Help - Search - Members - Calendar
Full Version: Slow running and not displaying certain web pages
Gladiator Security Forum > Malware Help Forum > HELP! Think you are Infected?
cubfan56
Jan 21 2009, 11:03 PM
This morning I got on this computer and noticed it was running very slow. Any/all applications took too long to open. Also did a check on internet speed and it was fine.

I installed Panda AV 2009 since I already had a license (I don't really like it), scanned the system and found a number of problems. Then ran Malwarebytes Anti-Malware and found more. I also ran Spybot, ATF Cleaner and have Spyware Guard running full-time.

Now, computer is still slow but some webpages don't open. Mozilla says it's done loading but there isn't any thing on the page. Some page work fine. Others open but links won't work, etc.

I tried to use system restore to go to an earlier setting and it won't allow me.

Let me know what I need to do and thanks in advance.

Greg

Below are all the logs starting with the Panda AV;

Panda Antivirus Pro 2009 incident report
Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All
INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Disabled Antivirus protection 1/21/2009 3:00:43 PM Correct
Disabled Antivirus protection 1/21/2009 2:39:08 PM Correct
Disabled Antivirus protection 1/21/2009 1:57:25 PM Correct
Scan complete On-demand antivirus scan 1/21/2009 1:56:10 PM Scan:
Scan complete On-demand antivirus scan 1/21/2009 1:54:12 PM Scan: Scanning hard disk drives
Scan started On-demand antivirus scan 1/21/2009 1:49:55 PM Scan:
Update Updates system 1/21/2009 1:48:44 PM Correct File: Threat signatures
Dialer detected: Dialer.Gen On-demand antivirus scan 1/21/2009 1:37:19 PM Deleted Path: C:\WINDOWS\installer[air-10017,de].exe
Adware detected: Adware/SearchAid On-demand antivirus scan 1/21/2009 1:32:37 PM Moved to quarantine Path: C:\WINDOWS\Downloaded Program Files\f12802.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.3\rdgUS1735.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.7\rdgUS1735.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.8\rdgUS1735.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.9\rdgUS1735.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.2\rdgUS1735.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.4\rdgUS1735.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.6\rdgUS1735.exe
Virus detected: Trj/Busky.gen On-demand antivirus scan 1/21/2009 1:31:10 PM Deleted Path: C:\WINDOWS\Downloaded Program Files\CONFLICT.5\rdgUS1735.exe
Spyware detected: Spyware/Apropos On-demand antivirus scan 1/21/2009 1:18:32 PM Moved to quarantine Path: C:\temp\cxtpls_loader_ff.exe
Adware detected: Adware/Exact.SearchBar On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[trkgif.exe]
Adware detected: Adware/Exact.SearchBar On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[exdl.exe]
Adware detected: Adware/Exact.SearchBar On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[exul.exe]
Adware detected: Adware/Exact.Bargai... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[ahadp.exe][angelex.exe]
Hacking tool detected: HackTool/SRun... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[ahadp.exe][instsrv.exe]
Adware detected: Adware/Exact.Bargai... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[adp8034_CDT5.exe][adv.exe]
Adware detected: Adware/Exact.Bargai... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[adp8034_CDT5.exe][bargains.exe]
Adware detected: Adware/Exact.Bargai... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[ahadp.exe][m-- The nicest hobby on Earth ;) --reg.exe]
Adware detected: Adware/Exact.Bargai... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[adp8034_CDT5.exe][adx.exe]
Adware detected: Adware/Exact.Bargai... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[²θΗ]
Adware detected: Adware/Exact.Bargai... On-demand antivirus scan 1/21/2009 1:07:55 PM Notified Path: C:\temp\Bargains.exe[adp8034_CDT5.exe][²θΗ]
Hacking tool detected: HackTool/Kill... On-demand antivirus scan 1/21/2009 12:53:... Notified Path: C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat[simple_killw.exe]
Virus detected: Generic Malware On-demand antivirus scan 1/21/2009 12:53:... Deleted Path: C:\Documents and Settings\Owner\g2mdlhlpx.exe
Adware detected: Adware/SearchAid On-demand antivirus scan 1/21/2009 12:52:... Deleted Path: C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Q3567836.exe
Scan started On-demand antivirus scan 1/21/2009 12:44:... Scan: Scanning hard disk drives
Scan complete On-demand antivirus scan 1/21/2009 12:33:... Scan:
Adware detected: adware/wintools On-demand antivirus scan 1/21/2009 12:32:... Deleted Path: hkey_classes_root\protocols\name-space handler\res
Adware detected: adware/ncase On-demand antivirus scan 1/21/2009 12:32:... Deleted Path: c:\temp\salmau.dat
Dialer detected: dialer.no On-demand antivirus scan 1/21/2009 12:32:... Deleted Path: c:\windows\downloaded program files\rdgus1735.exe
Scan started On-demand antivirus scan 1/21/2009 12:31:... Scan:
Update Updates system 1/21/2009 12:31:... Correct Type: Identity protection
Update Updates system 1/21/2009 12:31:... Correct Threat signatures
Update Updates system 1/21/2009 12:31:... Correct Type: autofix hft80807s9
Update Updates system 1/21/2009 12:31:... Correct File: Threat signatures


-------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

1/21/2009 2:16:29 PM
mbam-log-2009-01-21 (14-16-29).txt

Scan type: Quick Scan
Objects scanned: 0
Time elapsed: 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-------------------------------------------------------

Malwarebytes' Anti-Malware 1.33
Database version: 1675
Windows 5.1.2600 Service Pack 3

1/21/2009 2:22:21 PM
mbam-log-2009-01-21 (14-22-21).txt

Scan type: Quick Scan
Objects scanned: 36552
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.skcommband (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\seekmotoolbar.skcommband.1 (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\seekmotoolbar.skcommband.1 (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\seekmotoolbar (Adware.Seekmo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\seekmotoolbar (Adware.Seekmo) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------------------------------

Logfile of random's system information tool 1.05 (written by random/random)
Run by Owner at 2009-01-21 15:35:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 21 GB (71%) free of 29 GB
Total RAM: 255 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:37:21 PM, on 1/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\RSIT.exe
C:\unzipped\HiJackThis-1\Owner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [S3Hotkey] s3hotkey.exe
O4 - HKLM\..\Run: [Rscmpt] C:\WINDOWS\System32\Rscmpt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SeekmoToolbar] C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE}
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ScanInicio] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\RunServices: [PandaScheduler] "C:\Program Files\Panda Software\Panda Antivirus 6.0\Pavsched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Wireless PCI Card Configuration Utility.lnk = C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: GearSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 6639 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}]
SpywareGuardDLBLOCK.CBrowserHelper - C:\Program Files\SpywareGuard\dlprotect.dll [2003-08-02 192512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-28 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-28 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-28 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"S3Hotkey"=C:\WINDOWS\SYSTEM32\s3hotkey.exe [2001-06-20 40960]
"Rscmpt"=C:\WINDOWS\System32\Rscmpt.exe [2003-01-21 482816]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2006-08-14 180269]
"SeekmoToolbar"=C:\Program Files\SeekmoToolbar\Bin\4.8.4.0\${HOOKOE_FILE} []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-28 136600]
"ISLP2STA.EXE"=ISLP2STA.EXE START []
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2007-12-11 286720]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2007-12-11 267048]
"ScanInicio"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe [2008-07-07 50432]
"APVXDWIN"=C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE [2008-12-03 869632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"DW6"=C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE
Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe

C:\Documents and Settings\Owner\Start Menu\Programs\Startup
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avldr]
C:\WINDOWS\SYSTEM32\avldr.dll [2008-03-18 58672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\SYSTEM32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{81559C35-8464-49F7-BB0E-07A383BEF910}"=C:\Program Files\SpywareGuard\spywareguard.dll [2003-08-02 126976]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=91000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\QuickTime\QuickTimePlayer.exe"="C:\Program Files\QuickTime\QuickTimePlayer.exe:*:Enabled:QuickTime Player"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{797c5210-bed7-11dc-be52-000625a6f168}]
shell\AutoRun\command - .\Encryption Tool\MaxtorEncryption.exe


======File associations======

.js - open - C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*
.vbs - open - C:\PROGRA~1\PANDAS~2\PANDAA~1\PAVSCRIP.EXE "%1" %*

======List of files/folders created in the last 1 months======

2009-01-21 14:27:21 ----D---- C:\Program Files\trend micro
2009-01-21 14:27:15 ----D---- C:\rsit
2009-01-21 14:07:22 ----D---- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2009-01-21 14:07:09 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-01-21 14:07:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-01-21 14:02:08 ----D---- C:\WINDOWS\SxsCaPendDel
2009-01-21 12:19:57 ----A---- C:\WINDOWS\system32\HHActiveX.dll
2009-01-21 12:19:44 ----A---- C:\WINDOWS\system32\TpUtil.dll
2009-01-21 12:19:44 ----A---- C:\WINDOWS\system32\SYSTOOLS.DLL
2009-01-21 12:19:44 ----A---- C:\WINDOWS\system32\PavLspHook.dll
2009-01-21 12:19:44 ----A---- C:\WINDOWS\system32\pavipc.dll
2009-01-21 12:19:43 ----A---- C:\WINDOWS\system32\PavSHook.dll
2009-01-21 12:19:34 ----A---- C:\WINDOWS\system32\avldr.dll
2009-01-21 12:19:29 ----D---- C:\Documents and Settings\Owner\Application Data\Panda Security
2009-01-21 12:19:29 ----D---- C:\Documents and Settings\All Users\Application Data\Panda Security
2009-01-21 12:19:28 ----D---- C:\Program Files\Panda Security
2009-01-21 12:11:03 ----D---- C:\Program Files\Common Files\Panda Security
2009-01-16 18:11:35 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2008-12-28 19:28:05 ----A---- C:\WINDOWS\system32\javaws.exe
2008-12-28 19:28:05 ----A---- C:\WINDOWS\system32\javaw.exe
2008-12-28 19:28:05 ----A---- C:\WINDOWS\system32\java.exe
2008-12-28 19:28:05 ----A---- C:\WINDOWS\system32\deploytk.dll

======List of files/folders modified in the last 1 months======

2009-01-21 15:35:51 ----D---- C:\WINDOWS\Prefetch
2009-01-21 15:26:58 ----D---- C:\unzipped
2009-01-21 15:24:30 ----D---- C:\WINDOWS\system32\CatRoot2
2009-01-21 15:10:51 ----D---- C:\Program Files\Mozilla Firefox
2009-01-21 15:09:59 ----A---- C:\data.ini
2009-01-21 15:09:55 ----D---- C:\WINDOWS\Temp
2009-01-21 15:07:51 ----D---- C:\WINDOWS\system32
2009-01-21 15:06:39 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-01-21 14:58:44 ----D---- C:\WINDOWS\system32\drivers
2009-01-21 14:27:21 ----AD---- C:\Program Files
2009-01-21 14:02:13 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-21 14:02:12 ----SHD---- C:\WINDOWS\Installer
2009-01-21 14:02:08 ----D---- C:\WINDOWS\WinSxS
2009-01-21 14:02:08 ----D---- C:\WINDOWS
2009-01-21 14:01:10 ----D---- C:\Program Files\Maxtor
2009-01-21 14:01:10 ----D---- C:\Config.Msi
2009-01-21 13:32:21 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-01-21 13:18:18 ----D---- C:\temp
2009-01-21 12:25:09 ----AC---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-01-21 12:21:35 ----D---- C:\WINDOWS\inf
2009-01-21 12:11:13 ----D---- C:\Program Files\Common Files\InstallShield
2009-01-21 12:11:03 ----AD---- C:\Program Files\Common Files
2009-01-16 18:11:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-01-16 18:10:40 ----HD---- C:\WINDOWS\$hf_mig$
2009-01-09 18:35:28 ----A---- C:\WINDOWS\system32\MRT.exe
2008-12-28 19:27:20 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ShldDrv;Panda File Shield Driver; C:\WINDOWS\System32\DRIVERS\ShlDrv51.sys [2008-03-04 41144]
R2 PAVDRV;pavdrv; C:\WINDOWS\system32\DRIVERS\pavdrv51.sys [2008-04-28 84024]
R2 PavProc;Panda Process Protection Driver; \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys []
R3 ComFiltr;Panda Anti-Dialer; \??\C:\WINDOWS\system32\DRIVERS\COMFiltr.sys []
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 Edspport;EDSP Port Driver; C:\WINDOWS\System32\DRIVERS\es56tpi.sys [2001-08-17 347550]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2002-06-12 284288]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2002-06-12 7424]
R3 GearAspiWDM;GearAspiWDM; C:\WINDOWS\system32\drivers\gearaspiwdm.sys [2006-09-19 15664]
R3 ISLP2;Intersil 802.11 Wireless LAN Driver; C:\WINDOWS\System32\DRIVERS\islp2nds.sys [2002-10-03 611840]
R3 nv3;nv3; C:\WINDOWS\System32\DRIVERS\nv3.sys [2001-08-17 198144]
R3 PavTPK.sys;PavTPK.sys; \??\C:\WINDOWS\system32\PavTPK.sys []
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2002-06-12 36992]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 ebookman;FEP_USB Driver; C:\WINDOWS\System32\Drivers\ebookman.sys [2001-05-11 19677]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MXOPSWD;Maxtor OneTouch Security Driver; C:\WINDOWS\system32\DRIVERS\mxopswd.sys [2007-05-03 22152]
S3 S3GSavageMX;S3GSavageMX; C:\WINDOWS\System32\DRIVERS\s3gsavm.sys [2001-08-24 79296]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WMP11;Instant Wireless PCI Card Driver; C:\WINDOWS\System32\DRIVERS\WMP11NDS.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2007-10-31 110592]
R2 Gwmsrv;Panda Goodware Cache Manager; C:\WINDOWS\system32\svchost -k Panda []
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-28 152984]
R2 Panda Software Controller;Panda Software Controller; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe [2008-07-16 181504]
R2 PAVFNSVR;Panda Function Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe [2008-07-10 169216]
R2 PavPrSrv;Panda Process Protection Service; C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe [2008-02-04 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe [2008-07-04 288512]
R2 PSIMSVC;Panda IManager Service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe [2008-06-19 108288]
R2 PskSvcRetail;Panda PSK service; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe [2008-06-25 28928]
R2 TPSrv;Panda TPSrv; C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe [2008-07-17 157440]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-22 38912]
R2 WMDM PMSP Service;WMDM PMSP Service; C:\WINDOWS\System32\MsPMSPSv.exe [2000-08-08 53520]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2007-12-11 504104]
S2 GearSecurity;GearSecurity; C:\WINDOWS\system32\gearsec.exe [2003-09-12 49152]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]

-----------------EOF-----------------


info.txt logfile of random's system information tool 1.05 2009-01-21 14:29:09

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\S3\SavageNB\SavageNB.isu"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~3\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~3\INSTALL.LOG
Adobe Acrobat 4.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Apple Mobile Device Support-->MsiExec.exe /I{B5C209B1-8DDB-4642-A573-375B951514CB}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
Battle.net-->C:\WINDOWS\bnetunin.exe
Cakewalk Pyro 2004-->C:\PROGRA~1\Cakewalk\CAKEWA~1\UNWISE.EXE C:\PROGRA~1\Cakewalk\CAKEWA~1\INSTALL.LOG
GTK+ 2.8.9 runtime environment-->"C:\Program Files\Common Files\GTK\2.0\unins000.exe"
HighMAT Extension to Microsoft Windows XP CD Writing Wizard-->MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}
J2SE Runtime Environment 5.0 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150020}
J2SE Runtime Environment 5.0 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150040}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Java™ 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java™ 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~2\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~2\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework (English)-->MsiExec.exe /X{B43357AA-3A6D-4D94-B56E-43C44D09E548}
Microsoft .NET Framework 1.0 Hotfix (KB928367)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Updates\M928367\M928367Uninstall.msp"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Small Business-->MsiExec.exe /I{00030409-78E1-11D2-B60F-006097C998E7}
Microsoft Windows Journal Viewer-->MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
Mozilla Firefox (3.0.5)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MP3Producer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{844D7D19-0843-46FD-B2A9-8E1ED788765B}\Setup.exe"
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Neuros Synchronization Manager-->MsiExec.exe /X{1CF6A86B-DAD8-4B96-8B25-3689155E607F}
Panda Antivirus Pro 2009-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E55FB276-73C9-4776-AB53-BC028C0509ED}\SETUP.exe" -l0x9 -removeonly
PCRecruiter-->C:\WINDOWS\ST5UNST.EXE -n "C:\Program Files\PCRecruiter\ST5UNST.LOG"
QuickTime-->MsiExec.exe /I{E0D51394-1D45-460A-B62D-383BC4F8B335}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
S3 Gamma Utility-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3 Gamma'
S3DuoVue Utility-->s3uninst.exe -reg 5 'HKLM\Software\S3\S3Uninst\S3Duovue'
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Shockwave-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2-->"C:\Program Files\SpywareGuard\unins000.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
West Point Bridge Designer 2006-->C:\WINDOWS\iun6002.exe "C:\Program Files\West Point Bridge Designer 2006\irunin.ini"
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Wireless PCI Card Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FADC8AB-5575-4D87-8870-EE527D86163F}\Setup.EXE" -l0x9

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Panda Antivirus Pro 2009 (disabled)

System event log

Computer Name: KIDS
Event Code: 26
Message: Application popup: : Machine Check: Regs

Record Number: 43970
Source Name: Application Popup
Time Written: 20080911155318.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 26
Message: Application popup: : Machine Check:

Record Number: 43969
Source Name: Application Popup
Time Written: 20080911155318.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 4
Message: AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0xcfc), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Record Number: 43968
Source Name: ACPI
Time Written: 20080911155318.000000-360
Event Type: error
User:

Computer Name: KIDS
Event Code: 5
Message: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected
address range. This could lead to system instability. Please contact your system vendor for technical assistance.

Record Number: 43967
Source Name: ACPI
Time Written: 20080911155318.000000-360
Event Type: error
User:

Computer Name: KIDS
Event Code: 6005
Message: The Event log service was started.

Record Number: 43966
Source Name: EventLog
Time Written: 20080911155313.000000-360
Event Type: information
User:

Application event log

Computer Name: KIDS
Event Code: 101
Message: wuauclt (1072) The database engine stopped.

Record Number: 2941
Source Name: ESENT
Time Written: 20050413185404.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 103
Message: wuaueng.dll (1072) SUS20ClientDataStore: The database engine stopped the instance (0).

Record Number: 2940
Source Name: ESENT
Time Written: 20050413185404.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 102
Message: wuaueng.dll (1072) SUS20ClientDataStore: The database engine started a new instance (0).

Record Number: 2939
Source Name: ESENT
Time Written: 20050413184841.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 100
Message: wuauclt (1072) The database engine 5.01.2600.2180 started.

Record Number: 2938
Source Name: ESENT
Time Written: 20050413184841.000000-360
Event Type: information
User:

Computer Name: KIDS
Event Code: 1800
Message: The Windows Security Center Service has started.

Record Number: 2937
Source Name: SecurityCenter
Time Written: 20050413184756.000000-360
Event Type: information
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SYSTEMROOT%\SYSTEM32;%SYSTEMROOT%;%SYSTEMROOT%\SYSTEM32\WBEM;;C:\PROGRAM FILES\COMMON FILES\GTK\2.0\BIN;C:\PROGRAM FILES\QUICKTIME\QTSYSTEM\;C:\Program Files\Panda Security\Panda Antivirus Pro 2009\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 3 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=0301
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------
LoPhatPhuud
Jan 22 2009, 03:48 PM
The lastest HJT and RSIT logs look good. Are you still experiencing any problems?
cubfan56
Jan 22 2009, 08:25 PM
Most of the difficulties from yesterday are gone with the exception of the slow Firefox start-up.

I'm concerned that something is running in the background that shouldn't be since when I open up windows task manager, the CPU usage is constantly bouncing around from 12% - 65%. If I look under processes, it shows that most of the CPU is being used by "System Idle Process SYSTEM" with a few percentage points being taken up by Firefox and the Task Manager.

That doesn't seem right to me.

Any thoughts?

Thanks,
Greg

LoPhatPhuud
Jan 23 2009, 03:12 PM
System Idle should be consuming most of the CPU. That is the task when others are at rest. A constant fluctuation to 65% is not normal. Were you able to find any of the tasks (other than System Idle) consuming a high percent regularly?

cubfan56
Jan 25 2009, 08:50 PM
No other tasks are large consumers. There are four other tasks that show from 0-6% usage regularly. They are:

sgbhp
TeaTimer
TaskMgr
Explorer

Nothing else.
LoPhatPhuud
Jan 26 2009, 04:29 PM
The first two are Spybot S&D, the other two are Windows.

The first time you load FireFox it can take time. It does on my computer. Upwards of a minute, but after that it loads in about 15 seconds. I suspect its doing update checks on the program and various extensions. Extensions themselves may cause a delay depending on number and nature. I don't see anything amiss in your system.
cubfan56
Feb 1 2009, 11:14 PM
Thanks so much LoPhat. As always, I appreciate your help with my problems.

Best Regards,
Greg
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.