I´d appreciate a help in evaluation of my PC and instructions in fixing it.
Log file of HijackThis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:10:44, on 27/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2010\WebProxy.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2010\ApVxdWin.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com...t/PCPitStop.CAB
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../PCPitStop2.cab
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
--
End of file - 3311 bytes
Thanks in advance.
Best Regards.
Karakal
The missing data:
OTL logfile created on: 27/01/2010 16:24:08 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Dr. Cesar\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 64,35 Gb Free Space | 82,36% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 208,82 Gb Free Space | 94,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CONSULTÓRIO
Current User Name: Dr. Cesar
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ==========
PRC - [2010/01/27 15:36:28 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Cesar\Desktop\OTL.exe
PRC - [2009/09/17 12:17:32 | 00,293,120 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe
PRC - [2009/09/07 16:40:04 | 00,198,400 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\AVENGINE.EXE
PRC - [2009/08/25 13:28:20 | 00,028,928 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\psksvc.exe
PRC - [2009/08/10 13:46:08 | 00,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsCtrlS.exe
PRC - [2009/08/10 13:45:52 | 00,169,216 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe
PRC - [2009/07/13 23:17:29 | 00,673,048 | ---- | M] (Microsoft Corporation) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
PRC - [2009/07/13 23:14:42 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 23:14:20 | 02,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/23 12:31:16 | 00,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\WebProxy.exe
PRC - [2009/04/17 10:17:24 | 00,157,440 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe
PRC - [2008/06/19 12:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe
PRC - [2008/02/04 17:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Arquivos de programas\Common Files\Panda Security\PavShld\PavPrSrv.exe
========== Modules (SafeList) ==========
MOD - [2010/01/27 15:36:28 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Cesar\Desktop\OTL.exe
MOD - [2009/07/13 23:16:15 | 00,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 23:16:13 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 23:16:13 | 00,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 23:16:12 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 23:16:03 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 23:15:35 | 00,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 23:15:13 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 23:15:11 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 23:15:07 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 23:15:02 | 00,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009/07/13 23:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (OPCDX)
SRV - [2009/09/17 12:17:32 | 00,293,120 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/08/25 13:28:20 | 00,028,928 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PskSvc.exe -- (PskSvcRetail)
SRV - [2009/08/10 13:46:08 | 00,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009/08/10 13:45:52 | 00,169,216 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2009/07/13 23:16:21 | 00,185,856 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 23:16:17 | 00,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 23:16:17 | 00,119,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 23:16:16 | 00,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 23:16:15 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 23:16:13 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 23:16:13 | 00,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 23:16:12 | 01,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 23:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 23:16:12 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 23:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 23:16:12 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 23:15:41 | 00,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Arquivos de programas\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 23:15:36 | 00,194,560 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 23:15:21 | 00,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 23:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 23:15:10 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 23:14:59 | 00,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 23:14:58 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalador do ActiveX (AxInstSV)
SRV - [2009/07/13 23:14:53 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 23:14:29 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009/06/26 09:26:20 | 00,085,504 | ---- | M] (PC Pitstop LLC) [Disabled | Stopped] -- C:\Arquivos de Programas\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)
SRV - [2009/04/17 10:17:24 | 00,157,440 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\TPSrv.exe -- (TPSrv)
SRV - [2008/07/02 14:09:36 | 00,060,160 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Arquivos de programas\Panda Security\Panda Antivirus Pro 2010\GWMsrv.dll -- (Gwmsrv)
SRV - [2008/06/19 12:59:50 | 00,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2010\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 17:26:48 | 00,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.br/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://br.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-br
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DC 79 16 90 21 8E CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2006/09/18 19:41:30 | 00,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de Programas\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2010\Inicio.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Arquivos de Programas\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcp.../PCPitStop2.cab (PCPitstop Exam)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Arquivos de Programas\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de Programas\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\Windows\System32\avldr.dll (Panda Security, S.L.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\Wallpaper\img24.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 19:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009/07/14 00:37:08 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
========== Files/Folders - Created Within 14 Days ==========
[2010/01/27 15:52:35 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/01/27 15:47:01 | 00,439,808 | ---- | C] (OldTimer Tools) -- C:\Users\Dr. Cesar\Desktop\TFC.exe
[2010/01/27 15:40:13 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Dr. Cesar\Desktop\OTL.exe
[2010/01/27 13:44:06 | 00,000,000 | ---D | C] -- C:\ProgramData\PCPitstop
[2010/01/27 13:44:05 | 00,000,000 | ---D | C] -- C:\Arquivos de Programas\PCPitstop
[2010/01/27 12:53:35 | 00,000,000 | ---D | C] -- C:\Arquivos de Programas\Sophos
[2010/01/26 15:12:46 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/01/26 15:09:25 | 00,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010/01/26 13:48:41 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/01/26 13:48:20 | 00,000,000 | ---D | C] -- C:\Users\Dr. Cesar\AppData\Roaming\SUPERAntiSpyware.com
[2010/01/24 14:55:28 | 00,000,000 | ---D | C] -- C:\Users\Dr. Cesar\AppData\Roaming\Uniblue
[2010/01/22 12:19:30 | 00,000,000 | ---D | C] -- C:\Users\Dr. Cesar\AppData\Local\Panda Security
[2010/01/22 12:18:38 | 00,054,832 | ---- | C] (Panda Software) -- C:\Windows\System32\pavcpl.cpl
[2010/01/22 12:18:33 | 00,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2010/01/22 12:18:32 | 00,518,400 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll
[2010/01/22 12:18:32 | 00,193,792 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll
[2010/01/22 12:18:32 | 00,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.DLL
[2010/01/22 12:18:32 | 00,087,296 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavLspHook.dll
[2010/01/22 12:18:32 | 00,055,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll
[2010/01/22 12:18:31 | 00,058,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\avldr.dll
[2010/01/22 12:18:30 | 00,049,160 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\amm8660.sys
[2010/01/22 12:18:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\PAV
[2010/01/22 12:18:30 | 00,000,000 | ---D | C] -- C:\Users\Dr. Cesar\AppData\Roaming\Panda Security
[2010/01/22 12:18:30 | 00,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010/01/22 12:18:30 | 00,000,000 | ---D | C] -- C:\Arquivos de Programas\Panda Security
[2010/01/22 12:10:26 | 00,028,552 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2010/01/22 12:10:02 | 00,163,336 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PavProc.sys
[2010/01/22 12:10:02 | 00,041,144 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\ShlDrv51.sys
[2010/01/22 12:10:02 | 00,000,000 | ---D | C] -- C:\Arquivos de Programas\Common Files\Panda Security
[2010/01/21 20:07:19 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/21 16:35:39 | 00,614,400 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExButton.dll
[2010/01/21 16:35:39 | 00,602,112 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExMenu.dll
[2010/01/21 16:35:39 | 00,516,096 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExTab.dll
[2010/01/21 16:35:39 | 00,307,200 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExPMenu.dll
[2010/01/21 16:35:37 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\System32\eSellerateEngine.dll
[2010/01/21 16:35:37 | 00,118,784 | ---- | C] (eSellerate Inc.) -- C:\Windows\System32\eWebControl.dll
[2010/01/20 17:00:03 | 01,753,088 | ---- | C] (Exontrol Inc.) -- C:\Windows\System32\ExGrid.dll
[2010/01/20 16:59:58 | 00,000,000 | ---D | C] -- C:\Arquivos de Programas\AnswersThatWork
[2010/01/19 15:04:52 | 00,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\7361858.sys
[2010/01/19 15:04:52 | 00,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\73618581.sys
[2010/01/19 15:04:52 | 00,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\73618582.sys
[2010/01/19 14:21:20 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/19 14:21:17 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/19 14:21:17 | 00,000,000 | ---D | C] -- C:\Arquivos de Programas\Malwarebytes' Anti-Malware
[2010/01/19 13:05:56 | 05,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Dr. Cesar\Documents\mbam-setup.exe
[2010/01/18 19:16:04 | 00,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\7812743.sys
[2010/01/18 19:16:04 | 00,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\78127431.sys
[2010/01/18 19:16:04 | 00,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\78127432.sys
[2010/01/18 18:40:54 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2010/01/17 19:06:35 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010/01/16 13:53:36 | 00,000,000 | ---D | C] -- C:\Users\Dr. Cesar\AppData\Roaming\Malwarebytes
[2010/01/16 13:53:27 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
========== Files - Modified Within 14 Days ==========
[2010/01/27 16:26:07 | 01,835,008 | -HS- | M] () -- C:\Users\Dr. Cesar\ntuser.dat
[2010/01/27 16:16:05 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 16:16:05 | 00,013,232 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/27 16:14:59 | 01,409,822 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/01/27 16:14:59 | 00,620,354 | ---- | M] () -- C:\Windows\System32\prfh0416.dat
[2010/01/27 16:14:59 | 00,574,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/01/27 16:14:59 | 00,117,788 | ---- | M] () -- C:\Windows\System32\prfc0416.dat
[2010/01/27 16:14:59 | 00,096,434 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/01/27 16:10:28 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/27 16:10:21 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/27 16:10:10 | 16,029,36832 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/27 16:06:03 | 15,796,9822 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/01/27 15:39:24 | 00,293,376 | ---- | M] () -- C:\Users\Dr. Cesar\Desktop\gmer.exe
[2010/01/27 15:36:28 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Cesar\Desktop\OTL.exe
[2010/01/27 15:28:22 | 00,439,808 | ---- | M] (OldTimer Tools) -- C:\Users\Dr. Cesar\Desktop\TFC.exe
[2010/01/27 13:44:06 | 00,001,980 | ---- | M] () -- C:\Users\Dr. Cesar\Desktop\PC Pitstop Driver Alert2.lnk
[2010/01/26 21:02:00 | 01,525,281 | -H-- | M] () -- C:\Users\Dr. Cesar\AppData\Local\IconCache.db
[2010/01/26 19:12:17 | 00,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2010/01/26 14:34:08 | 00,000,274 | ---- | M] () -- C:\Windows\Jelly.ini
[2010/01/24 21:36:42 | 00,000,218 | ---- | M] () -- C:\Users\Dr. Cesar\.recently-used.xbel
[2010/01/24 11:16:03 | 00,723,304 | ---- | M] () -- C:\Users\Dr. Cesar\Desktop\windows_vista_first_steps_1298.pdf
[2010/01/22 12:18:45 | 00,000,250 | ---- | M] () -- C:\Windows\System32\PavCPL.dat
[2010/01/20 21:33:29 | 00,524,288 | -HS- | M] () -- C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms
[2010/01/20 21:33:29 | 00,524,288 | -HS- | M] () -- C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms
[2010/01/20 21:33:29 | 00,065,536 | -HS- | M] () -- C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TM.blf
[2010/01/20 13:34:38 | 00,000,607 | ---- | M] () -- C:\Users\Dr. Cesar\Desktop\Windows Explorer.lnk
[2010/01/19 14:21:23 | 00,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/19 13:06:05 | 05,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Dr. Cesar\Documents\mbam-setup.exe
[2010/01/18 19:14:04 | 00,024,576 | ---- | M] () -- C:\Users\Dr. Cesar\Desktop\ESCALA VASCULAR jan 2010.doc
[2010/01/18 16:17:34 | 00,107,968 | ---- | M] () -- C:\Users\Dr. Cesar\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/01/13 20:03:22 | 00,408,600 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
========== Files Created - No Company Name ==========
[2010/01/27 15:52:30 | 15,796,9822 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/01/27 13:44:06 | 00,001,980 | ---- | C] () -- C:\Users\Dr. Cesar\Desktop\PC Pitstop Driver Alert2.lnk
[2010/01/24 21:36:42 | 00,000,218 | ---- | C] () -- C:\Users\Dr. Cesar\.recently-used.xbel
[2010/01/24 11:16:03 | 00,723,304 | ---- | C] () -- C:\Users\Dr. Cesar\Desktop\windows_vista_first_steps_1298.pdf
[2010/01/22 12:18:45 | 00,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2010/01/20 20:22:21 | 00,524,288 | -HS- | C] () -- C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000002.regtrans-ms
[2010/01/20 20:22:21 | 00,524,288 | -HS- | C] () -- C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TMContainer00000000000000000001.regtrans-ms
[2010/01/20 20:22:21 | 00,065,536 | -HS- | C] () -- C:\Users\Dr. Cesar\ntuser.dat{352b7e41-0612-11df-9da1-002185ff1f6b}.TM.blf
[2010/01/19 14:21:23 | 00,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/18 19:14:02 | 00,024,576 | ---- | C] () -- C:\Users\Dr. Cesar\Desktop\ESCALA VASCULAR jan 2010.doc
[2010/01/16 14:43:22 | 00,000,274 | ---- | C] () -- C:\Windows\Jelly.ini
[2009/12/03 18:55:53 | 00,003,584 | ---- | C] () -- C:\Users\Dr. Cesar\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/04 17:33:19 | 00,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2009/09/04 17:33:18 | 00,152,064 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/09/04 17:33:17 | 00,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/08/25 15:29:33 | 00,335,872 | ---- | C] () -- C:\Windows\System32\ldf252.dll
[2009/08/14 12:07:25 | 00,271,264 | ---- | C] () -- C:\Windows\System32\VBRUN100.DLL
[2009/07/13 21:51:43 | 00,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 21:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
========== LOP Check ==========
[2009/08/23 21:32:30 | 00,000,000 | ---D | M] -- C:\Users\Dr. Cesar\AppData\Roaming\Goodsol
[2010/01/24 21:25:57 | 00,000,000 | ---D | M] -- C:\Users\Dr. Cesar\AppData\Roaming\gtk-2.0
[2009/08/23 21:32:32 | 00,000,000 | ---D | M] -- C:\Users\Dr. Cesar\AppData\Roaming\JAM Software
[2010/01/22 12:18:30 | 00,000,000 | ---D | M] -- C:\Users\Dr. Cesar\AppData\Roaming\Panda Security
[2010/01/24 14:55:28 | 00,000,000 | ---D | M] -- C:\Users\Dr. Cesar\AppData\Roaming\Uniblue
[2009/12/01 13:54:16 | 00,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009/07/13 23:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/13 23:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/13 23:26:15 | 00,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/13 23:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 23:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/13 23:26:15 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/13 23:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/13 23:15:06 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2009/07/13 23:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009/07/13 23:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 23:20:36 | 00,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009/07/13 23:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009/07/13 23:16:02 | 00,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009/07/13 23:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009/07/13 23:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 23:20:44 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/13 23:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009/07/13 23:16:13 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< End of report >
OTL Extras logfile created on: 27/01/2010 16:24:08 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Users\Dr. Cesar\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000416 | Country: Brasil | Language: PTB | Date Format: dd/MM/yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 78,13 Gb Total Space | 64,35 Gb Free Space | 82,36% Space Free | Partition Type: NTFS
Drive D: | 219,96 Gb Total Space | 208,82 Gb Free Space | 94,93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: CONSULTÓRIO
Current User Name: Dr. Cesar
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{29D3773E-54F4-23C2-D523-236A4453B844}_is1" = FileAlyzer
"{590B11BB-7FF9-4D4F-A9E8-E8165BF88381}" = Panda Antivirus Pro 2010
"{90120000-0015-0816-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Portugal)) 2007
"{90120000-0016-0816-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
"{90120000-0018-0816-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
"{90120000-0019-0816-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
"{90120000-001A-0816-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
"{90120000-001B-0816-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Portugal)) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0816-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Portugal)) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0816-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Portugal)) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0816-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
"{90120000-006E-0816-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
"{90120000-00A1-0816-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
"{90120000-00BA-0816-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C270BC04-1540-4673-960F-A546B2C860CD}" = Commandos 3 - Destination Berlin
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2010
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"3DFiBs Backgammon_is1" = 3DFiBs version 3.0.63
"3DFiBs_is1" = 3DFiBs Backgammon 4.0.72
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner (remove only)
"Cygnus Hex Editor" = Cygnus Hex Editor 2.50
"ENTERPRISE" = Microsoft Office Enterprise 2007
"GNU Backgammon 0.15-stable_is1" = GNU Backgammon 0.15-stable (20061119 code)
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20091230 code)
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"Icon Sucker 2 Standard Edition" = Icon Sucker 2 Standard Edition
"JellyFish Light 3.5" = JellyFish Light 3.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"PC Pitstop Driver Alert2_is1" = PC Pitstop Driver Alert2 2.0.0.0
"PicaView" = PicaView
"Pretty Good Solitaire - Royal Card Set_is1" = Pretty Good Solitaire - Royal Card Set 1.0
"Pretty Good Solitaire - Traditional Card Set_is1" = Pretty Good Solitaire - Traditional Card Set 1.0
"Pretty Good Solitaire_is1" = Pretty Good Solitaire version 12.0.0
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"TreeSize Free_is1" = TreeSize Free V2.1
"WhatColor v3.0e" = WhatColor v3.0e
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-27 16:20:28
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\DRA4CB~1.CES\AppData\Local\Temp\pwryqpoc.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\DRIVERS\PavProc.sys ZwTerminateProcess [0x8FA8D4E8]
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83026AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83026104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830263F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 8300EFB4
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830261DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83026958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830266F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83026F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830271A8
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)
AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
Device \Driver\ACPI_HAL \Device\00000044 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- Threads - GMER 1.0.15 ----
Thread System [4:1676] 8FB8EF2E
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F704741-76B8-40BC-B900-FF24F0B017E1}@LeaseObtainedTime 1264616204
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F704741-76B8-40BC-B900-FF24F0B017E1}@T1 1264616214
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F704741-76B8-40BC-B900-FF24F0B017E1}@T2 1264616221
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7F704741-76B8-40BC-B900-FF24F0B017E1}@LeaseTerminatesTime 1264616224
---- EOF - GMER 1.0.15 ----
Edited by Karakal, 27 January 2010 - 03:23 PM.