Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - DR M

Pages: 1 ... 103 104 [105] 106
1561
So, that's it, Corrine! I am clean!

You cannot imagine how many thanks I want to say to you!  Continue the good work and hundred of people will remember you in their prayers! :flowers: :flowers: :flowers:

No, I will not make a format now... The last one was in August, and, as you know, it is not easy to reinstall so many programs... I trust your word! Although, I will make all passwords changes from another computer, just for the sake of safety.

A few things I still want to know:

1. Is there a way to find out if the memory stick is ok?
2. What about the changes I have made in the host file?
3. If I install the three softwares you advised me, will be any problem with Panda, MBAM and Super Antispyware?

Tomorrow I will post for another computer which I think has a similar problem... You see, I wanted that license... But now I received my lesson with the hard way...

As fo Grey's Anatomy, there is no way to see it in countries except of USA... So I will see what to do...  :azn:

THANK YOU AGAIN!

1562
Analysis and Malware Removal / FORMAT
« on: October 23, 2011, 08:12:02 AM »
I would like to learn all the steps for a computer format. There is possibility to make one to a computer that is infected and it is not mine (I think it is a similar virus with the one Corrine helped me in the other topic, as I was trying to download the same thing).

THANK YOU!

1563
Something I remembered:

When ESSET scan was taking place, SuperAntispyware suddenly came on and warn about change of the home page. I closed it immediately.

Now I see that my home page is the one I had before reseting the advanced properties of Internet Explorer (I did that because I could not entered ESSET page). When I reset, the home page changed, but now the one I had before is shown...

And something I did before contact you, following "advice"... I went somewhere in windows (I don't remember where) and find a file named host. I open it with notepad and I deleted some entries (except host file and some numbers...

I think that I'm not clean yet... AND I CANNOT GET ASLEEP UNTIL I AM SURE ABOUT ALL... OUF!!!!!!!!

1564
Goodmorning, Corrine!

I uninstalled ComboFix, following your instructions. (I forgot to disable Panda, but ComboFix told me to do so in the middle of the procedure, and so I did).

Now, my critical question is:  IS THE COMPUTER CLEAN NOW? IF I CHANGE ALL MY PASSWORDS FROM THE GOOD ONE (I HOPE IS STILL THE GOOD ONE), I CAN USE EVERYTHING WITHOUT ANY DOUBT? THE SOLUTION OF FORMAT IS NOT A NECESSARY OPTION NOW?


Some other points:

1. I would like to make a clean check to the good computer and the memory stick I used. Also, I would like to learn how can I make a format to a computer... So, I will open later new topics for these...

2. I have installed in my computer Panda Global, Super Antispyware and MBAM (I have not let the last two running the same time, but I use them when I want to make a check). Your sugestions about secunia, spywareblaster and winpatrol is for those who don't have something in their computer or it doesn't matter if I install them, besides the other three softwares I already have? (what is the danger of conflict?)

3. My Panda Global, although I reinstalled it yesterday, gives me its warnings in Spanish. I had the language set to greek, and then changed it to english (from regedit), but the problem is still there. Also, some windows of Panda have both languages, english and spanish. A month ago, this problem was not exist. Is there a possibility that a virus made this to make me not understand Panda warnings?

4. What are the settings for wifi properties and Firefox internet options for a safe internet surfing? As I mentioned before, I have made a ... little mess in there, when I was trying to have access to the web.

5. I used utorrent only to download Grey's Anatomy every week! Now, I uninstalled it... Can I install it again, only for download this movie?????

5. Your forum is really FANTASTIC. Is it a part of your job or you make this for a hobby? Are you professionals for doing this job or angels in earth? You earn something doing this or is just for your fun? I would really want to know!  :hallo:

1565
Are we sure that ESSET found all the viruses (There are three sourses of viruses according to the log, right? )

Is there an antivirus that can detect everything? Is COMBOFIX one of them? Can I, for example, make a scan with combofix in the good computer and in the memory stick I use?

I have formated the computer in August... I would like to avoid it again, especially now... I have exams this period... But if you tell me that there is the only way to be safe, I will do it...


1566
Is there any safety if I disable wifi in the infected computer? And what is the possibility for the wifi to get infected?



Here is the log:

ComboFix 11-10-21.05 - Maria 22/10/2011  21:58:06.2.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1253.30.1033.18.1526.842 [GMT 3:00]
Running from: c:\documents and settings\Maria\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Maria\Desktop\CFScript.txt
AV: Panda Global Protection 2012 *Disabled/Updated* {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2012 *Disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Maria\Application Data\PriceGong
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\ccWebWnd.dll
c:\program files\Common Files\Symantec Shared\Help\LUALL.CHM
c:\program files\Common Files\Symantec Shared\Security Center\sscnav.dll
c:\program files\Common Files\Symantec Shared\Security Center\sscnis56.dll
c:\program files\Common Files\Symantec Shared\Security Center\sscnis7.dll
c:\program files\Common Files\Symantec Shared\Security Center\SSCOpts.dat
c:\program files\Common Files\Symantec Shared\Security Center\SymSCWb.dll
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSCNo.exe
c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
c:\program files\Common Files\Symantec Shared\Security Center\WSCHlpr.dll
c:\program files\Common Files\Symantec Shared\SymSetup\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LuComServer_2_6.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS_2_6.DLL
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController_2_6.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom_2_6.DLL
c:\program files\Symantec\LiveUpdate\ProductRegComPS_2_6.DLL
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\program files\Symantec\LiveUpdate\UNRAR.DLL
.
.
(((((((((((((((((((((((((   Files Created from 2011-09-22 to 2011-10-22  )))))))))))))))))))))))))))))))
.
.
2011-10-22 13:07 . 2011-10-22 13:07   --------   d-----w-   c:\program files\ESET
2011-10-22 12:25 . 2011-10-22 12:25   --------   d-----w-   c:\program files\Common Files\Java
2011-10-22 12:24 . 2011-10-22 12:24   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-10-22 12:24 . 2011-10-22 12:24   --------   d-----w-   c:\program files\Java
2011-10-22 07:30 . 2011-10-22 15:47   13880   ----a-w-   c:\windows\system32\drivers\COMFiltr.sys
2011-10-22 07:28 . 2011-10-22 07:28   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\Panda Security
2011-10-22 07:24 . 2011-10-22 18:03   220688   ----a-w-   c:\windows\system32\drivers\APPFCONT.DAT
2011-10-22 07:18 . 2011-02-21 11:38   37448   ----a-w-   c:\windows\system32\drivers\ShlDrv51.sys
2011-10-22 07:18 . 2010-05-06 14:11   163848   ----a-w-   c:\windows\system32\drivers\PavProc.sys
2011-10-21 20:09 . 2011-08-17 13:49   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-10-21 20:09 . 2011-08-17 13:49   138496   ----a-w-   c:\windows\system32\dllcache\afd.sys
2011-10-21 15:17 . 2011-10-21 15:18   --------   d-----w-   C:\bd_logs
2011-10-20 19:22 . 2011-10-22 07:18   --------   d-----w-   c:\program files\Common Files\Panda Security
2011-10-17 19:29 . 2009-05-18 12:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-16 14:27 . 2011-10-20 19:11   --------   d-----w-   c:\documents and settings\Maria\Application Data\go
2011-10-16 14:27 . 2011-10-20 19:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Easybits GO
2011-10-12 18:28 . 2011-10-12 18:28   --------   d-----w-   c:\windows\Sun
2011-10-11 12:27 . 2011-08-16 08:23   1277952   ----a-w-   c:\windows\system32\SYNSOACC.dll
2011-10-09 12:07 . 2011-08-16 08:23   1277952   ----a-w-   c:\windows\system32\SYNSOEMU.dll
2011-10-08 18:50 . 2011-10-08 18:50   1409   ----a-w-   c:\windows\QTFont.for
2011-10-07 14:21 . 2011-10-07 14:21   --------   d-----w-   c:\program files\Sonnox
2011-10-07 13:52 . 2011-10-07 13:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Syncrosoft
2011-10-07 13:52 . 2011-10-07 13:52   2892   ----a-w-   c:\windows\system32\audcon.sys
2011-10-07 13:51 . 2011-10-17 19:29   --------   dc----w-   c:\windows\system32\DRVSTORE
2011-10-07 13:31 . 2009-02-24 15:42   116736   ----a-w-   c:\windows\system32\drivers\mcdbus.sys
2011-10-07 13:31 . 2011-10-07 13:31   --------   d-----w-   c:\program files\MagicDisc
2011-10-07 13:26 . 2011-10-07 13:26   --------   d-----w-   c:\documents and settings\Maria\LocalLow
2011-10-04 20:30 . 2011-10-04 20:34   --------   d-----w-   c:\program files\SPSS Viewer
2011-10-04 18:26 . 2011-10-04 18:26   --------   d-----w-   c:\documents and settings\Maria\Application Data\Eclipse
2011-10-03 21:49 . 2011-10-07 17:04   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\Amos 19.0
2011-10-03 21:44 . 2011-10-03 21:44   1024   -c--a-w-   c:\windows\system32\clauth2.dll
2011-10-03 21:44 . 2011-10-03 21:44   1024   -c--a-w-   c:\windows\system32\clauth1.dll
2011-10-03 21:43 . 2000-01-14 14:22   37136   ----a-w-   c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstrai40.exe
2011-10-03 21:43 . 2000-01-14 14:17   45328   ----a-w-   c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstran40.exe
2011-10-03 21:43 . 2000-07-14 16:02   74000   ----a-w-   c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\msrpfs40.dll
2011-10-03 20:59 . 2011-10-03 20:59   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\javasharedresources
2011-10-03 20:58 . 2011-10-03 20:58   --------   d--h--w-   c:\program files\Zero G Registry
2011-10-03 20:58 . 2011-10-03 20:58   --------   d--h--w-   c:\documents and settings\Maria\InstallAnywhere
2011-10-03 20:55 . 2011-10-03 20:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\SPSS
2011-10-03 20:53 . 2011-10-03 20:53   --------   d-----w-   c:\program files\Common Files\IBM
2011-10-03 20:52 . 2011-10-03 20:52   --------   d-----w-   c:\program files\IBM
2011-10-03 19:36 . 2011-10-03 19:36   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\IsolatedStorage
2011-10-03 19:35 . 2011-10-03 19:35   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\HP
2011-09-25 14:38 . 2011-10-14 12:33   --------   d-----w-   c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-22 12:24 . 2011-08-10 20:53   472808   -c--a-w-   c:\windows\system32\deployJava1.dll
2011-10-16 14:30 . 2011-08-11 10:57   414368   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 08:41 . 2008-07-29 18:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41 . 2004-08-11 11:29   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 08:41 . 2004-08-11 11:29   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-11 11:28   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-11 11:29   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-11 11:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-11 11:28   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-11 11:28   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-11 11:28   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-13 14:11 . 2011-08-13 14:12   8192   ----a-w-   c:\windows\system32\srvany.exe
2011-08-11 09:34 . 2011-08-11 09:34   51712   ----a-r-   c:\documents and settings\Maria\Application Data\Microsoft\Installer\{E4BC7400-140D-40C6-B6F9-617F88E0D7A7}\IconE4BC7400.exe
2011-08-11 09:34 . 2011-08-11 09:34   27648   ----a-r-   c:\documents and settings\Maria\Application Data\Microsoft\Installer\{E4BC7400-140D-40C6-B6F9-617F88E0D7A7}\IconE4BC74002.exe
2011-08-10 21:52 . 2011-08-10 21:52   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2011-08-10 21:52 . 2011-08-10 21:52   47360   ----a-w-   c:\documents and settings\Maria\Application Data\pcouffin.sys
2011-08-08 08:00 . 2011-08-11 20:01   74752   -c--a-w-   c:\windows\system32\ff_vfw.dll
2011-07-08 07:30 . 2011-08-10 19:42   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-10-21_20.24.22   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-22 15:45 . 2011-10-22 15:45   16384              c:\windows\Temp\Perflib_Perfdata_70.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   19168              c:\windows\Temp\cteng_8_2_21316952017r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   18708              c:\windows\Temp\cteng_8_2_11316951329r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   83632              c:\windows\Temp\cteng_1_2_941316951814r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   13352              c:\windows\Temp\cteng_1_2_931319238023r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   34800              c:\windows\Temp\cteng_1_2_921316951154r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   27736              c:\windows\Temp\cteng_1_2_81316951787r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   33976              c:\windows\Temp\cteng_1_2_801316951936r.dat
+ 2011-10-22 12:09 . 2011-10-22 12:09   20436              c:\windows\Temp\cteng_1_2_791319279903r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   52600              c:\windows\Temp\cteng_1_2_741317178833r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   30908              c:\windows\Temp\cteng_1_2_731318140010r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   23868              c:\windows\Temp\cteng_1_2_681319089218r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   37408              c:\windows\Temp\cteng_1_2_671319047758r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   30136              c:\windows\Temp\cteng_1_2_651318730461r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   69520              c:\windows\Temp\cteng_1_2_631318276817r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   36416              c:\windows\Temp\cteng_1_2_61316952014r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   23904              c:\windows\Temp\cteng_1_2_611319252420r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   47612              c:\windows\Temp\cteng_1_2_581319095839r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   39572              c:\windows\Temp\cteng_1_2_551317850084r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   28436              c:\windows\Temp\cteng_1_2_51318848994r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   41064              c:\windows\Temp\cteng_1_2_401317887256r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   33764              c:\windows\Temp\cteng_1_2_361318344979r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   27736              c:\windows\Temp\cteng_1_2_341318233619r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   31860              c:\windows\Temp\cteng_1_2_331318014006r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   47628              c:\windows\Temp\cteng_1_2_311316951790r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   34072              c:\windows\Temp\cteng_1_2_281318872170r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   28672              c:\windows\Temp\cteng_1_2_261317577499r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   26444              c:\windows\Temp\cteng_1_2_241319086815r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   38936              c:\windows\Temp\cteng_1_2_221317186677r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   28436              c:\windows\Temp\cteng_1_2_21319227211r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   71776              c:\windows\Temp\cteng_1_2_211316951173r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   18820              c:\windows\Temp\cteng_1_2_201319263219r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   57960              c:\windows\Temp\cteng_1_2_191316951754r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   28092              c:\windows\Temp\cteng_1_2_181319234408r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   23284              c:\windows\Temp\cteng_1_2_171319151622r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   34760              c:\windows\Temp\cteng_1_2_161318924407r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   34524              c:\windows\Temp\cteng_1_2_151319044293r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   59412              c:\windows\Temp\cteng_1_2_141316952061r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   35172              c:\windows\Temp\cteng_1_2_131319039338r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   20924              c:\windows\Temp\cteng_1_2_121319259624r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   33604              c:\windows\Temp\cteng_1_2_11318031148r.dat
+ 2011-10-22 12:09 . 2011-10-22 12:09   27572              c:\windows\Temp\cteng_1_2_101319274019r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   37028              c:\windows\Temp\cteng_1_1_81319266814r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   66984              c:\windows\Temp\cteng_1_1_71318924084r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   77272              c:\windows\Temp\cteng_1_1_61316951534r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   64480              c:\windows\Temp\cteng_1_1_471318999590r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   67988              c:\windows\Temp\cteng_1_1_451317204030r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   44392              c:\windows\Temp\cteng_1_1_441316951812r.dat
+ 2011-10-22 12:09 . 2011-10-22 12:09   82900              c:\windows\Temp\cteng_1_1_311319277615r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   64684              c:\windows\Temp\cteng_1_1_161316951935r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   33064              c:\windows\Temp\cteng_1_1_131319173221r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   43432              c:\windows\Temp\cteng_1_1_111318955163r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   44860              c:\windows\Temp\cteng_1_1_101316952005r.dat
+ 2004-08-11 11:29 . 2011-10-22 15:49   80944              c:\windows\system32\perfc009.dat
- 2004-08-11 11:29 . 2011-10-21 20:25   80944              c:\windows\system32\perfc009.dat
+ 2011-10-22 07:23 . 2010-06-21 14:01   87360              c:\windows\system32\PavLspHook.dll
+ 2011-10-22 07:23 . 2010-06-21 14:01   55616              c:\windows\system32\pavipc.dll
+ 2011-10-22 07:23 . 2009-09-25 11:54   46856              c:\windows\system32\drivers\wnmflt.sys
+ 2011-10-22 07:23 . 2010-06-22 15:13   26696              c:\windows\system32\drivers\pavboot.sys
+ 2011-10-22 07:23 . 2009-09-25 11:54   22024              c:\windows\system32\drivers\fnetmon.sys
+ 2011-10-22 07:23 . 2009-09-25 11:54   53256              c:\windows\system32\drivers\dsaflt.sys
+ 2011-10-22 07:23 . 2011-01-31 13:41   83528              c:\windows\system32\drivers\APPFLT.SYS
+ 2011-10-22 07:23 . 2010-05-21 10:50   59080              c:\windows\system32\drivers\amm8651.sys
+ 2011-10-22 07:23 . 2010-03-24 09:55   55552              c:\windows\system32\avldr.dll
+ 2011-10-22 07:32 . 2011-10-22 07:32   596464              c:\windows\Temp\cteng_1_2_71319025462r.dat
+ 2011-10-22 07:32 . 2011-10-22 07:32   177656              c:\windows\Temp\cteng_1_2_41318906807r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   117864              c:\windows\Temp\cteng_1_1_151316951786r.dat
+ 2011-10-22 07:31 . 2011-10-22 07:31   265624              c:\windows\Temp\cteng_1_1_121318853260r.dat
+ 2011-10-22 07:23 . 2010-06-21 14:02   193344              c:\windows\system32\TpUtil.dll
+ 2011-10-22 07:23 . 2007-02-08 07:53   107568              c:\windows\system32\SYSTOOLS.DLL
- 2004-08-11 11:29 . 2011-10-21 20:25   484930              c:\windows\system32\perfh009.dat
+ 2004-08-11 11:29 . 2011-10-22 15:49   484930              c:\windows\system32\perfh009.dat
+ 2011-10-22 07:23 . 2010-06-21 14:01   520000              c:\windows\system32\PavSHook.dll
+ 2011-10-22 12:24 . 2011-10-22 12:24   157472              c:\windows\system32\javaws.exe
- 2011-08-10 20:53 . 2011-08-10 20:52   157472              c:\windows\system32\javaws.exe
+ 2011-10-22 12:24 . 2011-10-22 12:24   145184              c:\windows\system32\javaw.exe
- 2011-08-10 20:53 . 2011-08-10 20:52   145184              c:\windows\system32\javaw.exe
+ 2011-10-22 12:24 . 2011-10-22 12:24   145184              c:\windows\system32\java.exe
- 2011-08-10 20:53 . 2011-08-10 20:52   145184              c:\windows\system32\java.exe
+ 2011-10-22 07:23 . 2010-09-01 08:09   201032              c:\windows\system32\drivers\neti1644.sys
+ 2011-10-22 07:23 . 2009-09-25 11:54   159112              c:\windows\system32\drivers\NETFLTDI.SYS
+ 2011-10-22 07:23 . 2010-09-09 13:23   193864              c:\windows\system32\drivers\idsflt.sys
+ 2011-10-22 12:25 . 2011-10-22 12:25   203776              c:\windows\Installer\387966.msi
+ 2011-10-22 12:24 . 2011-10-22 12:24   902656              c:\windows\Installer\387961.msi
+ 2011-10-22 07:23 . 2011-10-22 07:23   1241600              c:\windows\Installer\25c38ad.msi
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 15:54   175912   ----a-w-   c:\program files\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"="c:\progra~1\COMMON~1\TEKNUM~1\update.exe" [2005-10-05 30208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-04-09 135168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2005-02-28 1366016]
"SECEDIT"="c:\drivers\SECEDIT.EXE" [2005-05-26 24576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-08-10 155648]
"APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2012\Inicio.exe" [2011-02-02 70464]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD Ghost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 09:55   55552   ----a-w-   c:\windows\system32\avldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-02-28 15:23   39936   ----a-w-   c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Γρήγορη εκκίνηση HP Image Zone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Γρήγορη εκκίνηση HP Image Zone.lnk
backup=c:\windows\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maria^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Maria\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43   640376   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25   37232   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-07-25 07:33   2968512   ----a-w-   c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54   91520   ----a-w-   c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDXGhost]
2006-02-25 14:10   1556480   ----a-w-   c:\program files\DVD Ghost\DVDGhost.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-04-13 14:11   2387968   ----a-w-   c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 18:52   449584   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-29 08:07   127118   ----a-w-   c:\apps\Powercinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-08-10 22:27   155648   ----a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24   32768   ----a-w-   c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-06 23:52   36864   ------w-   c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\JRE\\bin\\javaw.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [22/10/2011 10:23 26696]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [22/10/2011 10:23 83528]
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/08/2011 12:44 11264]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [22/10/2011 10:23 53256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [22/10/2011 10:23 22024]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [22/10/2011 10:23 193864]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [22/10/2011 10:23 159112]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 19:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 00:55 67664]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [22/10/2011 10:18 37448]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [22/10/2011 10:23 46856]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 02:38 116608]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8651.sys [22/10/2011 10:23 59080]
R2 FdRedir;FdRedir;c:\windows\system32\drivers\FdRedir.sys [28/02/2005 18:25 12544]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\windows\system32\drivers\filedisk.sys [28/02/2005 18:25 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/08/2011 12:26 366640]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [22/10/2011 10:18 163848]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2012\psksvc.exe [22/10/2011 10:23 28992]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [22/10/2011 10:30 13880]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/08/2011 12:25 22712]
R3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\drivers\neti1644.sys [22/10/2011 10:23 201032]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/08/2011 00:52 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 15:16 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [13/08/2011 17:12 8192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16/08/2011 12:26 41272]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 23:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/08/2004 14:29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 15:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 14:08   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-22 c:\windows\Tasks\Limpieza bαsica.job
- c:\program files\Panda Security\Panda Global Protection 2012\PlaTasks.exe [2011-10-22 11:23]
.
2011-10-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5ffdfb83-3403-4f44-82d6-35090f6cfc96.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-10-22 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f145a21f-f3e7-4138-a4a4-16f7f10a932a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-10-22 c:\windows\Tasks\User_Feed_Synchronization-{8FB176E6-BC06-406E-896A-698783625451}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2011-10-20 c:\windows\Tasks\WebReg psc 1500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nec-online.co.uk/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.10.254
FF - ProfilePath - c:\documents and settings\Maria\Application Data\Mozilla\Firefox\Profiles\45nyw1gt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM-Run-SSC_UserPrompt - c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-22 22:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1536)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\avldr.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
.
Completion time: 2011-10-22  22:08:02
ComboFix-quarantined-files.txt  2011-10-22 19:07
ComboFix2.txt  2011-10-21 20:28
.
Pre-Run: 17,224,028,160 bytes free
Post-Run: 17,214,001,152 bytes free
.
- - End Of File - - 704E0C89636F4E8B4EA48333ADB9EB35

1567
Hi Corrine,

Now, I want to cry... It seems to be very serious problem...

Meanwhile, I continue write from the good computer, because I am afraid of writing passwords in the infected one...

I will follow the instructions... Do you think that there is hope for killing this thing?

1568
And the log report:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=53b31522fb4c3f44aa3a496a9175326b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-10-22 03:23:12
# local_time=2011-10-22 06:23:12 (+0200, GTB Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1536 16777191 100 0 21996 21996 0 0
# compatibility_mode=8192 67108863 100 0 1412 1412 0 0
# scanned=143026
# found=3
# cleaned=0
# scan_time=6750
C:\Program Files\ABBYY PDF Transformer 2.0\Patch_abbyy.pdf.transformer.2.0.exe   a variant of Win32/HackTool.Patcher.A application (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\Documents and Settings\Maria\Local Settings\Application Data\1d883865\X.vir   Win32/Sirefef.DD trojan (unable to clean)   00000000000000000000000000000000   I
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\afd.sys.vir   Win32/Rootkit.Agent.NUT trojan (unable to clean)   00000000000000000000000000000000   I

1569
Hi, Corrine.

This is what I have done till now:

1. Installed Panda Global Protection 2012, and performed a full scan. No virus or malicious software was found.

2. JAVA: I uninstalled all previous versions (included v6 up26) and installed the latest version, v6 up29.

3. I tried to access ESSET page from the infected computer, with Internet Explorer, but it was impossible. Although, I could have access from the non infected one. So, I got in Internet Options of Internet Explorer, restored advanced settings and reset. Then, I could have access to the ESSET web page.

4. I installed Active x and another thing (I think EST online scanner) and started scan.

5. I am waiting for the log report (67% yet).


1570
Goodmorning, Corrine (Here is 7:29 a.m. What's the time in N.Y.?).

1. Have you seen any malicious software that is still in the computer? And what exactly was the problem that combofix found?

2. I had Panda Global Protection since Tuesday. I decided to uninstall and reinstall it, because the language was turned to Spanish. It was Panda that warn me about the suspicious exe file, but I ignored it and run it.

3. I think that I need Java, since some programs ask for it. So, shall I install the updated version without uninstall the one I already have?

4. I often use the Freecorder Toolbar, in order to download videos from Youtube and turn them to audio or anything else. It is very easy to use and If there is no problem I would like to keep it.

5. I have Panda Global Protection 2012 disc. Can I install it? Is there a specific reason why ESET? If I install Panda again, is it neccessary to make the scan with ESSET? And also install Microsoft Security Essentials?

6. I use Total Uninstall software when I want to get rid of unwanted programs, instead of Add /Remove Programs. Can I keep using it?

7. My hard disk is only 16Gb... All these actions leave space on the disc? Can we have the space back, when we finish?

THANK YOU, AGAIN! I AM WAITING FOR YOUR REPLY!

1571
I have got this warning, and I don't know what to do:

To help protect your computer Windows firewall has blocked some features of this program:

JAVA (TM) PLATFORM SE BINARY

DO YOU WANT TO KEEP BLOCKING THIS PROGRAM?


Meanwhile, I disabled internet connection ... to protect my computer for other viruses!

1572
Some news!

I tried enter web through Firefox and it worked! I CAN HAVE INTERNET AGAIN!

BUT:

How do I know that everything (?) is ok, now?

Is there anything else to do?

What about having my Internet Protocol use specific IP address instead of obtain it automatically?

As I said in the first post, I have made some mess in the windows of Network Connections...

Could you please tell me how to fix it?


THANK YOU! THANK YOU! THANK YOU!!

1573
I have been terrified! I think that something dangerous has been found!

(I cannot access web even in safe mode. So I continue using memory stick, without download the extra program you told me)

Here is the log report of COMBOFIX:

ComboFix 11-10-21.05 - Maria 21/10/2011  23:13:28.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1253.30.1033.18.1526.1147 [GMT 3:00]
Running from: c:\documents and settings\Maria\Desktop\ComboFix.exe
.
ADS - system32: deleted 40 bytes in 1 streams.
ADS - WINDOWS: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk
c:\documents and settings\Maria\Application Data\inst.exe
c:\documents and settings\Maria\Application Data\PriceGong
c:\documents and settings\Maria\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Maria\Application Data\vso_ts_preview.xml
c:\documents and settings\Maria\Local Settings\Application Data\1d883865
c:\documents and settings\Maria\Local Settings\Application Data\1d883865\@
c:\documents and settings\Maria\Local Settings\Application Data\1d883865\X
c:\documents and settings\Maria\WINDOWS
C:\install.exe
c:\windows\$NtUninstallKB55826$
c:\windows\$NtUninstallKB55826$\2434374882
c:\windows\{C6F5B6CF-609C-428E-876F-CA83176C021B}.exe
c:\windows\help\tours\htmltour\unlock_playing.htm
c:\windows\system32\d3d9caps.dat
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll
c:\windows\UA000035.DLL
.
Infected copy of c:\windows\system32\drivers\afd.sys was found and disinfected
Restored copy from - The cat found it :)
.
(((((((((((((((((((((((((   Files Created from 2011-09-21 to 2011-10-21  )))))))))))))))))))))))))))))))
.
.
2011-10-21 20:09 . 2011-08-17 13:49   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-10-21 20:09 . 2011-08-17 13:49   138496   ----a-w-   c:\windows\system32\dllcache\afd.sys
2011-10-21 15:17 . 2011-10-21 15:18   --------   d-----w-   C:\bd_logs
2011-10-20 19:22 . 2011-10-20 19:49   --------   d-----w-   c:\program files\Common Files\Panda Security
2011-10-18 11:50 . 2011-10-19 12:39   105088   ----a-w-   c:\windows\system32\drivers\av5flt.sys
2011-10-17 19:29 . 2009-05-18 12:17   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-16 14:27 . 2011-10-20 19:11   --------   d-----w-   c:\documents and settings\Maria\Application Data\go
2011-10-16 14:27 . 2011-10-20 19:15   --------   d-----w-   c:\documents and settings\All Users\Application Data\Easybits GO
2011-10-12 18:28 . 2011-10-12 18:28   --------   d-----w-   c:\windows\Sun
2011-10-11 12:27 . 2011-08-16 08:23   1277952   ----a-w-   c:\windows\system32\SYNSOACC.dll
2011-10-09 12:07 . 2011-08-16 08:23   1277952   ----a-w-   c:\windows\system32\SYNSOEMU.dll
2011-10-08 18:50 . 2011-10-08 18:50   1409   ----a-w-   c:\windows\QTFont.for
2011-10-07 14:21 . 2011-10-07 14:21   --------   d-----w-   c:\program files\Sonnox
2011-10-07 13:52 . 2011-10-07 13:52   --------   d-----w-   c:\documents and settings\All Users\Application Data\Syncrosoft
2011-10-07 13:52 . 2011-10-07 13:52   2892   ----a-w-   c:\windows\system32\audcon.sys
2011-10-07 13:51 . 2011-10-17 19:29   --------   dc----w-   c:\windows\system32\DRVSTORE
2011-10-07 13:31 . 2009-02-24 15:42   116736   ----a-w-   c:\windows\system32\drivers\mcdbus.sys
2011-10-07 13:31 . 2011-10-07 13:31   --------   d-----w-   c:\program files\MagicDisc
2011-10-07 13:26 . 2011-10-07 13:26   --------   d-----w-   c:\documents and settings\Maria\LocalLow
2011-10-04 20:30 . 2011-10-04 20:34   --------   d-----w-   c:\program files\SPSS Viewer
2011-10-04 18:26 . 2011-10-04 18:26   --------   d-----w-   c:\documents and settings\Maria\Application Data\Eclipse
2011-10-03 21:49 . 2011-10-07 17:04   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\Amos 19.0
2011-10-03 21:44 . 2011-10-03 21:44   1024   -c--a-w-   c:\windows\system32\clauth2.dll
2011-10-03 21:44 . 2011-10-03 21:44   1024   -c--a-w-   c:\windows\system32\clauth1.dll
2011-10-03 21:43 . 2000-01-14 14:22   37136   ----a-w-   c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstrai40.exe
2011-10-03 21:43 . 2000-01-14 14:17   45328   ----a-w-   c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\mstran40.exe
2011-10-03 21:43 . 2000-07-14 16:02   74000   ----a-w-   c:\program files\Common Files\Microsoft Shared\Replication Manager 4.0\msrpfs40.dll
2011-10-03 20:59 . 2011-10-03 20:59   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\javasharedresources
2011-10-03 20:58 . 2011-10-03 20:58   --------   d--h--w-   c:\program files\Zero G Registry
2011-10-03 20:58 . 2011-10-03 20:58   --------   d--h--w-   c:\documents and settings\Maria\InstallAnywhere
2011-10-03 20:55 . 2011-10-03 20:55   --------   d-----w-   c:\documents and settings\All Users\Application Data\SPSS
2011-10-03 20:53 . 2011-10-03 20:53   --------   d-----w-   c:\program files\Common Files\IBM
2011-10-03 20:52 . 2011-10-03 20:52   --------   d-----w-   c:\program files\IBM
2011-10-03 19:36 . 2011-10-03 19:36   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\IsolatedStorage
2011-10-03 19:35 . 2011-10-03 19:35   --------   d-----w-   c:\documents and settings\Maria\Local Settings\Application Data\HP
2011-09-25 14:38 . 2011-10-14 12:33   --------   d-----w-   c:\program files\Microsoft Silverlight
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-16 14:30 . 2011-08-11 10:57   414368   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-26 08:41 . 2008-07-29 18:59   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41 . 2004-08-11 11:29   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 08:41 . 2004-08-11 11:29   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-09 09:12 . 2004-08-11 11:28   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20 . 2004-08-11 11:29   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48 . 2004-08-11 11:29   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48 . 2004-08-11 11:28   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48 . 2004-08-11 11:28   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56 . 2004-08-11 11:28   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-13 14:11 . 2011-08-13 14:12   8192   ----a-w-   c:\windows\system32\srvany.exe
2011-08-11 09:34 . 2011-08-11 09:34   51712   ----a-r-   c:\documents and settings\Maria\Application Data\Microsoft\Installer\{E4BC7400-140D-40C6-B6F9-617F88E0D7A7}\IconE4BC7400.exe
2011-08-11 09:34 . 2011-08-11 09:34   27648   ----a-r-   c:\documents and settings\Maria\Application Data\Microsoft\Installer\{E4BC7400-140D-40C6-B6F9-617F88E0D7A7}\IconE4BC74002.exe
2011-08-10 21:52 . 2011-08-10 21:52   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2011-08-10 21:52 . 2011-08-10 21:52   47360   ----a-w-   c:\documents and settings\Maria\Application Data\pcouffin.sys
2011-08-10 20:52 . 2011-08-10 20:53   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2011-08-10 20:52 . 2011-08-10 20:53   472808   -c--a-w-   c:\windows\system32\deployJava1.dll
2011-08-08 08:00 . 2011-08-11 20:01   74752   -c--a-w-   c:\windows\system32\ff_vfw.dll
2011-07-08 07:30 . 2011-08-10 19:42   142296   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2011-01-17 15:54   175912   ----a-w-   c:\program files\Freecorder\prxtbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 15:54   175912   ----a-w-   c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFree.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Update Service"="c:\progra~1\COMMON~1\TEKNUM~1\update.exe" [2005-10-05 30208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-04-09 135168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-25 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-25 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-25 114688]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Biomenu"="c:\program files\Protector Suite QL\menusw.exe" [2005-02-28 1366016]
"SSC_UserPrompt"="c:\program files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 218240]
"SECEDIT"="c:\drivers\SECEDIT.EXE" [2005-05-26 24576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{569DAC0F-2791-46ab-8EFC-A54B77C04C20}"= "c:\program files\DVD Ghost\ExecuteHooker.dll" [2005-11-14 90112]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2005-02-28 15:23   39936   ----a-w-   c:\windows\system32\fusstub.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\acaptuser32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ulead Photo Express 3.0 SE Calendar Checker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 3.0 SE Calendar Checker.lnk
backup=c:\windows\pss\Ulead Photo Express 3.0 SE Calendar Checker.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Γρήγορη εκκίνηση HP Image Zone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Γρήγορη εκκίνηση HP Image Zone.lnk
backup=c:\windows\pss\Γρήγορη εκκίνηση HP Image Zone.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Maria^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Maria\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43   640376   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25   37232   ----a-w-   c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-07-25 07:33   2968512   ----a-w-   c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 13:54   91520   ----a-w-   c:\program files\Microsoft Office\Office14\BCSSync.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDXGhost]
2006-02-25 14:10   1556480   ----a-w-   c:\program files\DVD Ghost\DVDGhost.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-04-13 14:11   2387968   ----a-w-   c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2011-07-06 18:52   449584   ----a-w-   c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 04:42   1695232   ----a-w-   c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-04-29 08:07   127118   ----a-w-   c:\apps\Powercinema\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-08-10 22:27   155648   ----a-w-   c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24   32768   ----a-w-   c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
2006-03-06 23:52   36864   ------w-   c:\program files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\WinWrapIDE.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.exe"=
"c:\\Program Files\\IBM\\SPSS\\Statistics\\19\\stats.com"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [11/08/2011 12:44 11264]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 19:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [13/07/2011 00:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 02:38 116608]
R2 FdRedir;FdRedir;c:\windows\system32\drivers\FdRedir.sys [28/02/2005 18:25 12544]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\windows\system32\drivers\filedisk.sys [28/02/2005 18:25 33024]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [16/08/2011 12:26 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [16/08/2011 12:25 22712]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [11/08/2011 00:52 47360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 15:16 130384]
S2 KMService;KMService;c:\windows\system32\srvany.exe [13/08/2011 17:12 8192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [16/08/2011 12:26 41272]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [12/06/2011 11:15 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 23:37 4640000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [11/08/2004 14:29 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 15:16 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM   REG_MULTI_SZ      WINRM
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-04-13 14:08   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-26 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5ffdfb83-3403-4f44-82d6-35090f6cfc96.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2011-10-21 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f145a21f-f3e7-4138-a4a4-16f7f10a932a.job
- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2005-10-05 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-10-05 11:24]
.
2013-10-04 c:\windows\Tasks\User_Feed_Synchronization-{8FB176E6-BC06-406E-896A-698783625451}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
2011-10-20 c:\windows\Tasks\WebReg psc 1500 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2005-05-11 23:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.nec-online.co.uk/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
TCP: Interfaces\{7142F9FD-8C3A-4AD5-A619-3C94C79502D5}: NameServer = 192.168.6.108,192.168.5.108
FF - ProfilePath - c:\documents and settings\Maria\Application Data\Mozilla\Firefox\Profiles\45nyw1gt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
Notify-avldr - avldr.dll
MSConfigStartUp-NeroRebootSetup - c:\documents and settings\Maria\Local Settings\Temp\nro.tmp\SetupX.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-21 23:24
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\fusstub.dll
c:\program files\Protector Suite QL\infra.dll
c:\program files\Protector Suite QL\homefus.dll
c:\windows\system32\biologon.dll
c:\program files\Protector Suite QL\homepass.dll
c:\program files\Protector Suite QL\config.dll
c:\program files\Protector Suite QL\BhTcAll.dll
c:\program files\Protector Suite QL\BhDevTfm.dll
c:\program files\Protector Suite QL\passport.dll
c:\program files\Protector Suite QL\AlgVer.dll
c:\program files\Protector Suite QL\TCBioLib.dll
c:\program files\Protector Suite QL\remote.dll
c:\program files\Protector Suite QL\mysafe.dll
.
- - - - - - - > 'explorer.exe'(3352)
c:\windows\system32\WININET.dll
c:\documents and settings\Maria\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~3\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Protector Suite QL\mysafe.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\msiexec.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint2K\Apntex.exe
c:\program files\Apoint2K\HidFind.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-10-21  23:28:21 - machine was rebooted
ComboFix-quarantined-files.txt  2011-10-21 20:28
.
Pre-Run: 17,765,318,656 bytes free
Post-Run: 17,755,774,976 bytes free
.
- - End Of File - - CA9F83DCC2EFA310846CBB0DA04AB9DA

1574
Hi, Corine.

When I enter windows in safe mode, I have not the option of networking. I think that Supe Antispyware gives this option. I will try and tell you.

Thank you for the instructions. I will proceed immediately.

1575
I have taken the risk to transfer files from the one computer to the other... I forgot to mention that the infected computer became very very slow...

Another question, before texts: Isn't is dangerous to paste to public all these details about a system?

A.
 Results of screen317's Security Check version 0.99.24 
 Windows XP Service Pack 3 x86   
 Internet Explorer 8 
``````````````````````````````
Antivirus/Firewall Check:

 WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

 Malwarebytes' Anti-Malware   
 Java(TM) 6 Update 26 
 Java 2 Runtime Environment, SE v1.4.2_05
 Out of date Java installed!
  Adobe Flash Player (   10.3.183.5) Flash Player Out of Date! 
 Mozilla Firefox (x86 el..)
````````````````````````````````
Process Check: 
objlist.exe by Laurent

 Malwarebytes' Anti-Malware mbamservice.exe 
``````````End of Log````````````


B.
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 1.6.0_26
Run by M at 20:30:31 on 2011-10-21
Microsoft Windows XP Professional  5.1.2600.3.1253.30.1033.18.1526.1114 [GMT 3:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
svchost.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Freecorder\FLVSrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.nec-online.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~3\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFree.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Update Service] c:\progra~1\common~1\teknum~1\update.exe /startup
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Biomenu] "c:\program files\protector suite ql\menusw.exe"
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [SECEDIT] c:\drivers\SECEDIT.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~3\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: Interfaces\{7142F9FD-8C3A-4AD5-A619-3C94C79502D5} : NameServer = 192.168.6.108,192.168.5.108
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - fusstub.dll
AppInit_DLLs: acaptuser32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: ExecuteHooker Class: {569dac0f-2791-46ab-8efc-a54b77c04c20} - c:\program files\dvd ghost\ExecuteHooker.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~3\office14\GROOVEEX.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli fusstub
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\maria\application data\mozilla\firefox\profiles\45nyw1gt.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [2011-8-11 11264]
R2 FdRedir;FdRedir;c:\windows\system32\drivers\FdRedir.sys [2005-2-28 12544]
R2 FileDisk2;FileDisk Protector Kernel Driver;c:\windows\system32\drivers\filedisk.sys [2005-2-28 33024]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-16 22712]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-8-16 41272]
.
=============== Created Last 30 ================
.
2011-10-21 15:17:19   --------   d-----w-   C:\bd_logs
2011-10-20 19:22:34   --------   d-----w-   c:\program files\common files\Panda Security
2011-10-18 11:50:26   105088   ----a-w-   c:\windows\system32\drivers\av5flt.sys
2011-10-18 11:40:27   --------   d-sh--w-   c:\documents and settings\maria\local settings\application data\1d883865
2011-10-17 19:29:26   26600   ----a-w-   c:\windows\system32\drivers\GEARAspiWDM.sys
2011-10-16 14:27:26   --------   d-----w-   c:\documents and settings\maria\application data\go
2011-10-16 14:27:22   --------   d-----w-   c:\documents and settings\all users\application data\Easybits GO
2011-10-11 12:27:22   1277952   ----a-w-   c:\windows\system32\SYNSOACC.dll
2011-10-09 12:07:13   1277952   ----a-w-   c:\windows\system32\SYNSOEMU.dll
2011-10-08 18:50:25   1409   ----a-w-   c:\windows\QTFont.for
2011-10-07 14:21:27   --------   d-----w-   c:\program files\Sonnox
2011-10-07 13:52:10   2892   ----a-w-   c:\windows\system32\audcon.sys
2011-10-07 13:52:10   --------   d-----w-   c:\documents and settings\all users\application data\Syncrosoft
2011-10-07 13:31:04   116736   ----a-w-   c:\windows\system32\drivers\mcdbus.sys
2011-10-07 13:31:02   --------   d-----w-   c:\program files\MagicDisc
2011-10-07 13:26:42   --------   d-----w-   c:\documents and settings\maria\LocalLow
2011-10-04 20:30:47   --------   d-----w-   c:\program files\SPSS Viewer
2011-10-04 18:26:07   --------   d-----w-   c:\documents and settings\maria\application data\Eclipse
2011-10-03 21:49:38   --------   d-----w-   c:\documents and settings\maria\local settings\application data\Amos 19.0
2011-10-03 21:44:25   1024   -c--a-w-   c:\windows\system32\clauth2.dll
2011-10-03 21:44:25   1024   -c--a-w-   c:\windows\system32\clauth1.dll
2011-10-03 21:44:25   0   -c--a-w-   c:\windows\system32\ssprs.dll
2011-10-03 21:44:25   0   -c--a-w-   c:\windows\system32\serauth2.dll
2011-10-03 21:44:25   0   -c--a-w-   c:\windows\system32\serauth1.dll
2011-10-03 21:44:25   0   -c--a-w-   c:\windows\system32\nsprs.dll
2011-10-03 21:43:53   45328   ----a-w-   c:\program files\common files\microsoft shared\replication manager 4.0\mstran40.exe
2011-10-03 21:43:53   37136   ----a-w-   c:\program files\common files\microsoft shared\replication manager 4.0\mstrai40.exe
2011-10-03 21:43:52   74000   ----a-w-   c:\program files\common files\microsoft shared\replication manager 4.0\msrpfs40.dll
2011-10-03 20:59:52   --------   d-----w-   c:\documents and settings\maria\local settings\application data\javasharedresources
2011-10-03 20:58:12   --------   d--h--w-   c:\program files\Zero G Registry
2011-10-03 20:58:12   --------   d--h--w-   c:\documents and settings\maria\InstallAnywhere
2011-10-03 20:55:49   --------   d-----w-   c:\documents and settings\all users\application data\SPSS
2011-10-03 20:53:38   --------   d-----w-   c:\program files\common files\IBM
2011-10-03 20:52:23   --------   d-----w-   c:\program files\IBM
2011-10-03 19:36:24   --------   d-----w-   c:\documents and settings\maria\local settings\application data\IsolatedStorage
2011-10-03 19:35:59   --------   d-----w-   c:\documents and settings\maria\local settings\application data\HP
.
==================== Find3M  ====================
.
2011-10-16 14:30:21   414368   -c--a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-04 20:35:13   205   -c--a-w-   c:\windows\system32\lsprst7.dll
2011-09-26 08:41:20   611328   ----a-w-   c:\windows\system32\uiautomationcore.dll
2011-09-26 08:41:20   220160   ----a-w-   c:\windows\system32\oleacc.dll
2011-09-26 08:41:14   20480   ----a-w-   c:\windows\system32\oleaccrc.dll
2011-09-09 09:12:13   599040   ----a-w-   c:\windows\system32\crypt32.dll
2011-09-06 13:20:51   1858944   ----a-w-   c:\windows\system32\win32k.sys
2011-08-22 23:48:55   916480   ----a-w-   c:\windows\system32\wininet.dll
2011-08-22 23:48:54   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2011-08-22 23:48:54   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2011-08-22 11:56:39   385024   ----a-w-   c:\windows\system32\html.iec
2011-08-17 13:49:54   138496   ----a-w-   c:\windows\system32\drivers\afd.sys
2011-08-13 14:11:08   8192   ----a-w-   c:\windows\system32\srvany.exe
2011-08-11 14:21:43   100   -c--a-w-   c:\windows\system32\prsgrc.dll
2011-08-11 13:45:48   1024   -c--a-w-   c:\windows\system32\grcauth2.dll
2011-08-11 13:45:48   1024   -c--a-w-   c:\windows\system32\grcauth1.dll
2011-08-11 13:44:02   1025   -c--a-w-   c:\windows\system32\sysprs7.dll
2011-08-10 21:52:10   87608   ----a-w-   c:\documents and settings\maria\application data\inst.exe
2011-08-10 21:52:10   47360   ----a-w-   c:\windows\system32\drivers\pcouffin.sys
2011-08-10 21:52:10   47360   ----a-w-   c:\documents and settings\maria\application data\pcouffin.sys
2011-08-10 21:10:50   14   -c--a-w-   c:\windows\system32\SysEngine2.SYS
2011-08-10 20:52:55   73728   -c--a-w-   c:\windows\system32\javacpl.cpl
2011-08-10 20:52:55   472808   -c--a-w-   c:\windows\system32\deployJava1.dll
2011-08-08 08:00:00   74752   -c--a-w-   c:\windows\system32\ff_vfw.dll
.
============= FINISH: 20:33:32.94 ===============


C.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 09/08/2011 12:40:23
System Uptime: 21/10/2011 20:04:08 (0 hours ago)
.
Motherboard: NEC Computers International      |  | VC2
Processor:         Intel(R) Pentium(R) M processor 1.86GHz | uFCBGA | 1862/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 16.739 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&31177083&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27018086&REV_05\4&31177083&0&18F0
Service: w29n51
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
ΜΑΤΖΕΝΤΑ - Αγγλικό-Ελληνικό & Ελληνικό-Αγγλικό λεξικό
1500
1500_Help
1500Trb
ABBYY PDF Transformer 2.0
Adobe Acrobat 9 Pro Extended - English, Franηais, Deutsch
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 6.0
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Stock Photos CS3
Adobe SVG Viewer 3.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advertising Center
AiO_Scan
AiOSoftware
AnyDVD
ASAPI Update
Bigger Brain Trainer
BufferChm
Click to Call with Skype
Conduit Engine
ConvertXtoDVD 3.2.0.52
CP_AtenaShokunin1Config
CP_CalendarTemplates1
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
CueTour
CustomerResearchQFolder
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesignPro SE eMedia
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
DjVuLibre+DjView
DocProc
DocumentViewer
DocumentViewerQFolder
DolbyFiles
DVD Ghost 2.2
DVDShrink 2008
EasyBits GO
eSupportQFolder
EucliDraw
Fax
Finale 2011
Freecorder 5
Freecorder Toolbar
FullDPAppQFolder
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
IBM SPSS Amos 19
IBM SPSS Statistics 19
ImagXpress
ImTOO Audio Maker
ImTOO DVD Copy Express
ImTOO DVD Creator
ImTOO DVD Ripper Ultimate
ImTOO MPEG Encoder Ultimate
InstantShareDevices
Java 2 Runtime Environment, SE v1.4.2_05
Java Auto Updater
Java(TM) 6 Update 26
K-Lite Codec Pack 7.6.0 (Full)
Kidspiration 3 IE
LightScribe System Software
MagicDisc 2.7.106
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Menu Templates - Starter Kit
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Greek Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Access MUI (English) 2010
Microsoft Office Access MUI (Greek) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Excel MUI (Greek) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office Groove MUI (Greek) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office InfoPath MUI (Greek) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office OneNote MUI (Greek) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office Outlook MUI (Greek) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint MUI (Greek) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Greek) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Greek) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Publisher MUI (Greek) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Greek) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Office Word MUI (Greek) 2010
Microsoft Silverlight
Microsoft Software Update for Web Folders  (English) 14
Microsoft Software Update for Web Folders  (Greek) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Movie Templates - Starter Kit
Mozilla Firefox 5.0.1 (x86 el)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero RescueAgent Help
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
NewCopy
PanoStandAlone
PDF Settings
Photo Story 3 for Windows
PhotoGallery
PowerDVD
ProductContext
Protector Suite QL 5.2
QuickTime
RandMap
RapidBIT Suite
Readme
Registry Speedup 1.00
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft InfoPath 2010 (KB2510065)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2584066)
Security Update for Microsoft PowerPoint 2010 (KB2519975)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Windows (KB2564958)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
SkinsHP1
Skype™ 5.3
SmartSound Quicktracks Plugin
SolutionCenter
Sonic RecordNow!
Sonic_PrimoSDK
SoundTrax
SPSS SmartViewer 15.0
Status
Subtitle Workshop 2.51
SUPERAntiSpyware
swMSM
Text to Speech XP
TinkerPlots
Total Uninstall 5.2.0
Total Video Converter 3.12 080330
TrayApp
Ulead Photo Express 3.0 SE
Ulead VideoStudio 10
Unload
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Microsoft Office 2010 (KB2523113)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2493983)
Update for Microsoft Outlook Social Connector (KB2583935)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VLC media player 1.1.0
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
Xilisoft Video Converter Ultimate
.
==== Event Viewer Messages From Past Week ========
.
21/10/2011 17:58:07, error: Tcpip [4198]  - The system detected an address conflict for IP address 192.168.10.2 with the system having network hardware address 0C:60:76:3F:6F:D0. The local interface has been disabled.
20/10/2011 22:34:55, error: Server [2505]  - The server could not bind to the transport \Device\NetBT_Tcpip_{7142F9FD-8C3A-4AD5-A619-3C94C79502D5} because another computer on the network has the same name.  The server could not start.
20/10/2011 22:23:48, error: Service Control Manager [7034]  - The Panda Process Protection Service service terminated unexpectedly.  It has done this 1 time(s).
20/10/2011 22:09:58, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u mraid35x PCIIde perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
20/10/2011 16:21:40, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  An address incompatible with the requested protocol was used.
20/10/2011 16:21:40, error: Service Control Manager [7023]  - The Automatic Updates service terminated with the following error:  %%2147952447
20/10/2011 16:10:07, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  An address incompatible with the requested protocol was used.
20/10/2011 16:10:07, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  The support for the specified socket type does not exist in this address family.
19/10/2011 21:00:55, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD8-2166-11D1-B1D0-00805FC1270E}
19/10/2011 17:54:10, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
19/10/2011 17:23:20, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
19/10/2011 17:14:37, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
19/10/2011 17:14:30, error: DCOM [10005]  - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
19/10/2011 17:11:16, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD ElbyCDIO Fips intelppm IPSec MRxSmb NetBIOS NetBT pavboot RasAcd Rdbss SASDIFSV SASKUTIL ShldDrv Tcpip
19/10/2011 17:11:16, error: Service Control Manager [7003]  - The Panda On-Access Anti-Malware Service service depends on the following nonexistent service: PskSvcRetail
19/10/2011 17:11:16, error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:  A device attached to the system is not functioning.
19/10/2011 17:11:16, error: Service Control Manager [7001]  - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:  A device attached to the system is not functioning.
19/10/2011 17:11:16, error: Service Control Manager [7001]  - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
19/10/2011 17:11:16, error: Service Control Manager [7001]  - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:  A device attached to the system is not functioning.
19/10/2011 17:11:16, error: Service Control Manager [7001]  - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
18/10/2011 21:30:37, error: Service Control Manager [7034]  - The Panda TPSrv service terminated unexpectedly.  It has done this 1 time(s).
18/10/2011 21:29:25, error: Service Control Manager [7024]  - The ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## service terminated with service-specific error 4294967295 (0xFFFFFFFF).
18/10/2011 21:29:25, error: Service Control Manager [7023]  - The Windows Firewall/Internet Connection Sharing (ICS) service terminated with the following error:  A socket operation encountered a dead network.
18/10/2011 21:29:25, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  A socket operation encountered a dead network.
18/10/2011 21:29:25, error: Service Control Manager [7023]  - The Automatic Updates service terminated with the following error:  %%2147952450
18/10/2011 14:44:50, error: System Error [1003]  - Error code 1000007e, parameter1 c0000005, parameter2 884f7034, parameter3 ba51baec, parameter4 ba51b7e8.
14/10/2011 14:37:49, error: Dhcp [1002]  - The IP address lease 192.168.10.1 for the Network Card with network address 0015002F93DD has been denied by the DHCP server 192.168.10.254 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================



THAT'S ALL...............

Pages: 1 ... 103 104 [105] 106