Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PAVFIRES.EXE takes up 98-99% of computer usage

Started by Iron_Canuck , Jan 20 2007 12:35 PM

  • This topic is locked This topic is locked

#16
JSntgRvr
Posted 27 January 2007 - 12:55 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

Lets take a deeper look.

Download ComboFix from Here or Here. to your Desktop.

Reboot to Safe mode:

Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load. If done right a Windows Advanced Options menu will appear. Select the Safe Mode option and press Enter.

Perform the following actions in Safe Mode.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

Advertisements

#17
Iron_Canuck
Posted 27 January 2007 - 02:26 PM

Iron_Canuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey JSntgRvr,

Here's the logs you asked for.

"Windows" - 07-01-27 15:14:41 Service Pack 2
ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Windows\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\WINDOWS\APPATC~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


2007-01-27 15:13 615 --a--c--- C:\Combo.bat
2007-01-26 12:26 <DIR> d----c--- C:\avenger
2007-01-26 12:24 60,416 --a------ C:\WINDOWS\system32\drivers\r^dvbmrp.sys
2007-01-26 12:15 212 --a--c--- C:\delete.bat
2007-01-25 18:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-01-24 15:32 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\Application Data\Corel
2007-01-24 15:23 <DIR> d----c--- C:\!KillBox
2007-01-23 22:34 <DIR> d----c--- C:\fixwareout
2007-01-20 18:56 <DIR> d-------- C:\Program Files\HijackThis
2007-01-20 16:22 <DIR> d-------- C:\Program Files\EphPod
2007-01-19 23:19 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\Application Data\Lavasoft
2007-01-19 20:26 <DIR> d----c--- C:\DOCUME~1\ADMINI~1\Application Data\SUPERAntiSpyware.com
2007-01-18 23:47 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-01-18 23:47 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-18 23:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-18 23:47 <DIR> d-------- C:\DOCUME~1\Windows\Application Data\SUPERAntiSpyware.com
2007-01-18 21:59 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-18 21:59 <DIR> d-------- C:\Program Files\Grisoft
2007-01-18 16:30 <DIR> d-------- C:\DOCUME~1\Windows\Application Data\Uniblue
2007-01-10 15:27 <DIR> d----c--- C:\DOCUME~1\Steve\Application Data\Corel
2007-01-09 22:41 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-01-06 17:13 236 --a--c--- C:\Delme.bat
2007-01-03 12:42 <DIR> d----c--- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-26 12:25 -------- d-------- C:\DOCUME~1\Windows\Application Data\interitchfive
2007-01-25 22:40 -------- d-------- C:\Program Files\java
2007-01-25 16:27 -------- d-------- C:\Program Files\quicktime
2007-01-25 16:27 -------- d-------- C:\Program Files\apple software update
2007-01-19 21:23 -------- d-------- C:\DOCUME~1\Windows\Application Data\for user
2007-01-18 17:32 -------- d--h----- C:\Program Files\zero g registry
2007-01-18 17:32 -------- d-------- C:\Program Files\maple 10
2007-01-18 16:43 -------- d-------- C:\Program Files\msn gaming zone
2007-01-10 00:31 -------- d-------- C:\DOCUME~1\Windows\Application Data\adobeum
2007-01-03 14:15 -------- d-------- C:\DOCUME~1\Windows\Application Data\lavasoft
2007-01-03 14:10 -------- d-------- C:\Program Files\lavasoft
2006-12-26 11:10 -------- d-------- C:\Program Files\itunes
2006-12-26 11:10 -------- d-------- C:\Program Files\ipod
2006-12-20 10:37 -------- d-------- C:\Program Files\musicnotes
2006-12-12 13:00 -------- d---s---- C:\DOCUME~1\Windows\Application Data\microsoft
2006-12-07 00:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 21:04 841216 --a------ C:\WINDOWS\guinnesswin.scr
2006-12-06 21:04 65536 --a------ C:\WINDOWS\qt3wrap.dll
2006-12-06 21:04 335360 --a------ C:\WINDOWS\imw32d30.dll
2006-12-06 21:04 12288 --a------ C:\WINDOWS\impborl.dll
2006-12-04 18:58 -------- d-------- C:\Program Files\messenger plus! live
2006-11-08 00:06 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-27 13:21 606848 --a--c--- C:\WINDOWS\flashax.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"csrss"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvMcTray.dll,NvTaskbarInit"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"SCANINICIO"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\Inicio.exe\""
"APVXDWIN"="\"C:\\Program Files\\Panda Software\\Panda Antivirus Platinum\\APVXDWIN.EXE\" /s"
"QuickFinder Scheduler"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\""
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_10\\bin\\jusched.exe\""
"csrss"=""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.7.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\LimeWire 4.0.7.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire 4.0.7.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LIMEWI~1.7\\LimeWire.exe -startup"
"item"="LimeWire 4.0.7"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office\\OSA9.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CloneCDTray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\SlySoft\\CloneCD\\CloneCDTray.exe\" /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ezSP_Px"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{553858A7-4922-4e7e-B1C1-97140C1C16EF}"="IE Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
Usnsvc REG_MULTI_SZ usnsvc\0\0

*newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_IPOD_SERVICE


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-27 15:19:18
C:\ComboFix2.txt ... 07-01-27 15:13


Logfile of HijackThis v1.99.1
Scan saved at 3:26:17 PM, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: csrss.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: RaptisoftGameLoader - http://www.miniclip....tgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab28578.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...s/yinst0401.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab28578.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius....tiveXPlugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab53083.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://roxypalace.m...lay/FlashAX.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab28578.cab
O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (file missing)
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - C:\PROGRA~1\BT2Net\BT2PLU~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
  • 0

#18
JSntgRvr
Posted 27 January 2007 - 03:53 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

Please download the Suspicious File Packer from Here. Extract its contents to the desktop. Open the SFP folder on your desktop and run the SFP.EXE file.

Copy and Paste the following bold locations into the Suspicious File Packer window:

C:\WINDOWS\qt3wrap.dll
C:\WINDOWS\system32\drivers\r^dvbmrp.sys

Click on Continue to allow SFP to pack the file. This will generate a CAB archive on your desktop.

Click Here to upload the created CAB archive.
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "Suspicious File Packer"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to CAB archive that was been created on your desktop.
  • The cab file will be called requested-files(*).cab (the * stands for the date and hour).
    Then click the Send File button below.
  • Click Open.
  • Click Post.
Lets go deeper:

Click here to download WinPFind (Beta).
  • Right Click the Zip Folder and Select "Extract All"
  • Extract it somewhere you will remember like the Desktop
  • Dont do anything with it yet!
Reboot into Safe Mode

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
  • Double click WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete, restart the computer back in Normal Mode.
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next reply!

  • 0

#19
Iron_Canuck
Posted 27 January 2007 - 04:39 PM

Iron_Canuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hello JSntgRvr,

Just a quick question, with that "Suspicious File Packer" post on the forums, will you deal with the results or do I have to figure it out?

Anyways, here's the WinPFind log.

WinPFind logfile created on: 27/01/2007 5:32:43 PM
WinPFind - v2.0.0 Beta 1 Folder = C:\Documents and Settings\Windows\Desktop\WinPFind\

»»»»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»

Product Name: Microsoft Windows XP Service Pack 2 | Version: 5.1.2600
Internet Explorer Version: 7.0.5346.5

»»»»»»»»»»»»»»»»»»»» Memory/Drive Info »»»»»»»»»»»»»»»»»»»»»»»»»»

523808 Kb Total Physical Memory | 386792 Kb Available Physical Memory | 73.84% Memory free
1279276 Kb Paging File | 1210004 Kb Available in Paging File | 94.59% Paging File free
Paging file location: C:\pagefile.sys 768 1536

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 78140128 Kb Total Space | 16977920 Kb Free Space | 21.73% Space Free
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded

»»»»»»»»»»»»»»»»»»»» Running Processes (Non-Microsoft) »»»»»»»»

C:\Documents and Settings\Windows\Desktop\WinPFind\WinPFind.exe ()

»»»»»»»»»»»»»»»»»»»» Win32 Services (Non-Microsoft) »»»»»»»»»»»

(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Stopped]
= C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (Anti-Malware Development a.s.)

(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped]
= C:\WINDOWS\system32\dmadmin.exe (Microsoft Corp., Veritas Software)

(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

(iPod Service) iPod Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)

(NVSvc) NVIDIA Display Driver Service [Win32_Own | Auto | Stopped]
= C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)

(PACSPTISVR) PACSPTISVR [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (Sony Corporation)

(PAVFIRES) Panda Firewall Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PAVFIRES.EXE (Panda Software)

(PAVSRV) Panda anti-virus service [Win32_Own | Auto | Stopped]
= C:\Program Files\Panda Software\Panda Antivirus Platinum\Pavsrv51.exe (Panda Software)

(SoundMAX Agent Service (default)) SoundMAX Agent Service [Win32_Own | Auto | Stopped]
= C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

(SPTISRV) Sony SPTI Service [Win32_Own | On_Demand | Stopped]
= C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (Sony Corporation)

»»»»»»»»»»»»»»»»»»»» Registry Items (Non-Microsoft) »»»»»»»»»»»

>>>>> Run Keys and Auto-Start Folders <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
!AVG Anti-Spyware = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe (Anti-Malware Development a.s.)
APVXDWIN = C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE (Panda Software International)
csrss = (File not found)
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
NvCplDaemon = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation)
NvMediaCenter = C:\WINDOWS\system32\nvmctray.dll (NVIDIA Corporation)
nwiz = C:\WINDOWS\system32\nwiz.exe (NVIDIA Corporation)
QuickFinder Scheduler = C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE (Novell, Inc., c/o Corel Corporation Limited)
QuickTime Task = C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
SCANINICIO = C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe (Panda Software)
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe (Sun Microsystems, Inc.)
TkBellExe = C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
csrss = (File not found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]*


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
Installed = 1

< Common Startup Folder = C:\Documents and Settings\All Users\Start Menu\Programs\Startup >
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()

< User Startup Folder = C:\Documents and Settings\Windows\Start Menu\Programs\Startup >
C:\Documents and Settings\Windows\Start Menu\Programs\Startup\csrss.lnk
(File not found)

C:\Documents and Settings\Windows\Start Menu\Programs\Startup\desktop.ini ()

>>>>> MsConfig Disabled Items <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.0.7.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LimeWire 4.0.7.lnk (File not found)
backup = C:\WINDOWS\pss\LimeWire 4.0.7 (File not found)
location = Common Startup
command = C:\PROGRA~1\LimeWire\LIMEWI~1.7\LimeWire.exe (File not found)
item = LimeWire 4.0.7

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path = C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk ()
backup = C:\WINDOWS\pss\Microsoft Office.lnk (File not found)
location = Common Startup
item = Microsoft Office

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CloneCDTray]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = CloneCDTray
hkey = HKLM
command = C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (File not found)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ezShieldProtector for Px]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
hkey = HKLM
command = C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr]
key = SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item = MsnMsgr
hkey = HKCU
inimapping = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]
system.ini = 0
win.ini = 0
bootini = 0
services = 0
startup = 2

>>>>> Disabled Startup Folder Items <<<<<

>>>>> Items Started Through Miscellaneous Registry Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} = AVG Anti-Spyware 7.5 ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (Anti-Malware Development a.s.) )
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = ( HKLM = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) )


>>>>> Security Providers <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders]
C:\WINDOWS\system32\ZWebAuth.dll ()

>>>>> Winlogon Keys <<<<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
Control_RunDLL (File not found)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
DllName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)

>>>>> Policy Keys <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = 1
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 1073741857
{0DF44EAA-FF21-4412-828E-260A8728E7F1} = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
dontdisplaylastusername = 0
legalnoticecaption =
legalnoticetext =
shutdownwithoutlogon = 1
undockwithoutlogon = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]*

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
NoDriveTypeAutoRun = 145

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
DisableRegistryTools = 0

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer]*

>>>>> Desktop Components <<<<<

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
FriendlyName = My Current Home Page
Source = About:Home
SubscribedURL = About:Home

>>>>> HOSTS File (non 127.0.0.1 redirects) <<<<<

HOSTS file found at: C:\WINDOWS\System32\drivers\etc\Hosts (Size: 21 bytes | Modified Date: 23/01/2007 10:40:08 PM)

>>>>> Internet Explorer Settings <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
Default_Page_URL = http://www.microsoft...p...&ar=msnhome
Default_Search_URL = http://www.microsoft...amp;ar=iesearch
Local Page = %SystemRoot%\system32\blank.htm
Search Page = http://www.microsoft...amp;ar=iesearch
Start Page = about:blank

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
CustomizeSearch = http://ie.search.msn...st/srchcust.htm
SearchAssistant = http://ie.search.msn...st/srchasst.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
Local Page = C:\WINDOWS\system32\blank.htm
Search Page = http://www.microsoft...amp;ar=iesearch
Start Page = http://www.microsoft...p...&ar=msnhome

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search]


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
ProxyEnable = 0

>>>>> Browser Helper Objects <<<<<

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
- AcroIEHlprObj Class ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
- ( HKLM = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) )

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
- SSVHelper Class ( HKLM = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

>>>>> Bars, Toolbars and Extensions <<<<<

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}]
- Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN ( HKLM = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll (File not found) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (File not found) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\ToolBar\WebBrowser]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - MSN ( HKLM = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-ca\msntb.dll (File not found) )
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - &Yahoo! Toolbar ( HKLM = C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (File not found) )

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} = 8197 - Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )
{10E42047-DEB9-4535-A118-B3F6EC39B807} = 8202 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{1AE2F26C-8E23-4930-A68D-9E681A764001} = 8197 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{6224f700-cba3-4071-b251-47cb894244cd} = 8194 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{94148DB5-B42D-4915-95DA-2CBB4F7095BF} = 8200 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} = 8198 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{B863453A-26C3-4e1f-A54D-A2CD196348E9} = 8201 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{BF69DF00-4734-477F-8257-27CD04F88779} = 8203 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
{FB5F1910-F110-11d2-BB9E-00C04F795683} = 8193 - Reg Data - Key not found ( HKLM = Reg Data - Key not found (File not found) )
NextId = 8204

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}]
MenuText = Sun Java Console
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKLM C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll (Sun Microsystems, Inc.) )
ClsidExtension = {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC} - Java Plug-in 1.5.0_10 ( HKCU C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{94148DB5-B42D-4915-95DA-2CBB4F7095BF}]
ButtonText = UltimateBet
MenuText = UltimateBet
Exec = C:\Program Files\UltimateBet\UltimateBet.exe (UltimateBet)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}]
ButtonText = PartyPoker.com
MenuText = PartyPoker.com
Exec = C:\Program Files\PartyPoker\PartyPoker.exe (File not found)

>>>>> Approved Shell Extensions <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{73B24247-042E-4EF5-ADC2-42F62E6FD654} = ICQ Lite Shell Extension ( CLSID not found! )
{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} = PowerISO ( CLSID not found! )
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} = iTunes ( HKLM = C:\Program Files\iTunes\iTunesMiniPlayer.dll (Apple Computer, Inc.) )
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} = RealOne Player Context Menu Class ( HKLM = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.) )

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} = Web Folders ( HKLM = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL () )

>>>>> Context Menu Handlers / Column Handlers <<<<<

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Panda Antivirus]
@ = {65756541-C65C-11CD-0000-4B656E696100} ( HKLM = C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll (Panda Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\{CA8ACAFA-5FBB-467B-B348-90DD488DE003}]
- SASContextMenu Class ( HKLM = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL (SUPERAntiSpyware.com) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\AVG Anti-Spyware]
@ = {8934FCEF-F5B8-468f-951F-78A921CD3920} ( HKLM = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll (Anti-Malware Development a.s.) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\ICQLiteMenu]
@ = {73B24247-042E-4EF5-ADC2-42F62E6FD654} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\PowerISO]
@ = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu]
@ = {C0E10002-0028-0003-C0E1-C0E1C0E1C0E1} ( HKLM = C:\Program Files\Corel\WordPerfect Office 2002\Programs\PFSE100.DLL (Novell, Inc., c/o Corel Corporation Limited) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\00nView]
@ = {1E9B04FB-F9E5-4718-997B-B8DA88302A48} ( HKLM = C:\WINDOWS\system32\nvshell.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers\NvCplDesktopContext]
@ = {A70C977A-BF00-412C-90B7-034C51DA2439} ( HKLM = C:\WINDOWS\system32\nvcpl.dll (NVIDIA Corporation) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\Panda Antivirus]
@ = {65756541-C65C-11CD-0000-4B656E696100} ( HKLM = C:\Program Files\Panda Software\Panda Antivirus Platinum\pavOLE.dll (Panda Software) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\PowerISO]
@ = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\WinRAR]
@ = Reg Data - Value does not exist ( HKLM = Reg Data - Key not found (File not found) )

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}]
- PDF Shell Extension ( HKLM = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\pdfshell.dll (Adobe Systems, Inc.) )

>>>>> User Agent Post Platform <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

>>>>> TCP/IP Configuration <<<<<

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{590AC113-BAA5-4706-A406-96096EA1D495}]
DefaultGateway =
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{659486F5-49C3-417A-936A-C637EE928598}] ( SiS 900-Based PCI Fast Ethernet Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.2.1;
DhcpIPAddress = 192.168.2.173
DhcpNameServer = 192.168.2.1
DhcpServer = 192.168.2.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0747A0C-0B37-4F00-9B76-0A1D8A943FEE}] ( AOpen AON-325 10/100M Fast Ethernet PCI Adapter )
DefaultGateway =
DhcpDefaultGateway = 192.168.0.1;
DhcpIPAddress = 192.168.0.100
DhcpNameServer = 24.226.10.193 24.226.1.93 24.226.10.194 128.4.35.88 128.38.9.192 128.50.199.12 128.51.207.184
DhcpServer = 192.168.0.1
DhcpSubnetMask = 255.255.255.0
Domain =
EnableDHCP = 1
IPAddress = 0.0.0.0;
IPAutoconfigurationAddress = 0.0.0.0
NameServer =
SubnetMask = 0.0.0.0;

>>>>> WinSock2 Parameters <<<<<

>>>>> Protocol Handlers <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\bt2]
CLSID = {1730B77B-F429-498f-9B15-4514D83C8294} - ( HKLM C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (File not found) )

>>>>> Protocol Filters <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\application/x-bt2]
CLSID = {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - ( C:\PROGRA~1\BT2Net\BT2PLU~1.DLL (File not found) )

>>>>> Downloaded Program Files <<<<<

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\DownloadInformation]
CODEBASE = http://codecs.micros...i386/voxacm.CAB
INF = C:\WINDOWS\Downloaded Program Files\voxacm.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00B71CFB-6864-4346-A978-C0A14556272C}\DownloadInformation]
CODEBASE = http://messenger.zon...kr.cab31267.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\DownloadInformation]
CODEBASE = http://www.apple.com...ex/qtplugin.cab
INF = C:\WINDOWS\Downloaded Program Files\QTPlugin.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}\DownloadInformation]
CODEBASE = http://www.kaspersky...can_unicode.cab
INF = C:\WINDOWS\Downloaded Program Files\kavwebscan.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1239CC52-59EF-4DFA-8C61-90FFA846DF7E}\DownloadInformation]
CODEBASE = http://www.musicnote...ad/mnviewer.cab
INF = C:\WINDOWS\Downloaded Program Files\Mnviewer.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{14B87622-7E19-4EA8-93B3-97215F77A6BC}\DownloadInformation]
CODEBASE = http://messenger.zon...nt.cab31267.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation]
CODEBASE = http://download.macr...director/sw.cab
INF = C:\WINDOWS\Downloaded Program Files\erma.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{17492023-C23A-453E-A040-C7C580BBF700}\DownloadInformation]
CODEBASE = http://go.microsoft....k/?linkid=39204
INF = C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{233C1507-6A77-46A4-9443-F871F945D258}\DownloadInformation]
CODEBASE = http://fpdownload.ma...director/sw.cab
INF = C:\WINDOWS\Downloaded Program Files\erma.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2917297F-F02B-4B9D-81DF-494B6333150B}\DownloadInformation]
CODEBASE = http://messenger.zon...er.cab28578.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B323CD9-50E3-11D3-9466-00A0C9700498}\DownloadInformation]
CODEBASE = http://us.chat1.yimg...v45/yacscom.cab
INF = C:\WINDOWS\Downloaded Program Files\yacscom.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99F7-4BB4-88D8-FA1D4F56A2AB}\DownloadInformation]
CODEBASE = http://us.dl1.yimg.c...s/yinst0401.cab
INF = C:\WINDOWS\Downloaded Program Files\yinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{4F1E5B1A-2A80-42CA-8532-2D05CB959537}\DownloadInformation]
CODEBASE = http://spaces.msn.co...ad/MsnPUpld.cab
INF = C:\WINDOWS\Downloaded Program Files\MSNPupld.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{5D6F45B3-9043-443D-A792-115447494D24}\DownloadInformation]
CODEBASE = http://messenger.zon...1/GAME_UNO1.cab
INF = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.INF

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\DownloadInformation]
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab
INF = C:\WINDOWS\Downloaded Program Files\yacsui.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8E0D4DE5-3180-4024-A327-4DFAD1796A8D}\DownloadInformation]
CODEBASE = http://messenger.zon...nt.cab28578.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
CODEBASE = http://acs.pandasoft...free/asinst.cab
INF = C:\WINDOWS\Downloaded Program Files\asinst.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A8F2B9BD-A6A0-486A-9744-18920D898429}\DownloadInformation]
CODEBASE = http://www.sibelius....tiveXPlugin.cab
INF = C:\WINDOWS\Downloaded Program Files\setup.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B38870E4-7ECB-40DA-8C6A-595F0A5519FF}\DownloadInformation]
CODEBASE = http://messenger.msn...pDownloader.cab
INF = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{B8BE5E93-A60C-4D26-A2DC-220313175592}\DownloadInformation]
CODEBASE = http://messenger.zon...ro.cab53083.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation]
CODEBASE = http://java.sun.com/...indows-i586.cab
INF =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation]
CODEBASE = http://download.macr...ash/swflash.cab
INF = C:\WINDOWS\Downloaded Program Files\swflash.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D8089245-3211-40F6-819B-9E5E92CD61A2}\DownloadInformation]
CODEBASE = https://roxypalace.m...lay/FlashAX.cab
INF = C:\WINDOWS\Downloaded Program Files\FlashAX.inf

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{F6BF0D00-0B2A-4A75-BF7B-F385591623AF}\DownloadInformation]
CODEBASE = http://messenger.zon...wn.cab28578.cab

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\RaptisoftGameLoader\DownloadInformation]
CODEBASE = http://www.miniclip....tgameloader.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD28E7.OSD

»»»»»»»»»»»»»»»»»»»» Files Created Within 30 Days »»»»»»»»»»»»»

C:\Documents and Settings\Windows\Desktop\workin on\AC-DC_-_Discography.torrent [Ver = | Size = 110553 bytes | Created Date = 28/12/2006 2:27:52 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\AC-DC_-_Discography.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\AC_DC_[discography].torrent [Ver = | Size = 56088 bytes | Created Date = 28/12/2006 12:16:03 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\AC_DC_[discography].torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Alexisonfire-Crisis-(Advance)-2006-KzT.torrent [Ver = | Size = 13954 bytes | Created Date = 28/12/2006 12:08:12 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Alexisonfire-Crisis-(Advance)-2006-KzT.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\A_Perfect_Circle-Emotive-2004-FNT.torrent [Ver = | Size = 26432 bytes | Created Date = 28/12/2006 12:20:41 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\A_Perfect_Circle-Emotive-2004-FNT.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\A_Perfect_Circle_-_Mer_de_Noms.torrent [Ver = | Size = 4637 bytes | Created Date = 28/12/2006 12:19:38 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\A_Perfect_Circle_-_Mer_de_Noms.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A_Rush_Of_Blood_To_The_Head_(Darkside_RG).torrent [Ver = | Size = 27969 bytes | Created Date = 28/12/2006 2:40:42 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A_Rush_Of_Blood_To_The_Head_(Darkside_RG).torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Disturbed_-_4_Cd's___Rare_tracks.torrent [Ver = | Size = 46434 bytes | Created Date = 28/12/2006 1:06:03 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Disturbed_-_4_Cd's___Rare_tracks.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Korn_See_You_on_the_Other_Side.torrent [Ver = | Size = 32528 bytes | Created Date = 28/12/2006 2:58:10 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Korn_See_You_on_the_Other_Side.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\P.O.D._-_Discography.torrent [Ver = | Size = 41273 bytes | Created Date = 28/12/2006 2:52:09 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\P.O.D._-_Discography.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Queens_Of_The_Stone_Age-Lullabies_To_Paralyze.torrent [Ver = | Size = 18891 bytes | Created Date = 28/12/2006 1:46:19 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Queens_Of_The_Stone_Age-Lullabies_To_Paralyze.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Soundgarden_-_Discography.torrent [Ver = | Size = 13722 bytes | Created Date = 28/12/2006 1:10:33 PM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Soundgarden_-_Discography.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Tool_-_Aenima_(1996).torrent [Ver = | Size = 9403 bytes | Created Date = 28/12/2006 12:18:59 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Tool_-_Aenima_(1996).torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Tool_-_Opiate_EP.torrent [Ver = | Size = 4675 bytes | Created Date = 28/12/2006 12:17:11 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Tool_-_Opiate_EP.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Tool_-_Undertow.torrent [Ver = | Size = 8707 bytes | Created Date = 28/12/2006 12:17:33 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Tool_-_Undertow.torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Yes-Classic_Yes(Darkside_RG).torrent [Ver = | Size = 32851 bytes | Created Date = 28/12/2006 12:14:02 AM | Attr = ]
@Alternate Data Stream - C:\Documents and Settings\Windows\Desktop\workin on\Yes-Classic_Yes(Darkside_RG).torrent:Zone.Identifier (26 bytes)
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\01 - Politik.mp3 [Ver = | Size = 8206823 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\02 - In My Place.mp3 [Ver = | Size = 6210717 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\03 - God Put a Smile Upon Your Face.mp3 [Ver = | Size = 8260959 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\04 - The Scientist.mp3 [Ver = | Size = 8013980 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\05 - Clocks.mp3 [Ver = | Size = 8530576 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\06 - Daylight.mp3 [Ver = | Size = 8911046 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\07 - Green Eyes.mp3 [Ver = | Size = 5545587 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\08 - Warning Sign.mp3 [Ver = | Size = 8329810 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\09 - A Whisper.mp3 [Ver = | Size = 6246871 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\10 - A Rush of Blood to the Head.mp3 [Ver = | Size = 9575985 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\11 - Amsterdam.mp3 [Ver = | Size = 7874642 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\Coldplay-A Rush Of Blood To The Head.M3U [Ver = | Size = 263 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\workin on\Coldplay-A Rush Of Blood To The Head (Darkside_RG)\DSAdvert.gif [Ver = | Size = 9462 bytes | Created Date = 28/12/2006 2:40:54 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\01 - Yes - Heart Of The Sunrise.mp3 [Ver = | Size = 17006226 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\02 - Yes - Wonderous Stories.mp3 [Ver = | Size = 5387008 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\03 - Yes - Yours Is No Disgrace.mp3 [Ver = | Size = 15716945 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\04 - StarsYes - hip Trooper- a) Life Seeker b) Disillusion c) Wurm.mp3 [Ver = | Size = 15250616 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\05 - Yes - Long Distance Runaround.mp3 [Ver = | Size = 5482060 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\06 - Yes - The Fish (Schindleria Praematurus).mp3 [Ver = | Size = 4328625 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\07 - Yes - And You And I- a) Cord Of Life b) Eclipse c) The Preacher The Teacher d) The Apocalypse.mp3 [Ver = | Size = 15747839 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\08 - Yes - Roundabout.mp3 [Ver = | Size = 11211635 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\09 - I've Seen All Good People- a) Your Move b) All Good People.mp3 [Ver = | Size = 10736429 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\Classic Yes.m3u [Ver = | Size = 471 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Yes - Classic Yes\DSAdvert.gif [Ver = | Size = 9462 bytes | Created Date = 28/12/2006 12:22:17 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\01 - A Perfect Circle - The Hollowww - Mer De Noms.mp3 [Ver = | Size = 2866032 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\02 - A Perfect Circle - Magdalena - Mer De Noms.mp3 [Ver = | Size = 3939769 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\03 - A Perfect Circle - Rose - Mer De Noms.mp3 [Ver = | Size = 3298202 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\04 - A Perfect Circle - Judith - Mer De Noms.mp3 [Ver = | Size = 3958996 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\05 - A Perfect Circle - Orestes - Mer De Noms.mp3 [Ver = | Size = 4616445 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\06 - A Perfect Circle - 3 Libras - Mer De Noms.mp3 [Ver = | Size = 3517213 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\07 - A Perfect Circle - Sleeping Beauty - Mer De Noms.mp3 [Ver = | Size = 4015838 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\08 - A Perfect Circle - Thomas - Mer De Noms.mp3 [Ver = | Size = 3352955 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\09 - A Perfect Circle - Renholder - Mer De Noms.mp3 [Ver = | Size = 2314744 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\10 - A Perfect Circle - Thinking Of You - Mer De Noms.mp3 [Ver = | Size = 4396181 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\11 - A Perfect Circle - Brena - Mer De Noms.mp3 [Ver = | Size = 4234431 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\12 - A Perfect Circle - Over - Mer De Noms.mp3 [Ver = | Size = 2293846 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\A Perfect Circle\Mer De Noms\Sladinki007_rar.nfo [Ver = | Size = 2065 bytes | Created Date = 28/12/2006 12:21:37 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\00-alexisonfire-crisis-(advance)-2006-pic.jpg [Ver = | Size = 310219 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\00-alexisonfire-crisis-(advance)-2006.m3u [Ver = | Size = 409 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\00-alexisonfire-crisis-(advance)-2006.nfo [Ver = | Size = 1581 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\00-alexisonfire-crisis-(advance)-2006.sfv [Ver = | Size = 519 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\01-alexisonfire-drunks_lovers_sinners_and_saints.mp3 [Ver = | Size = 5111808 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\02-alexisonfire-this_could_be_anywhere_in_the_world.mp3 [Ver = | Size = 7701924 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\03-alexisonfire-mailbox_arson.mp3 [Ver = | Size = 6346207 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\04-alexisonfire-boiled_frogs.mp3 [Ver = | Size = 7046405 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\05-alexisonfire-we_are_the_sound.mp3 [Ver = | Size = 6934176 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\06-alexisonfire-you_burn_first.mp3 [Ver = | Size = 4806204 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\07-alexisonfire-we_are_the_end.mp3 [Ver = | Size = 6561299 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\08-alexisonfire-crisis.mp3 [Ver = | Size = 6422341 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\09-alexisonfire-keep_it_on_wax.mp3 [Ver = | Size = 7127245 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\10-alexisonfire-to_a_friend.mp3 [Ver = | Size = 5940162 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\11-alexisonfire-rough_hands.mp3 [Ver = | Size = 9532559 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Alexisonfire\Crisis\www.mp3nova.org.url [Ver = | Size = 122 bytes | Created Date = 28/12/2006 12:22:11 AM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 01 - Prayer.mp3 [Ver = | Size = 5245351 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 02 - Liberate.mp3 [Ver = | Size = 5034433 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 03 - Awaken.mp3 [Ver = | Size = 6454199 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 04 - Believe.mp3 [Ver = | Size = 6416014 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 05 - Remember.mp3 [Ver = | Size = 6025391 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 06 - Intoxication.mp3 [Ver = | Size = 4651951 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 07 - Rise.mp3 [Ver = | Size = 5682340 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 08 - Mistress.mp3 [Ver = | Size = 5435074 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 09 - Breathe.mp3 [Ver = | Size = 6263896 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 10 - Bound.mp3 [Ver = | Size = 5586564 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 11 - Devour.mp3 [Ver = | Size = 5574044 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 12 - Darkness.mp3 [Ver = | Size = 5673580 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 13 - Remember [Live][].mp3 [Ver = | Size = 6294540 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 14 - Bound [Live][].mp3 [Ver = | Size = 5545841 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 15 - Fear [Live][#][].mp3 [Ver = | Size = 5527063 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 16 - Conflict [Live][#][].mp3 [Ver = | Size = 6721475 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Believe - 2003\Disturbed - Believe - 17 - Droppin' Plates [Live][#][].mp3 [Ver = | Size = 5675436 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Disturbed Rares\02. David Draiman - Forsaken.mp3 [Ver = | Size = 5262914 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Disturbed Rares\07 - Disturbed - Stupify (Fu's Forbidden Little Nicky Remix).mp3 [Ver = | Size = 7391640 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Disturbed Rares\Disturbed - A Welcome Burden.mp3 [Ver = | Size = 5068942 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Disturbed Rares\Disturbed - Dehumanized (studio version).mp3 [Ver = | Size = 5084830 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Disturbed Rares\Disturbed - Fade to Black (Live Metallica Cover).mp3 [Ver = | Size = 6392955 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Disturbed Rares\Disturbed - Glass Shatters.mp3 [Ver = | Size = 5659315 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop\Songs\Complete CD's\Disturbed\Disturbed Rares\Disturbed - Monster.mp3 [Ver = | Size = 5850224 bytes | Created Date = 28/12/2006 1:07:19 PM | Attr = ]
C:\Documents and Settings\Windows\Desktop�
  • 0

#20
JSntgRvr
Posted 27 January 2007 - 06:50 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

Just a quick question, with that "Suspicious File Packer" post on the forums, will you deal with the results or do I have to figure it out?

I will be notified or someone will come-in from the Spykiller forum to let us know the outcome after reviewing these files.

The Winpfinf log is incomplete. I believe is due to the size of the document. Create a new folder. Label that folder Winpfind. Save the Winpfind report in the newly created folder. Right click on the newkly created folder and select Send to -> Compressed Folder. That will create a .zip folder. Attach the .zip folder to a reply.
  • 0

#21
Iron_Canuck
Posted 27 January 2007 - 06:54 PM

Iron_Canuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Heres the zipped file thingy.

Attached Files


  • 0

#22
JSntgRvr
Posted 27 January 2007 - 07:20 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

That log looks clear. I'd like to see the list of active services.

Create a Startup List
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"

    List also minor sections (full)
    List empty sections (complete)

  • Click on the button "Generate StartupList log"
  • Save the log will you will remember
  • Copy and past the StartupList from the notepad into your next post
If the log is too long, do the same you did with Winpfind and attach the .zip folder.
  • 0

#23
Iron_Canuck
Posted 27 January 2007 - 11:37 PM

Iron_Canuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey JSntgRvr,

Here's what you asked for.

StartupList report, 28/01/2007, 12:35:35 AM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.5346.0005)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Panda Software\Panda Antivirus Platinum\pavProxy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Windows\Start Menu\Programs\Startup]
csrss.lnk = ?

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
NeroCheck = C:\WINDOWS\System32\\NeroCheck.exe
SCANINICIO = "C:\Program Files\Panda Software\Panda Antivirus Platinum\Inicio.exe"
APVXDWIN = "C:\Program Files\Panda Software\Panda Antivirus Platinum\APVXDWIN.EXE" /s
QuickFinder Scheduler = "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
csrss =
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
!AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

csrss =

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mswmp.inf,PerUserStub

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[RaptisoftGameLoader]
CODEBASE = http://www.miniclip....tgameloader.cab
OSD = C:\WINDOWS\Downloaded Program Files\OSD28E7.OSD

[{00000075-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...i386/voxacm.CAB

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab31267.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com...ex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Musicnotes Viewer]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\mnviewer.dll
CODEBASE = http://www.musicnote...ad/mnviewer.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll
CODEBASE = http://messenger.zon...nt.cab31267.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://fpdownload.ma...director/sw.cab

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab28578.cab

[Yahoo! Audio Conferencing]
InProcServer32 = C:\WINDOWS\DOWNLO~1\yacscom.dll
CODEBASE = http://us.chat1.yimg...v45/yacscom.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.c...s/yinst0401.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.co...ad/MsnPUpld.cab

[UnoCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll
CODEBASE = http://messenger.zon...1/GAME_UNO1.cab

[Yahoo! Audio UI1]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yacsui.dll
CODEBASE = http://chat.yahoo.com/cab/yacsui.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab28578.cab

[ActiveScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll
CODEBASE = http://acs.pandasoft...free/asinst.cab

[ScorchPlugin Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NPSibelius.dll
CODEBASE = http://www.sibelius....tiveXPlugin.cab

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[ZoneIntro Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
CODEBASE = http://messenger.zon...ro.cab53083.cab

[Java Plug-in 1.3.1_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_05]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_06]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_10]
InProcServer32 = C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[FlashXControl Object]
InProcServer32 = C:\WINDOWS\system32\FlashAX\FlashAX.ocx
CODEBASE = https://roxypalace.m...lay/FlashAX.cab

[Solitaire Showdown Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\solitaireshowdown.dll
CODEBASE = http://messenger.zon...wn.cab28578.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

9ba67307-483a-4779-a732-88928a7c6f9e: \??\D:\Player\cds300.dll (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AOpen AON-325 10/100M Fast Ethernet PCI Adapter Driver: System32\DRIVERS\AON325.SYS (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Dual-Mode DSC(2770): System32\Drivers\SQcaptur.sys (manual start)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEARAspiWDM: System32\Drivers\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
VGA USB Camera: System32\Drivers\ov519vid.sys (manual start)
PACSPTISVR: C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
Panda anti-virus driver: \SystemRoot\System32\Drivers\pavdrv51.sys (autostart)
Panda Firewall Service: C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe (autostart)
Panda anti-virus service: C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe (autostart)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start)
SAMFILT: SYSTEM32\drivers\samfilt.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SASDIFSV: \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (system)
SASENUM: \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (manual start)
SASKUTIL: \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (system)
SbcpHid: \??\C:\WINDOWS\system32\Drivers\SbcpHid.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
sdcplh: System32\drivers\sdcplh.sys (system)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: System32\DRIVERS\sisagp.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
SoundMAX Agent Service: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (autostart)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
Sony SPTI Service: C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe (manual start)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Still Serial Digital Camera Driver: System32\DRIVERS\serscan.sys (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{D9BE71B5-C61B-4F6E-AC73-9FB69CF05B3D} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Teefer for NT: SYSTEM32\Drivers\Teefer.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Tun Miniport Adapter Driver: System32\DRIVERS\tunmp.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Messenger Sharing USN Journal Reader service: C:\WINDOWS\system32\svchost.exe -k usnsvc (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SyGate for NT, wg3n: \SystemRoot\SYSTEM32\Drivers\wg3n.sys (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
wpsdrvnt: \??\C:\WINDOWS\System32\drivers\wpsdrvnt.sys (system)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: C:\DOCUME~1\Windows\LOCALS~1\Temp\drmtemp00D0DCA0.htm||C:\DOCUME~1\Windows\LOCALS~1\Temp\drmtemp00D0E163.htm


--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 38,523 bytes
Report generated in 0.531 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0

#24
JSntgRvr
Posted 28 January 2007 - 10:09 AM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

You have entries for three firewalls, Sygate, Panda, and Windows Firewall. As Antivirus Programs, You cannot have more than one firewall active. I will remove the Sygate entries, as it seems they are remnants of a removal.

In addition, I have been informed by the Spykiller forum that the Suspicios Files Packer was empty.

Set Explorer to view Hidden Files and Folders:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Show all Files and Folders
  • Select Apply to All Folders | Yes | Apply | OK.
Please go here:
The Spy Killer Forum
  • Click on "New Topic"
  • Put your name, e-mail address, and this as the title: "qt3wrap.dll & r^dvbmrp.sys"
  • Put a link to this thread in the description box.
  • Then next to the file box, at the bottom, click the browse button, then navigate to this file:
    • C:\WINDOWS\qt3wrap.dll
  • Click Open.
  • Press the more attachments button .
  • click the browse button, then navigate to this file:
    • C:\WINDOWS\system32\drivers\r^dvbmrp.sys
  • When all the files are listed in the window Click Post.
Set Explorer to Defaults:
  • Right-click your Start button and go to "Explore".
  • Select Tools from the menu
  • Select Folder Options
  • Select the View tab
  • Click on Restore Defaults
  • Select Apply to All Folders | Yes | Apply | OK.
Please create a Restore point:
  • Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
  • In the System Restore dialog box, click Create a restore point, and then click Next.
  • Type a description for your restore point, such as "Before VirusScan", then click Create.
The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.

Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot preform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Download the enclosed file:
Save and extract its contents to the desktop. It is a folder containing a Registry Entries file, Regfix.reg . Once extracted, open the folder and double click on the Regfix.reg file and select Yes when prompted to merge it into the registry.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Search and delete the following files if present. (This will send the files to the Recycle bin) Do not empty the recycle bin yet.

TEEFER.VXD
WG3N.VXD
WG4N.VXD
WG5N.VXD
WG6N.VXD
WPSDRV9X.VXD
SetAid.dll
FwsVpn.dll
SSSensor.dll

Turn OFF Windows Firewall:

1. Click on Start and then Control Panel.
2. You will have one of two control panels. Click on the Security Center icon.
3. Click on the Windows Firewall icon beneath the status updates.
4. Click Off (not recommended) and then click OK.
* NOTE: To turn it back on at a later date, go through these same steps except click On (recommended). When turning the Firewall back on, you can stop at this step, there is no need to continue.
5. After turning off the Windows Firewall, you will get the following error. This error will continue to pop up in the system tray until you tell Windows that you realize the Firewall is turned off. To do this, continue to Step 6.
6. Click on the balloon, or on the red shield in the system tray, and you will get the screen below. Click on the Recommendations... button.
7. Place a check in the "I have a firewall solution that I'll monitor myself" box. This will stop Windows from popping up alerts that you are at risk. Click OK.
8. After you click OK, you will get the following screen. This screen is saying that Windows will not monitor your firewall settings. Just close the window, and you are done.

Restart the computer and check the Task Manager

Keep me posted.
  • 0

#25
Iron_Canuck
Posted 28 January 2007 - 01:26 PM

Iron_Canuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey JSntgRvr,

Ummm..... couple of things.

First, of all the files you asked me to delete, I was only able to find and delete SSSensor.dll . This file was located in C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall. Aftr i deleted it, I disabled the Windows Firewall. I then restarted my computer. As a good note, the Computer Usage HAS gone down, and it sits around 5-20%. :whistling:

But, I noticed something strange. PAVFIRES.EXE is now not in the process list. My Panda firewall is also acting strange. If you are familiar with Panda Antivirus, the icon sits in the System Tray. When you right click, it shows either Configure Permanent Protection or Launch Panda Antivirus Platinum. When I click Configure, the Firewall icon shows disabled. If I enable it, close it, and open the configuration again, the Firewall is once again disabled. If I launch Panda Antivirus, it does show that the Firewall is enabled, but if I then click to configure settings, it says the Firewall is disabled. I decided to restore SSSensor.dll, to see if it would go back to normal, but, it didn't.

Also, when I click to configure settings for the firewall, and I click on the list of programs which can access the network, there is now no programs in the list(there was previously), and I am unable to add any programs to this list.

Now I don't know what to do. PAVFIRES.EXE is gone, which is why I am guessing that Panda's Firewall is not working anymore. Any ideas? Should I re-delete SSSensor.dll? Should I reinstall Panda Antivirus Platinum?

**I've put Windows Firewall back on to be safe****
Thanks, Iron Canuck

Edited by Iron_Canuck, 28 January 2007 - 01:56 PM.

  • 0

Advertisements

#26
JSntgRvr
Posted 28 January 2007 - 04:50 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

Go to Start -> Run, type Services.msc and click Ok. Scroll down to the following services and right click on them, one at a time. Select Properties. Make sure these services are Started, and that from the Startup Type drop down Menu, Automatic is selected.

Panda anti-virus driver
Panda Firewall Service
Panda anti-virus service

Disable Windows System Restore (follow the steps above) and restart the computer.

Keep me posted.
  • 0

#27
Iron_Canuck
Posted 28 January 2007 - 05:46 PM

Iron_Canuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey JSntgRvr,

The good news is that PAVFIRES.EXE is up and running again, and the firewall is back online.

The bad news is that the computer usage is once again at 100%, and PAVFIRES.EXE is once again using 98-99% of the usage.

Also, about that SSSensor.dll, should i I delete it or keep it, thanks.

Iron Canuck

Edited by Iron_Canuck, 28 January 2007 - 06:38 PM.

  • 0

#28
JSntgRvr
Posted 28 January 2007 - 07:20 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

Leave the SSSSensor.dll (Screen Saver Sensor). Seems that beides Sygate, Panda also use that file.
  • Open HijackThis, click Config, click Misc Tools
  • Click "Open Uninstall Manager"
  • Click "Save List" (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.

  • 0

#29
Iron_Canuck
Posted 28 January 2007 - 08:13 PM

Iron_Canuck

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Hey JSntgRvr,

Here's teh uninstall list.

Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 7.0
Adobe Shockwave Player
Age of Mythology Gold
Apple Software Update
ArcSoft PhotoImpression
ArcSoft VideoImpression 1.6
AVG Anti-Spyware 7.5
BitComet 0.70
DivX Codec
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
EphPod
ERUNT 1.1j
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Internet Explorer 7 Beta 2
iTunes
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java 2 Runtime Environment, SE v1.4.2_04
Kaspersky Online Scanner
LimeWire 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)
Macromedia Flash Player 8
Messenger Plus! Live
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Microsoft Windows Journal Viewer
MSN Music Assistant
MSN Toolbar
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Musicnotes Player V1.22.3
Nero - Burning Rom
NVIDIA Display Driver
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
Orcad Family Release 9.2 Lite Edition
Panda ActiveScan
Panda Antivirus Platinum
QuickTime
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB926255)
SmartDraw Viewer
SoundMAX
Spybot - Search & Destroy 1.4
SSH Secure Shell
SUPERAntiSpyware Free Edition
System Process
UltimateBet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VGA USB Camera
WinAce Archiver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 2002 OEM
XviD 1.1 final uninstall
  • 0

#30
JSntgRvr
Posted 28 January 2007 - 08:31 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Hi, Iron_Canuck :whistling:

If you turn Off Panda Firewall and activate Windows Firewall, would the CPU usage goes down to normal?

Remove the following enries from your Add/Remove programs option in the control panel:

LiveReg (Symantec Corporation)
LiveUpdate 1.80 (Symantec Corporation)

Upgrade your Java. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Ugrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP