| |
| |||||||
Log-Analyse und Auswertung: Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.06.2012, 14:32
| #3 |
 |  Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet hier ist der otl nochmals
__________________vielen dank  OTL Logfile: Code:
ATTFilter OTL logfile created on: 6/8/2012 1:47:47 PM - Run 1 OTL by OldTimer - Version 3.2.47.0 Folder = C:\Users\Owner\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19222) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.94 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 52.36% Memory free 4.78 Gb Paging File | 3.50 Gb Available in Paging File | 73.14% Paging File free Paging file location(s): c:\pagefile.sys 2973 2973 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.98 Gb Total Space | 148.02 Gb Free Space | 66.98% Space Free | Partition Type: NTFS Drive D: | 11.90 Gb Total Space | 1.84 Gb Free Space | 15.44% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/08 13:46:06 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Downloads\OTL.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE PRC - [2011/04/13 18:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe PRC - [2010/10/20 16:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe PRC - [2010/08/16 15:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe PRC - [2010/06/04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe PRC - [2010/05/28 14:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\AVENGINE.EXE PRC - [2010/04/22 19:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\WebProxy.exe PRC - [2010/02/23 13:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe PRC - [2009/11/26 18:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe PRC - [2009/08/10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/06/27 14:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\SrvLoad.exe PRC - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe PRC - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe PRC - [2008/01/19 09:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/09/15 10:29:10 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe PRC - [2006/11/02 11:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe ========== Modules (No Company Name) ========== MOD - [2012/02/22 20:49:56 | 000,921,600 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2007/10/01 05:33:32 | 000,066,856 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll MOD - [2007/02/14 14:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\MiniCrypto.dll MOD - [2004/05/19 12:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\LIBXML2.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012/06/06 09:57:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/06/06 01:31:19 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate) SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc) SRV - [2011/04/14 17:07:58 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe -- (TPSrv) SRV - [2010/10/20 16:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe -- (PAVFNSVR) SRV - [2010/08/16 15:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe -- (PskSvcRetail) SRV - [2010/06/04 11:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe -- (PAVSRV) SRV - [2009/11/26 18:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe -- (PSHost) SRV - [2009/08/10 15:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe -- (Panda Software Controller) SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/06/19 13:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe -- (PSIMSVC) SRV - [2008/02/04 18:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe -- (PavPrSrv) SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008/01/19 09:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008/01/19 09:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/03/05 20:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | Disabled | Stopped] -- a -- (vsdatant) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SymIM.sys -- (SymIMMP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PavTPK.sys -- (PavTPK.sys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\PavSRK.sys -- (PavSRK.sys) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\PalmUSBD.sys -- (PalmUSBD) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012/06/08 09:28:23 | 000,105,088 | ---- | M] (Panda Security, S.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\av5flt.sys -- (AvFlt) DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011/12/01 21:34:40 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr) DRV - [2011/02/21 15:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv) DRV - [2011/01/31 17:41:28 | 000,083,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT) DRV - [2010/09/09 17:23:00 | 000,193,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT) DRV - [2010/09/01 12:09:14 | 000,201,032 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1644.sys -- (NETIMFLT01060044) DRV - [2010/06/22 19:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2010/05/21 14:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM) DRV - [2010/05/06 18:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc) DRV - [2009/09/25 15:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT) DRV - [2009/09/25 15:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI) DRV - [2009/09/25 15:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON) DRV - [2009/09/25 15:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT) DRV - [2009/06/24 06:08:00 | 007,542,208 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009/04/11 06:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2009/04/11 06:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID) DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/03/04 01:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService) DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/09/10 00:12:28 | 000,176,640 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService) DRV - [2007/07/11 20:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid) DRV - [2007/06/19 03:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr) DRV - [2007/05/31 01:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007/03/22 08:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/02/25 00:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/02/16 23:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007/01/24 02:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKLM\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.imesh.com/ IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60452 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{523F32BA-7501-476E-AC0C-D22EEB29AD04}: "URL" = hxxp://www.flickr.com/search/?q={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SUNA IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{80D6DB76-1108-49F6-A896-FEA8CB78E157}: "URL" = hxxp://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{8C367274-CC00-41DA-BEAC-6C2CF70BB39E}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvdt IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={8153DA5E-4623-4182-84EC-97BE10D92242}&mid=b1c4cd4de19f631f6d81056869bace19-19797f26317ae0b17f4a1412906e404ec3d12118&lang=en&ds=AVG&pr=fr&d=2011-12-01 21:12:09&v=8.0.0.40&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{C1E0C7A6-A8E2-4FE0-9787-1C4A8155D7D4}: "URL" = hxxp://delicious.com/search?p={searchTerms} IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://toolbar.ask.com/toolbarv/askRedirect?gct=&gc=1&q={searchTerms}&crm=1&toolbar=UT2 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{DCA623BF-EA31-4439-9168-7930D9D25A8B}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\SearchScopes\{FD0A3935-5FCC-4484-9160-3B53CF57C671}: "URL" = hxxp://www.ask.com/web?q={searchterms}&l=dis&o=ushpd IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com" FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.3.11.20110727115843 FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Owner\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Owner\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Owner\AppData\Local\Facebook\Messenger\2.1.4520.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2011/01/16 18:28:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\9.0.0.18\ [2011/11/30 20:39:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 09:57:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 10:04:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/19 20:54:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 09:57:09 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/28 10:04:56 | 000,000,000 | ---D | M] [2011/01/06 22:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions [2009/06/20 10:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2012/05/31 18:51:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions [2011/11/23 12:43:59 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/11/23 12:44:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash [2012/05/20 10:51:34 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012/05/31 18:51:09 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} [2010/12/29 14:49:00 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011/03/30 20:42:50 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\taztryfv.default\extensions\personas@christopher.beard [2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\taztryfv.default\searchplugins\iMeshWebSearch.xml [2012/02/23 07:16:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012/05/18 13:40:53 | 000,047,322 | ---- | M] () (No name found) -- C:\USERS\OWNER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TAZTRYFV.DEFAULT\EXTENSIONS\GOOGLEDICTIONARY@TOPTIP.CA.XPI [2012/06/06 09:57:08 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012/02/22 18:37:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/11/30 20:39:31 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012/02/23 07:15:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml [2010/09/02 10:09:28 | 000,002,486 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\iMeshWebSearch.xml [2012/02/23 07:15:48 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== O1 HOSTS File: ([2010/04/07 00:51:04 | 000,000,743 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (MediaBar) - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~1\IMESHA~1\MediaBar\ToolBar\imeshdtxmltbpi.dll File not found O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O3 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.) O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpqSRMon] File not found O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.) O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [Facebook Update] C:\Users\Owner\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun File not found O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-2725313977-2452428163-366678771-1000..\RunOnce: [Shockwave Updater] C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)" -"hxxp://www.candystand.com/play/pool-sharks" File not found O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{61240696-36FB-4231-9FB7-821C2CEFFE1C}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync) O24 - Desktop WallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O24 - Desktop BackupWallPaper: C:\Users\Owner\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/10/23 09:21:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\AutoRun\command - "" = F:\Setup.exe O33 - MountPoints2\{175676ee-f7b8-11df-8fbf-001e68094fde}\Shell\Install\command - "" = F:\Setup.exe O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun - "" = Autorun O33 - MountPoints2\{2a2da9c9-6f4b-11dd-8334-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s O33 - MountPoints2\{3120a840-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = wd_windows_tools\WDEULA.exe O33 - MountPoints2\{3120a921-aa0c-11dd-b013-001e68094fde}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe O33 - MountPoints2\{574962f6-3335-11dd-a499-001e68094fde}\Shell\AutoRun\command - "" = G:\Launch.exe O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun - "" = Autorun O33 - MountPoints2\{5c3e57ea-9620-11dd-b2f6-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\m.exe /s O33 - MountPoints2\{5f119fdb-5119-11dd-adfe-001e68094fde}\Shell\AutoRun\command - "" = InstallSeagateManager.exe O33 - MountPoints2\{6770080c-a034-11de-8677-001e68094fde}\Shell\AutoRun\command - "" = G:\setup.exe O33 - MountPoints2\{6e939d26-004f-11df-b24c-001e68094fde}\Shell\AutoRun\command - "" = F:\WDSetup.exe O33 - MountPoints2\{78252484-5e57-11dd-9fdc-001e68094fde}\Shell\AutoRun\command - "" = F:\setupSNK.exe O33 - MountPoints2\{7bd6b079-aa97-11de-a7e3-001e68094fde}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell - "" = AutoRun O33 - MountPoints2\{c8bdfdfb-e46f-11dd-aa43-001e68094fde}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation) MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company) MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: PskSvcRetail - C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe (Panda Security, S.L.) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error. ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1 ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error. ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error. ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12 ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{46AA243C-6639-4E0B-AB18-E7CA14FCCFBB} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/06/06 12:08:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe [2012/06/05 23:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012/06/05 16:01:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2012/06/05 16:01:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/06/05 16:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012/06/05 16:01:22 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/06/05 16:01:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012/06/04 22:52:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/06/04 22:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2012/06/04 22:37:51 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/06/04 18:10:12 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012/06/04 17:18:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5D4204C8-CDE2-4C45-9E45-D9D6F47A816F} [2012/06/04 17:17:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{C8902336-5744-42D5-9EAE-9B8231018014} [2012/06/04 06:41:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{DD7C8580-ED43-4779-9D46-70F8FBB54B1D} [2012/06/04 06:40:55 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E59139D1-CAF6-4301-AC21-80D204FBE5B0} [2012/06/04 06:30:57 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{015FC6A9-723F-4986-A312-95D9FB567870} [2012/06/04 06:30:54 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{01071753-B3F9-4D9A-ABB5-901568C73F4A} [2012/06/03 22:55:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{7C4A7E94-CF0E-4F39-B26D-A354905B42DF} [2012/06/03 22:55:34 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E643DDFD-39E2-4CF3-B64E-007BEA09FC24} [2012/05/31 18:52:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D171E1D4-B3E4-4DD0-B5E7-B264C5BCBBB9} [2012/05/31 18:52:37 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{275430D3-B7F3-4225-98B3-D5775D7B675F} [2012/05/28 20:50:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6D1F1111-2507-4105-8292-95CACA139BDD} [2012/05/28 20:50:12 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AB926C97-9A08-47F8-99CC-756E5B2B39AB} [2012/05/28 10:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012/05/28 10:24:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012/05/28 10:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012/05/28 10:08:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2012/05/28 10:04:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012/05/28 10:02:45 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012/05/27 16:20:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E1400CBB-620B-4369-812C-7A3F47BAEDB1} [2012/05/27 16:20:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4A832F31-EE92-419C-B4A5-631F04CDC58A} [2012/05/26 09:33:45 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook [2012/05/25 20:32:53 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{4BE63C1A-E81B-4D4C-BB31-215B8FFE8702} [2012/05/25 20:32:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6E57EAED-4982-47E5-B751-BEC6C1E37FC5} [2012/05/23 23:42:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6285ED63-90D0-4639-AE82-1340F9DD4369} [2012/05/23 23:42:44 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D676B265-7EB2-4971-999B-FBA0443AF276} [2012/05/15 06:39:14 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{D965FE57-8D8D-4B74-B99A-366EFE7372FA} [2012/05/15 06:39:08 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{AB4B5A7D-4279-446D-80DA-E08D34EFF7BD} [2012/05/14 06:24:19 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{E9AB4B54-2C52-40FE-AA77-3541B8E29488} [2012/05/14 06:24:18 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{33CFD962-3C68-4174-BF50-A18DF3CED55B} [2012/05/13 20:14:50 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{14792B86-9AA8-4CCE-A360-62213FDFAD08} [2012/05/13 20:14:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{5039D79B-F42F-43AD-A5C2-C01C1E2DFA17} [2012/05/12 22:56:46 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{122158B0-BD92-45EC-9859-4EB92371C761} [2012/05/12 22:56:38 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{54B1B045-FE0F-4B6F-9DC9-EB213021BB43} [2012/05/12 09:30:33 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{EA417B02-358A-42CB-974A-1162FFED61B7} [2012/05/12 09:30:31 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A0DC8AB2-7755-42D0-937E-9E46C7BA00C9} [2012/05/11 23:12:22 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{6CFB91FA-44A7-43A4-BEB0-7561FF2F82CB} [2012/05/11 23:12:17 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{1DFC6FEE-548D-4585-B67A-2FAA118461FC} [2012/05/11 06:18:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{A41FD33F-E118-410A-A0ED-F0DD28237243} [2012/05/11 06:18:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{142D52DB-E444-47AC-B498-D88F3B782DAA} [2012/05/10 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{0BF665E7-83EE-4929-8988-E78323550EFD} [2012/05/10 18:54:43 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{F6FACA2F-CEC7-42E8-A828-1DDB4EC94B48} [2012/05/10 06:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012/05/10 06:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012/05/10 05:50:29 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{64878248-3A18-4915-9AD1-5CCF1BCE691B} [2012/05/10 05:50:23 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\{173C4041-DAB5-4DA2-BF07-BE6B19B2F143} ========== Files - Modified Within 30 Days ========== [2012/06/08 13:56:42 | 000,315,076 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck [2012/06/08 13:56:42 | 000,315,076 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT [2012/06/08 13:37:48 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/06/08 13:37:17 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000UA.job [2012/06/08 13:37:11 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012/06/08 13:37:11 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012/06/08 13:36:54 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/06/08 13:36:17 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck [2012/06/08 13:36:17 | 000,000,136 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg [2012/06/08 13:36:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/08 13:36:14 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/08 13:36:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/08 09:38:10 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000Core.job [2012/06/08 09:33:59 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck [2012/06/08 09:33:59 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG [2012/06/08 09:33:59 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg [2012/06/08 09:33:59 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck [2012/06/08 09:33:59 | 000,000,092 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt [2012/06/08 09:33:59 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck [2012/06/08 09:33:59 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg [2012/06/08 09:33:58 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck [2012/06/08 09:33:58 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls [2012/06/08 09:33:16 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD707F92-E982-4E85-8D70-10F1713EB1FD}.job [2012/06/08 09:32:31 | 000,000,162 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2012/06/08 09:30:19 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/06/08 09:28:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck [2012/06/08 09:28:53 | 000,000,064 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt [2012/06/08 09:28:23 | 000,105,088 | ---- | M] (Panda Security, S.L.) -- C:\Windows\System32\drivers\av5flt.sys [2012/06/06 16:58:41 | 000,311,712 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/06/06 14:15:37 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC [2012/06/06 12:46:53 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/06/06 12:46:53 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/06/06 12:08:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\TFC.exe [2012/06/06 09:40:24 | 000,000,929 | ---- | M] () -- C:\Users\Owner\log.exe [2012/06/04 22:53:01 | 000,002,061 | ---- | M] () -- C:\Users\Public\Desktop\Panda ActiveScan Cleaner.lnk [2012/06/04 22:37:49 | 000,006,944 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat [2012/05/29 20:50:37 | 000,193,024 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/05/28 10:27:17 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/28 10:04:05 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/23 23:38:48 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForOwner.job [2012/05/21 22:55:15 | 000,128,614 | ---- | M] () -- C:\Users\Owner\Desktop\3527906_orig.jpg ========== Files Created - No Company Name ========== [2012/06/06 09:40:23 | 000,000,929 | ---- | C] () -- C:\Users\Owner\log.exe [2012/06/04 22:49:21 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\Panda ActiveScan Cleaner.lnk [2012/05/28 10:27:17 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012/05/28 10:04:05 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012/05/21 22:55:13 | 000,128,614 | ---- | C] () -- C:\Users\Owner\Desktop\3527906_orig.jpg [2011/12/01 21:34:40 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys [2011/12/01 21:34:06 | 000,000,262 | ---- | C] () -- C:\Windows\System32\PavCPL.dat [2011/12/01 21:33:40 | 000,315,076 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck [2011/12/01 21:33:40 | 000,315,076 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT [2010/12/15 13:46:40 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== LOP Check ========== [2009/04/23 08:41:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\7Wonders [2011/01/16 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft [2010/12/29 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers [2008/07/05 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HotSync [2008/07/05 02:13:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech [2011/09/09 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAGIX [2008/03/15 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MSNInstaller [2009/06/10 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies [2011/12/01 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security [2008/05/11 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking [2010/09/28 16:19:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PureEdge [2009/04/01 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template [2012/05/31 17:08:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2012/06/08 09:38:10 | 000,000,906 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000Core.job [2012/06/08 13:37:17 | 000,000,928 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2725313977-2452428163-366678771-1000UA.job [2012/06/07 13:09:54 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/06/08 09:33:16 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD707F92-E982-4E85-8D70-10F1713EB1FD}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2009/04/23 08:41:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\7Wonders [2008/07/01 07:30:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Adobe [2011/01/16 18:26:26 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AnvSoft [2009/12/27 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Apple Computer [2008/07/28 19:54:03 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Arcsoft [2008/08/18 08:47:56 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\CyberLink [2012/02/14 20:26:00 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\dvdcss [2010/12/29 14:48:58 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDVideoSoftIEHelpers [2011/12/23 13:26:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Google [2011/04/20 06:02:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Hewlett-Packard [2008/07/05 01:49:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HotSync [2008/03/11 04:09:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HP [2010/03/31 12:27:36 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HPAppData [2011/07/06 05:33:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HpUpdate [2008/02/16 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Identities [2008/07/05 02:13:07 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Leadertech [2008/02/16 16:11:54 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Macromedia [2011/09/09 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MAGIX [2012/06/05 16:01:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Malwarebytes [2006/11/02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Media Center Programs [2010/11/23 09:21:57 | 000,000,000 | --SD | M] -- C:\Users\Owner\AppData\Roaming\Microsoft [2010/12/15 17:50:53 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozilla [2008/03/15 19:54:48 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MSNInstaller [2009/06/10 09:48:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\muvee Technologies [2011/12/01 21:27:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Panda Security [2008/05/11 09:05:06 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PeerNetworking [2010/09/28 16:19:45 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\PureEdge [2012/06/06 11:54:46 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Skype [2012/02/22 21:23:44 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\skypePM [2009/04/01 20:27:42 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Template [2009/01/17 20:07:20 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\U3 [2012/05/31 17:08:24 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent [2012/06/06 10:10:34 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\vlc [2010/12/15 09:39:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yahoo! [2008/10/14 18:14:32 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Yahoo! Companion < %APPDATA%\*.exe /s > [2008/07/05 01:56:26 | 000,008,854 | R--- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{3AC275FB-658D-43DA-A04D-9B2E30E517B2}\NewShortcut15_4B691FC6F103435EA1F6339BD6C78617.exe [2006/12/07 11:45:12 | 000,110,592 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\U3\temp\cleanup.exe [2006/12/07 11:45:12 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Users\Owner\AppData\Roaming\U3\temp\Launchpad Removal.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008/01/19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007/10/23 09:53:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=313FF294978EA6AF715722D708FB249F -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20494_none_b858f78adaed51b3\AGP440.sys [2007/10/23 09:53:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f2490cb0\AGP440.sys [2007/10/23 09:53:29 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=CE71AFD6738AA025D742CDBCFBDC8B9C -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16399_none_b7d45c31c1cb309c\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006/11/02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009/04/11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008/01/19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006/11/02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008/02/23 13:23:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008/02/23 13:23:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008/02/23 13:23:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006/11/02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007/01/13 07:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008/01/19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006/11/02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006/11/02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009/04/11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008/01/19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006/11/02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008/01/19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008/01/19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006/11/02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009/04/11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007/10/23 08:11:16 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2007/10/23 08:11:17 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2008/01/19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006/11/02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009/04/11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008/01/19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006/11/02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008/01/19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006/11/02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009/04/11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006/11/02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008/01/19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006/11/02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008/01/19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008/01/19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Geändert von sil_booksi (08.06.2012 um 15:01 Uhr) |
| Themen zu Panda zeigt staendig Fehlermeldung : It is advisable to restart to keep your computer protectet |
| bingbar, bytes, compu, computer, dateisystem, fehlermeldung, firewall, gefunde, heuristiks/extra, heuristiks/shuriken, hijack, laptops, launch, malware, malware bytes, malwarebytes, nochmals, panda, plug-in, probleme, pup.mywebsearch, restart, rojaner gefunden, safer networking, scan, super, tagen, troja, trojaner, trojaner gefunden, versuch, versucht, windows internet |
Baum-Darstellung