Software Installed Itself -- Malware?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

panamahat

Thread Starter
Joined
Apr 30, 2005
Messages
344
Hi:

Not sure if this is the right forum so please redirect me if necessary.

A program just popped on my system. Actually, it's been there since January 5; I just didn't see it until today.

The name of the program is Easel and from what I could find on the web and judging by its name, it seems to be a graphics program.

The fact that it stealth installed itself on my computer makes me want to get rid of it immediately but it's not listed in my programs. I'm reluctant to open it in case it is malware.

Any suggestions?

Thanks,
Jane

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft® Windows Vista™ Home Premium, Service Pack 2, 32 bit
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz, x64 Family 6 Model 15 Stepping 13
Processor Count: 2
RAM: 3061 Mb
Graphics Card: Mobile Intel(R) 965 Express Chipset Family, 448 Mb
Hard Drives: C: Total - 269748 MB, Free - 170904 MB; D: Total - 204551 MB, Free - 194247 MB;
Motherboard: Dell Inc.,
Antivirus: Panda Cloud Antivirus, Updated and Enabled
 

panamahat

Thread Starter
Joined
Apr 30, 2005
Messages
344
Hi Lunarlander.

I tried Revo and saw the list of programs it found. The list didn't include Easel. Unfortunately, there is also no more free version of Revo. I remember using it in the past.

Jane
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Is that all there is to the name of the program?

You said it popped up? Exacty what happened for you to notice it?
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Could it be Eazel?

Please download DDS by sUBs to your desktop from the following location:

http://download.bleepingcomputer.com/sUBs/dds.scr

Double-click the dds.scr file to run the program.

It will automatically run in silent mode and then you will see the following note:

"Two logs shall be created n your Desktop".

The logs will be named dds.txt and attach.txt.

Wait until the logs appear and then copy and paste their contents in your post.
 

panamahat

Thread Starter
Joined
Apr 30, 2005
Messages
344
Hi again,

When trying to install Revo, it defaults to a 30-day trial for the pro-version. After I've downlloaded it and can see the programs listed, a popup informs me I have to purchase the program. Not even any reference to the 30-day trial. Maybe I'm looking in the wrong place on the Revo site for the free version but darned if I can find it.

As to what I was doing when I first saw Easel, I was trying to figure out what to do about my Eset Nod32, which has stopped working.

The program's complete name is Easel3.2.1.

Here are the 2 files.

Many thanks
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 4/5/2012 1:52:25 PM
System Uptime: 1/13/2013 5:05:24 PM (0 hours ago)
.
Motherboard: Dell Inc. | |
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | Microprocessor | 1667/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 263 GiB total, 166.749 GiB free.
D: is FIXED (NTFS) - 200 GiB total, 189.695 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Acronis True Image WD*Edition
Ad-Aware Browsing Protection
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe PhotoDeluxe 2.0
Adobe Reader X (10.1.5)
Adobe Type Manager 4.0
Amazon Kindle
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Applian Director
Banshee Screamer Alarm 2.55
Bonjour
Bridge From Special K
Broadcom 440x 10/100 Integrated Controller
Brother MFL-Pro Suite MFC-295CN
CamStudio OSS Desktop Recorder
CCleaner
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell Resource CD
ESET NOD32 Antivirus
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet 6500 E710n-z Basic Device Software
HPDiagnosticCoreDll
iLivid
Intel(R) Graphics Media Accelerator Driver
iTunes
Java Auto Updater
Java(TM) 6 Update 31
Kindle Previewer
Laptop Integrated Webcam Driver (1.04.01.1011)
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Media Content
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MozBackup 1.5.1
Mozilla Firefox 18.0 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 17.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NOOK for PC
Panda Cloud Antivirus
Panda Security Toolbar
PaperPort Image Printer
PS3 Media Server
QuickTime
Replay AV 8
Replay Converter 4
Replay Player
Revo Uninstaller Pro 2.5.9
ScanSoft PaperPort 11
SCRABBLE (remove only)
SCRABBLE PLUS
Scrabble v2.0
Scrivener Update
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Skype Click to Call
Skype™ 6.0
Spybot - Search & Destroy
TouchFreeze
TuneUp Utilities 2011
TuneUp Utilities Language Pack (en-US)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
WinPcap 4.0.2
YouSendIt Express
.
==== End Of File ===========================
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Jane at 17:22:04 on 2013-01-13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3061.1609 [GMT -5:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TouchFreeze\TouchFreeze.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\mcbuilder.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dogpile.com/
uWindow Title = Internet Explorer, optimized for Bing and MSN
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Panda Security Toolbar: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - c:\program files\pandasecuritytb\pandasecurityDx.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [TouchFreeze] c:\program files\touchfreeze\TouchFreeze.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [Panda Security URL Filtering] "c:\programdata\panda security url filtering\Panda_URL_Filtering.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 200.75.200.3 200.75.200.2
TCP: Interfaces\{8161EA18-F663-45E0-A936-58138F5B1098} : DHCPNameServer = 200.75.200.3 200.75.200.2
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jane\appdata\roaming\mozilla\firefox\profiles\jyicuv3v.default\
FF - prefs.js: browser.search.selectedEngine - Dogpile
FF - prefs.js: browser.startup.homepage - hxxp://www.dogpile.com/
FF - prefs.js: keyword.URL - hxxp://www.dogpile.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: 2012-11-21 23:42; [email protected]; c:\users\jane\appdata\roaming\mozilla\firefox\profiles\jyicuv3v.default\extensions\[email protected]
FF - ExtSQL: 2012-12-08 00:03; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-01-13 12:23; {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}; c:\users\jane\appdata\roaming\mozilla\firefox\profiles\jyicuv3v.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
.
============= SERVICES / DRIVERS ===============
.
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2012-11-7 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2012-12-5 83392]
R1 ATMhelpr;ATMhelpr;c:\windows\system32\drivers\ATMHELPR.SYS [2012-4-6 4064]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-15 36000]
R1 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2012-3-14 169080]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-11-9 119208]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-11-9 139176]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-11-9 163112]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-11-9 133544]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-11-9 125480]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-11-9 370216]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-11-9 191528]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-11-9 128040]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-11-9 276520]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-11-9 133928]
R1 PSINKNC;PSINKnc;c:\windows\system32\drivers\PSINKNC.sys [2012-11-9 174632]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2012-4-14 221784]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [2012-4-14 78936]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2012-4-9 73728]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-15 83392]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2012-3-14 103112]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2012-4-9 21504]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-11-12 140064]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-11-9 149544]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-11-9 104488]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-11-9 114216]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-11-9 123944]
R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-11-14 36640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-4-6 1153368]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-7-7 10064]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\drivers\NNSNAHSL.sys [2012-10-22 29224]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-4-15 86224]
S2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-4-15 110032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2013-1-13 27192]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-4-14 69208]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-4-14 94040]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 NNSPIHSW;NNSPihsw;c:\windows\system32\drivers\NNSPihsw.sys [2012-11-9 74792]
.
=============== Created Last 30 ================
.
2013-01-13 22:07:16 46672 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-01-13 19:49:54 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2013-01-13 19:49:51 -------- d-----w- c:\program files\VS Revo Group
2013-01-13 17:23:47 -------- d-----w- c:\programdata\blekko toolbars
2013-01-13 17:23:42 -------- d-----w- c:\users\jane\appdata\local\panda4_0dn
2013-01-13 17:23:37 -------- d-----w- c:\programdata\Panda Security URL Filtering
2013-01-13 17:23:31 -------- d-----w- c:\program files\Toolbar Cleaner
2013-01-13 17:23:24 -------- d-----w- c:\users\jane\appdata\roaming\Panda Security
2013-01-13 17:22:33 -------- d-----w- c:\program files\pandasecuritytb
2013-01-13 17:20:34 -------- d-----w- c:\programdata\Panda Security
2013-01-13 17:20:34 -------- d-----w- c:\program files\Panda Security
2013-01-11 15:46:09 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fc3bdf40-f2d7-408d-a353-e6d8884452d3}\mpengine.dll
2013-01-10 17:56:21 -------- d-----w- c:\program files\ESET
2013-01-08 20:49:03 -------- d-----w- c:\users\jane\appdata\local\iLivid
2013-01-08 20:01:33 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 20:00:33 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-08 20:00:30 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-07 23:09:18 -------- d-----w- c:\program files\SigmaTel
2013-01-07 16:58:17 -------- d-----w- c:\program files\Creative Live! Cam
2013-01-07 16:56:36 -------- d-----w- c:\program files\Creative
2012-12-28 02:41:52 580712 ------w- c:\windows\system32\HPDiscoPM5412.dll
2012-12-28 02:36:50 -------- d-----w- c:\program files\HP
2012-12-28 02:13:15 -------- d-----w- c:\users\jane\appdata\local\HP
2012-12-22 16:43:27 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 16:43:27 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-18 14:28:14 186584 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2012-12-17 15:55:31 -------- d-----w- c:\program files\iPod
2012-12-17 15:55:28 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-17 15:55:27 -------- d-----w- c:\program files\iTunes
2012-12-17 01:33:20 -------- d-----w- c:\program files\wp-e-commerce
.
==================== Find3M ====================
.
2013-01-09 00:17:47 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-09 00:17:47 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 21:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-05 17:34:58 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-12-05 17:34:40 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2012-12-05 17:34:34 169088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-11-25 19:24:43 19447048 ----a-w- c:\program files\PDFXVwer.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-10 00:00:49 123944 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2012-11-10 00:00:10 174632 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2012-11-10 00:00:10 114216 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2012-11-10 00:00:10 104488 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2012-11-10 00:00:09 149544 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2012-11-09 16:23:58 276520 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2012-11-09 16:23:58 133928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2012-11-09 16:23:57 370216 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2012-11-09 16:23:57 191528 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2012-11-09 16:23:57 128040 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2012-11-09 16:23:56 74792 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys
2012-11-09 16:23:56 125480 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2012-11-09 16:23:55 163112 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2012-11-09 16:23:55 139176 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2012-11-09 16:23:55 133544 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2012-11-09 16:23:54 119208 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2012-11-07 21:33:42 125472 ----a-w- c:\windows\system32\drivers\vididr.sys
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-10-25 08:12:26 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-10-25 08:12:26 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-10-22 17:08:35 29224 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys
2012-04-10 21:55:18 2071600 ----a-w- c:\program files\TDSSKiller.exe
.
============= FINISH: 17:23:30.92 ===============
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Please download AdwCleaner from here to your desktop

Run AdwCleaner and select "Search" (do not select "Delete" at this time)

Once the scan is finished it will ask to reboot so please allow this.

After the reboot a log will be produced. Please copy and paste the log into your next reply.
 

panamahat

Thread Starter
Joined
Apr 30, 2005
Messages
344
Here it is. Thanks, Jane

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 19:43:43
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Jane - JANE-PC
# Boot Mode : Normal
# Running from : C:\Users\Jane\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Found : C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Found : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\searchplugins\MyStart Search.xml
File Found : C:\Users\Jane\Desktop\iLivid.lnk
File Found : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Folder Found : C:\Program Files\Iminent
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Iminent
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Jane\AppData\Local\Ilivid
Folder Found : C:\Users\Jane\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Jane\AppData\Roaming\Iminent

***** [Registry] *****

Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1708 octets] - [13/01/2013 19:43:43]

########## EOF - C:\AdwCleaner[R1].txt - [1768 octets] ##########
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Please run it again but this time select the "delete" option and then post the new log.
 

panamahat

Thread Starter
Joined
Apr 30, 2005
Messages
344
Here it is:

# AdwCleaner v2.105 - Logfile created 01/13/2013 at 20:49:29
# Updated 08/01/2013 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Jane - JANE-PC
# Boot Mode : Normal
# Running from : C:\Users\Jane\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml
File Deleted : C:\Users\Jane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
File Deleted : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\Jane\Desktop\iLivid.lnk
File Deleted : C:\Users\Public\Desktop\Get The Best Facebook Chat Messenger.lnk
Folder Deleted : C:\Program Files\Iminent
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Iminent
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Jane\AppData\Local\Ilivid
Folder Deleted : C:\Users\Jane\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Jane\AppData\Roaming\Iminent

***** [Registry] *****

Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0 (en-US)

File : C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1837 octets] - [13/01/2013 19:43:43]
AdwCleaner[S1].txt - [1802 octets] - [13/01/2013 20:49:29]

########## EOF - C:\AdwCleaner[S1].txt - [1862 octets] ##########
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
Please download OTL to your Desktop.
  • Double-click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under Custom Scans/Fixes type in Netsvcs
  • Click the Run Scan button. Do not change any other settings unless otherwise instructed. The scan won't take long.
  • When the scan completes, it will open two Notepad windows called OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy and paste the contents of both of these files here in your next reply.
 

panamahat

Thread Starter
Joined
Apr 30, 2005
Messages
344
And here's this one.

OTL logfile created on: 1/13/2013 9:57:18 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jane\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.84% Memory free
6.18 Gb Paging File | 5.01 Gb Available in Paging File | 81.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 263.43 Gb Total Space | 166.76 Gb Free Space | 63.31% Space Free | Partition Type: NTFS
Drive D: | 199.76 Gb Total Space | 189.70 Gb Free Space | 94.96% Space Free | Partition Type: NTFS

Computer Name: JANE-PC | User Name: Jane | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/13 21:54:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jane\Downloads\OTL(1).exe
PRC - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
PRC - [2012/11/14 22:04:15 | 000,032,032 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
PRC - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2012/10/15 07:52:20 | 000,221,832 | ---- | M] (Panda Security) -- C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/12/08 17:37:18 | 000,671,552 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2011/12/08 17:34:58 | 001,527,104 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2011/06/22 11:17:14 | 000,395,392 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2011/06/22 11:15:44 | 002,637,824 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/26 10:25:36 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2008/01/18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/05/09 17:01:00 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.exe


========== Modules (No Company Name) ==========

MOD - [2009/01/09 17:10:52 | 000,139,264 | ---- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/05/08 16:06:38 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll
MOD - [2005/04/29 16:15:40 | 000,045,056 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.exe
MOD - [2005/04/29 16:15:36 | 000,045,056 | ---- | M] () -- C:\Program Files\TouchFreeze\TouchFreeze.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2013/01/11 12:36:48 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/08 19:17:49 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 09:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/13 14:26:20 | 003,290,896 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/11/14 22:04:15 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)
SRV - [2012/11/12 14:45:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/08 15:45:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 15:45:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/12/08 17:34:58 | 001,527,104 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/08 17:31:34 | 000,029,504 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/22 11:17:08 | 000,846,056 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/06 15:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2007/09/20 14:31:10 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\SBREdrv.sys -- (SBRE)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/12/05 12:34:58 | 000,601,408 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2012/12/05 12:34:40 | 000,083,392 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vsflt53.sys -- (vidsflt53)
DRV - [2012/12/05 12:34:34 | 000,169,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2012/11/09 19:00:49 | 000,123,944 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2012/11/09 19:00:10 | 000,174,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2012/11/09 19:00:10 | 000,114,216 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2012/11/09 19:00:10 | 000,104,488 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2012/11/09 19:00:09 | 000,149,544 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2012/11/09 11:23:58 | 000,276,520 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSStrm.sys -- (NNSSTRM)
DRV - [2012/11/09 11:23:58 | 000,133,928 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNStlsc.sys -- (NNSTLSC)
DRV - [2012/11/09 11:23:57 | 000,370,216 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSProt.sys -- (NNSPROT)
DRV - [2012/11/09 11:23:57 | 000,191,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPrv.sys -- (NNSPRV)
DRV - [2012/11/09 11:23:57 | 000,128,040 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSSmtp.sys -- (NNSSMTP)
DRV - [2012/11/09 11:23:56 | 000,125,480 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSPop3.sys -- (NNSPOP3)
DRV - [2012/11/09 11:23:56 | 000,074,792 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\NNSPihsw.sys -- (NNSPIHSW)
DRV - [2012/11/09 11:23:55 | 000,163,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSIds.sys -- (NNSIDS)
DRV - [2012/11/09 11:23:55 | 000,139,176 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSHttp.sys -- (NNSHTTP)
DRV - [2012/11/09 11:23:55 | 000,133,544 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSpicc.sys -- (NNSPICC)
DRV - [2012/11/09 11:23:54 | 000,119,208 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NNSAlpc.sys -- (NNSALPC)
DRV - [2012/11/07 16:33:42 | 000,125,472 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vididr.sys -- (vididr)
DRV - [2012/11/07 09:00:12 | 000,046,672 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Unknown] -- C:\Windows\System32\drivers\PSKMAD.sys -- (PSKMAD)
DRV - [2012/10/22 12:08:35 | 000,029,224 | ---- | M] (Panda Security, S.L.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NNSNAHSL.sys -- (NNSNAHSL)
DRV - [2012/05/08 15:45:33 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/08 15:45:33 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/03/14 08:40:02 | 000,169,080 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2012/03/14 08:40:02 | 000,103,112 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2011/09/16 16:09:17 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/07/07 15:46:56 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/04/05 17:35:20 | 000,221,784 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/04/05 17:35:20 | 000,094,040 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/04/05 17:35:20 | 000,078,936 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\sbtis.sys -- (SbTis)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/02/08 09:14:22 | 000,069,208 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/12/30 11:21:18 | 000,027,192 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/11/06 15:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007/10/10 17:03:00 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007/03/05 18:45:00 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2006/11/29 01:46:24 | 000,028,224 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\APLMp50.sys -- (APLMp50)
DRV - [2006/11/21 04:25:44 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/14 19:42:46 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/14 17:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006/08/04 16:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [1997/06/17 04:00:00 | 000,004,064 | ---- | M] (Adobe Systems Incorporated) [Kernel | System | Running] -- C:\Windows\System32\drivers\ATMHELPR.SYS -- (ATMhelpr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?ocid=OIE9HP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dogpile.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {02DCD0C3-F211-4C47-B1C2-15841125E563}
IE - HKCU\..\SearchScopes\{02DCD0C3-F211-4C47-B1C2-15841125E563}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=800236&p={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Dogpile"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.dogpile.com/"
FF - prefs.js..extensions.enabledAddons: browserprotect%40browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledAddons: splitpannel%40max.max:1.00
FF - prefs.js..extensions.enabledAddons: %7B66E978CD-981F-47DF-AC42-E3CF417C1467%7D:0.4.3
FF - prefs.js..extensions.enabledAddons: donottrackplus%40abine.com:2.2.5.1205
FF - prefs.js..extensions.enabledAddons: %7B0545b830-f0aa-4d7e-8820-50a4629a56fe%7D:17.6
FF - prefs.js..extensions.enabledAddons: %7B1280606b-2510-4fe0-97ef-9b5a22eafe30%7D:0.7.9.4
FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.1
FF - prefs.js..extensions.enabledAddons: %7B82AF8DCA-6DE9-405D-BD5E-43525BDAD38A%7D:6.5.0.11422
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0
FF - prefs.js..keyword.URL: "http://www.dogpile.com/search?q="
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/13 12:23:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012/12/14 19:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2012/04/05 16:25:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Extensions
[2013/01/13 12:23:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions
[2012/12/24 11:36:54 | 000,000,000 | ---D | M] ("ColorfulTabs") -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2013/01/13 12:23:24 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/12/06 09:55:58 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
[2013/01/11 10:58:40 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
[2012/11/21 23:42:50 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
[2012/05/15 01:27:52 | 000,047,822 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
[2012/07/27 18:09:36 | 000,051,397 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]
[2013/01/09 23:40:32 | 000,516,839 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
[2012/05/15 01:32:11 | 000,003,793 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}.xpi
[2012/12/05 10:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/05/15 01:16:00 | 000,002,066 | ---- | M] () -- C:\Users\Jane\AppData\Roaming\Mozilla\Firefox\Profiles\jyicuv3v.default\searchplugins\dogpile.xml
[2013/01/11 12:36:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/11 12:36:42 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/01/11 12:36:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/01/11 12:36:49 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/29 03:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/11/29 03:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/08/19 11:19:41 | 000,444,042 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15254 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice File not found
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TouchFreeze] C:\Program Files\TouchFreeze\TouchFreeze.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 200.75.200.3 200.75.200.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8161EA18-F663-45E0-A936-58138F5B1098}: DhcpNameServer = 200.75.200.3 200.75.200.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{dd645fb1-7f4f-11e1-b609-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd645fb1-7f4f-11e1-b609-806e6f6e6963}\Shell\AutoRun\command - "" = E:\wubi.exe --cdmenu
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/13 20:58:08 | 000,046,672 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PSKMAD.sys
[2013/01/13 14:49:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
[2013/01/13 14:49:54 | 000,027,192 | ---- | C] (VS Revo Group) -- C:\Windows\System32\drivers\revoflt.sys
[2013/01/13 14:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/01/13 12:23:42 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\panda4_0dn
[2013/01/13 12:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security URL Filtering
[2013/01/13 12:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Toolbar Cleaner
[2013/01/13 12:23:24 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Roaming\Panda Security
[2013/01/13 12:22:33 | 000,000,000 | ---D | C] -- C:\Program Files\pandasecuritytb
[2013/01/13 12:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Cloud Antivirus
[2013/01/13 12:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2013/01/13 12:20:34 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2013/01/11 12:36:41 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/10 12:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/01/09 16:50:58 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\My Kindle Content
[2013/01/08 15:01:33 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/01/08 15:00:33 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2013/01/07 18:09:18 | 000,000,000 | ---D | C] -- C:\Program Files\SigmaTel
[2013/01/07 12:01:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Reallusion
[2013/01/07 11:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\Creative Live! Cam
[2013/01/07 11:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013/01/05 21:58:36 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\easel.3.2.1
[2013/01/05 21:55:38 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\pinboard.1.0.6
[2012/12/31 19:39:06 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\ESTATE
[2012/12/28 14:51:01 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\My Barnes & Noble eBooks
[2012/12/27 21:41:52 | 000,580,712 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\System32\HPDiscoPM5412.dll
[2012/12/27 21:41:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2012/12/27 21:36:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/12/27 21:36:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2012/12/27 21:13:15 | 000,000,000 | ---D | C] -- C:\Users\Jane\AppData\Local\HP
[2012/12/26 17:24:37 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\Address Book
[2012/12/26 17:18:12 | 000,000,000 | ---D | C] -- C:\Users\Jane\Documents\Parties
[2012/12/22 11:43:27 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012/12/22 11:43:27 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/21 18:08:58 | 000,000,000 | ---D | C] -- C:\Users\Jane\Desktop\Newest files
[2012/12/17 10:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/17 10:55:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/17 10:55:28 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/12/17 10:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/16 20:33:20 | 000,000,000 | ---D | C] -- C:\Program Files\wp-e-commerce
[2012/11/12 13:21:04 | 019,447,048 | ---- | C] (Tracker Software Products Ltd ) -- C:\Program Files\PDFXVwer.exe
[2012/04/10 16:55:18 | 002,071,600 | ---- | C] (Kaspersky Lab ZAO) -- C:\Program Files\TDSSKiller.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/13 21:17:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/13 21:03:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/13 21:03:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/13 20:57:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 20:57:40 | 000,003,664 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 20:57:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/13 17:06:02 | 000,411,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/01/13 14:49:56 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/13 12:08:20 | 000,001,954 | ---- | M] () -- C:\Users\Jane\Desktop\ESET NOD32 Antivirus.lnk
[2013/01/10 13:53:13 | 000,006,144 | ---- | M] () -- C:\Users\Jane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/09 14:44:13 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/08 19:17:47 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/01/08 19:17:47 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/01/08 15:55:28 | 000,000,830 | ---- | M] () -- C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/01/08 15:34:23 | 000,177,056 | ---- | M] () -- C:\Users\Jane\AppData\Local\Schedule8.dat
[2012/12/27 21:55:57 | 000,065,196 | ---- | M] () -- C:\Users\Jane\Desktop\Troubleshoot HP Installation Failure - Network.hta
[2012/12/27 21:41:50 | 000,002,151 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
[2012/12/27 21:19:13 | 000,005,826 | ---- | M] () -- C:\Users\Jane\Desktop\HP Installation Failure 43.hta
[2012/12/27 21:15:49 | 000,000,057 | ---- | M] () -- C:\ProgramData\Ament.ini
[2012/12/19 18:26:08 | 001,309,678 | -H-- | M] () -- C:\Users\Jane\Documents\PP11Thumbs.ptn
[2012/12/19 18:26:08 | 000,000,814 | -H-- | M] () -- C:\Users\Jane\Documents\PP11Thumbs.ptn2
[2012/12/19 18:26:07 | 000,005,943 | -H-- | M] () -- C:\Users\Jane\Documents\maxdesk.ini2
[2012/12/19 18:24:22 | 000,367,452 | ---- | M] () -- C:\Users\Jane\Documents\Document (6).pdf
[2012/12/17 10:56:32 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/16 08:12:54 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012/12/16 05:50:29 | 000,293,376 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/13 14:49:56 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
[2013/01/09 14:44:13 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/08 15:55:28 | 000,000,830 | ---- | C] () -- C:\Users\Jane\Application Data\Microsoft\Internet Explorer\Quick Launch\iLivid.lnk
[2013/01/07 17:10:29 | 000,001,954 | ---- | C] () -- C:\Users\Jane\Desktop\ESET NOD32 Antivirus.lnk
[2012/12/27 21:55:57 | 000,065,196 | ---- | C] () -- C:\Users\Jane\Desktop\Troubleshoot HP Installation Failure - Network.hta
[2012/12/27 21:41:50 | 000,002,151 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710n-z.lnk
[2012/12/27 21:19:13 | 000,005,826 | ---- | C] () -- C:\Users\Jane\Desktop\HP Installation Failure 43.hta
[2012/12/27 21:15:49 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/12/19 18:24:19 | 000,367,452 | ---- | C] () -- C:\Users\Jane\Documents\Document (6).pdf
[2012/12/17 10:56:32 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/11/23 17:37:27 | 000,126,060 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2012/10/03 16:41:18 | 000,000,023 | ---- | C] () -- C:\Windows\ANS2000.INI
[2012/10/03 16:41:18 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2012/10/03 16:41:18 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2012/10/03 16:36:03 | 000,000,085 | ---- | C] () -- C:\Windows\aebconfig.ini
[2012/08/17 15:39:06 | 000,000,365 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012/05/23 15:08:35 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2012/04/14 21:25:16 | 000,017,408 | ---- | C] () -- C:\Users\Jane\AppData\Local\WebpageIcons.db
[2012/04/09 15:03:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/04/09 15:02:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/04/09 15:02:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/04/06 19:49:24 | 000,177,056 | ---- | C] () -- C:\Users\Jane\AppData\Local\Schedule8.dat
[2012/04/06 19:12:17 | 000,006,144 | ---- | C] () -- C:\Users\Jane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/06 17:28:12 | 000,000,242 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2012/04/06 17:28:12 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2012/04/06 17:27:06 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf08b.dat
[2012/04/06 17:27:04 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/04/06 17:14:01 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/04/06 12:19:19 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2012/04/06 12:19:19 | 000,000,114 | ---- | C] () -- C:\Windows\kpcms.ini
[2012/04/06 11:37:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/04/05 12:06:59 | 000,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2012/04/05 12:06:59 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2012/04/05 12:06:59 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1272.dll
[2012/04/05 12:04:27 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2012/04/05 11:59:16 | 000,000,680 | ---- | C] () -- C:\Users\Jane\AppData\Local\d3d9caps.dat
[2011/12/14 11:32:58 | 000,026,759 | ---- | C] () -- C:\Program Files\PDFXVW1.xml
[2011/02/09 20:54:58 | 003,973,120 | ---- | C] () -- C:\Windows\System32\ffmpeg2.exe
[2010/05/12 13:57:50 | 000,380,074 | ---- | C] () -- C:\Program Files\Claim_your_free_PDF_converter.pdf

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 881 bytes -> C:\Users\Jane\Documents\tv-streams.eml:OECustomProperty
@Alternate Data Stream - 1273 bytes -> C:\Users\Jane\Documents\The World as Some See It.eml:OECustomProperty
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 1239 bytes -> C:\Users\Jane\Desktop\BOWKER LOG IN.eml:OECustomProperty
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
117,905
I'm signing off for the night so I'll review that log tomorrow and post further instructions.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top