 10:49

Link to post
Share on other sites

Results of screen317's Security Check version 0.98.8

Windows XP Service Pack 3

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET NOD32 Antivirus

Panda Internet Security 2009

Panda Internet Security 2009

ESET NOD32 Antivirus

a-squared Free 4.0

Antivirus up to date!

``````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Secunia PSI

HijackThis 2.0.2

Eusing Free Registry Cleaner

Java 6 Update 11

Java 6 Update 7

Java SE Development Kit 6 Update 10

Java SE Development Kit 6 Update 11

Java DB 10.4.1.3

Out of date Java installed!

Adobe Flash Player 10

Adobe Reader 8.1.0

Out of date Adobe Reader installed!

``````````````````````````````

Process Check:

objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

panda security panda internet security 2009 firewall PSHOST.EXE

``````````````````````````````

DNS Vulnerability Check:

GREAT! (Very random)

`````````End of Log```````````

Link to post
Share on other sites

  • Staff

Hi,

Delete SecurityCheck.exe

Navigate to Start --> Run, and type Combofix /u in the box that appears. Click OK afterwards. Notice the space between the X and the /u

This uninstalls all of ComboFix's components.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Download and install IE-Spyad, which will place over 5000 'bad' sites on your Internet Explorer Restricted List. A tutorial on it can be found here.

3) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

4) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

5) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

6) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

You may want to consider adding an Authenticator to your accounts and converting your account to a battle.net account. The former is a RSA hard token that works with WoW; it generates a new six-digit key every 30 seconds (Blizzard Authenticator FAQ). The latter ties an account permanently to an e-mail address (What is the Battle.net Account?).

Change your passwords to hard to crack passwords. Use this Password Strength Checker by Microsoft.

Safe surfing,

-screen317

Link to post
Share on other sites

  • 3 weeks later...
Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.