Jump to content

searchnu.com/406 infection


Recommended Posts

Hello! I have been infected with searchnu for some time. I followed the instructions using dds and will now post the logs that were generated. Thank you for your help--it is much appreciated.

eta: I am confused. Am I supposed to copy and paste the logs or attach them? I think I'm supposed to attach them. If not, I can copy and paste. Let me know if I did it wrong. attach.txtdds.txt

Link to post
Share on other sites

A kind MWB'er clarified the process. Apparently I'm supposed to copy/paste the dds file and attach the attach file (duh).

Also, I apologize for bumping my topic. I can't figure out how to edit my original post.

Thanks for the help.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26

Run by Administrator at 21:13:34 on 2012-07-30

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2125 [GMT -6:00]

.

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Cloud Antivirus Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\WINDOWS\system32\wuauclt.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchnu.com/406

uSearch Bar = hxxp://dts.search-results.com/sidebar.html?src=ssb&appid=394&systemid=406&sr=0

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

mSearchAssistant = hxxp://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [PSUAMain] "c:\program files\panda security\panda cloud antivirus\PSUAMain.exe" /LaunchSysTray

StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\administrator\application data\dropbox\bin\Dropbox.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1 192.168.0.1 205.171.3.25

TCP: Interfaces\{67EE3487-1771-49EE-B494-82F5E052595B} : DhcpNameServer = 192.168.1.1 192.168.0.1 205.171.3.25

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-11-11 721000]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-11-11 353688]

R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [2012-6-27 82472]

R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [2012-6-27 120744]

R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [2012-6-27 122664]

R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [2012-6-27 93992]

R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [2012-6-27 104104]

R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [2012-6-27 286376]

R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [2012-6-27 153000]

R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [2012-6-27 106536]

R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [2012-7-12 206632]

R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [2012-6-27 92840]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2012-7-13 179112]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-11-11 21256]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-11-11 44808]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2012-7-13 140064]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2012-7-13 149032]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2012-7-13 101544]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2012-7-13 114728]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2012-7-13 120616]

R2 PSUAService;Panda Product Service;c:\program files\panda security\panda cloud antivirus\PSUAService.exe [2012-7-13 36640]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-5-2 116648]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-5-3 158856]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-5-2 116648]

S3 NNSNAHS;Network Activity Hook Server Service;c:\windows\system32\drivers\NNSNAHS.sys [2011-9-9 38536]

S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [2012-6-27 51496]

.

=============== Created Last 30 ================

.

2012-07-31 02:45:05 46280 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-07-13 13:02:48 120616 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-07-13 13:02:47 179112 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-07-13 13:02:47 114728 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-07-13 13:02:47 101544 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-07-13 13:02:46 149032 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-07-12 17:18:32 206632 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-07-06 01:36:37 -------- d-----w- c:\documents and settings\all users\application data\boost_interprocess

.

==================== Find3M ====================

.

2012-07-03 19:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-03 16:21:53 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21:32 41224 ----a-w- c:\windows\avastSS.scr

2012-06-27 21:51:07 92840 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-06-27 21:51:06 286376 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-06-27 21:51:06 153000 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-06-27 21:51:06 106536 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-06-27 21:51:05 51496 ----a-w- c:\windows\system32\drivers\NNSpihs.sys

2012-06-27 21:51:05 104104 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-06-27 21:51:04 93992 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-06-27 21:51:04 122664 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-06-27 21:51:03 82472 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-06-27 21:51:03 120744 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 21:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 21:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 21:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 21:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 21:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 21:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 21:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 21:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 07:58:35 667136 ----a-w- c:\windows\system32\wininet.dll

2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

============= FINISH: 21:13:55.84 ===============

Link to post
Share on other sites

Hello karerapi and :welcome:! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

Hello Maniac, thanks for your response. I did something stupid--I accidentally deleted the extras.txt file from my recycle bin. Oldtimer will not generate another extras file for me. Let me know what I should do.

Here's the OTL.txt document:

OTL logfile created on: 7/31/2012 9:06:04 PM - Run 2

OTL by OldTimer - Version 3.2.55.0 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 6.0.2900.5512)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.41 Gb Available Physical Memory | 80.56% Memory free

4.83 Gb Paging File | 4.37 Gb Available in Paging File | 90.38% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 931.50 Gb Total Space | 617.93 Gb Free Space | 66.34% Space Free | Partition Type: NTFS

Computer Name: USER-695B58708A | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/31 20:50:14 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.com

PRC - [2012/07/13 07:15:56 | 000,037,152 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe

PRC - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe

PRC - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe

PRC - [2012/07/03 10:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe

PRC - [2012/07/03 10:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe

PRC - [2012/05/24 12:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe

PRC - [2009/07/26 12:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/31 13:06:18 | 001,790,464 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12073102\algo.dll

MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/07/13 07:15:56 | 000,036,640 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe -- (PSUAService)

SRV - [2012/07/13 06:57:41 | 000,140,064 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)

SRV - [2012/07/03 10:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2012/05/03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2006/03/30 10:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)

DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)

DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)

DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)

DRV - File not found [Kernel | System | Stopped] -- -- (Changer)

DRV - [2012/07/13 07:02:48 | 000,120,616 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)

DRV - [2012/07/13 07:02:47 | 000,179,112 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)

DRV - [2012/07/13 07:02:47 | 000,114,728 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)

DRV - [2012/07/13 07:02:47 | 000,101,544 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)

DRV - [2012/07/13 07:02:46 | 000,149,032 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)

DRV - [2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSStrm.sys -- (NNSSTRM)

DRV - [2012/07/03 10:21:54 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2012/07/03 10:21:53 | 000,721,000 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2012/07/03 10:21:53 | 000,353,688 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2012/07/03 10:21:53 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)

DRV - [2012/07/03 10:21:53 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2012/07/03 10:21:53 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2012/07/03 10:21:52 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)

DRV - [2012/06/27 15:51:07 | 000,092,840 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNStlsc.sys -- (NNSTLSC)

DRV - [2012/06/27 15:51:06 | 000,286,376 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSProt.sys -- (NNSPROT)

DRV - [2012/06/27 15:51:06 | 000,153,000 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPrv.sys -- (NNSPRV)

DRV - [2012/06/27 15:51:06 | 000,106,536 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSSmtp.sys -- (NNSSMTP)

DRV - [2012/06/27 15:51:05 | 000,104,104 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSPop3.sys -- (NNSPOP3)

DRV - [2012/06/27 15:51:05 | 000,051,496 | ---- | M] (Panda Security, S.L.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\NNSpihs.sys -- (NNSPIHS)

DRV - [2012/06/27 15:51:04 | 000,122,664 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSIds.sys -- (NNSIDS)

DRV - [2012/06/27 15:51:04 | 000,093,992 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSpicc.sys -- (NNSPICC)

DRV - [2012/06/27 15:51:03 | 000,120,744 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSHttp.sys -- (NNSHTTP)

DRV - [2012/06/27 15:51:03 | 000,082,472 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\NNSAlpc.sys -- (NNSALPC)

DRV - [2011/09/09 13:54:48 | 000,038,536 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NNSNAHS.sys -- (NNSNAHS)

DRV - [2011/03/10 18:04:57 | 000,046,280 | ---- | M] (Panda Security) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\PSKMAD.sys -- (PSKMAD)

DRV - [2010/07/30 09:36:12 | 000,224,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)

DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&appid=394&systemid=406&sr=0

IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406

IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/07 15:24:35 | 000,000,000 | ---D | M]

[2012/07/30 20:41:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7n2ujqzv.default\extensions

[2012/07/22 20:33:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7n2ujqzv.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2012/07/30 20:42:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2012/03/15 20:41:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2012/07/05 19:36:36 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

========== Chrome ==========

CHR - homepage: http://www.searchnu.com/406

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.searchnu.com/406

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll

CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll

CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll

CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Unity Player (Enabled) = C:\Documents and Settings\Administrator\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL

CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: avast! WebRep = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2008/04/14 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [PSUAMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe (Panda Security, S.L.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Administrator\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.0.1 205.171.3.25

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67EE3487-1771-49EE-B494-82F5E052595B}: DhcpNameServer = 192.168.1.1 192.168.0.1 205.171.3.25

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/10/14 18:50:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/31 18:38:01 | 000,046,280 | ---- | C] (Panda Security) -- C:\WINDOWS\System32\drivers\PSKMAD.sys

[2012/07/30 21:08:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools

[2012/07/30 20:37:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Identities

[2012/07/30 20:34:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Panda Cloud Antivirus

[2012/07/13 07:02:48 | 000,120,616 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINProt.sys

[2012/07/13 07:02:47 | 000,179,112 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINKNC.sys

[2012/07/13 07:02:47 | 000,114,728 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINProc.sys

[2012/07/13 07:02:47 | 000,101,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINFile.sys

[2012/07/13 07:02:46 | 000,149,032 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINAflt.sys

[2012/07/12 11:18:32 | 000,206,632 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NNSStrm.sys

[2012/07/05 19:38:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc

[2012/07/05 19:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/31 21:13:02 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2049760794-1606980848-500UA.job

[2012/07/31 20:44:12 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job

[2012/07/31 20:44:08 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/07/31 20:44:07 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/31 20:34:32 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/31 18:37:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012/07/30 23:55:44 | 000,120,975 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SDQ_English(USA)_ptscoring.pdf

[2012/07/30 20:35:15 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012/07/30 20:35:09 | 000,141,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012/07/30 09:13:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-2049760794-1606980848-500Core.job

[2012/07/22 20:39:02 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/15 09:26:27 | 000,012,701 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\me_large.jpg

[2012/07/14 21:08:53 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/07/13 19:13:54 | 000,010,887 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\IMG_0210_large.jpg

[2012/07/13 07:02:48 | 000,120,616 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINProt.sys

[2012/07/13 07:02:47 | 000,179,112 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINKNC.sys

[2012/07/13 07:02:47 | 000,114,728 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINProc.sys

[2012/07/13 07:02:47 | 000,101,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINFile.sys

[2012/07/13 07:02:46 | 000,149,032 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\PSINAflt.sys

[2012/07/12 12:11:37 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/07/12 12:11:34 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk

[2012/07/12 11:46:49 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Word (2).lnk

[2012/07/12 11:18:32 | 000,206,632 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\NNSStrm.sys

[2012/07/11 14:44:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2012/07/11 03:02:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012/07/07 15:24:38 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2012/07/03 10:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys

[2012/07/03 10:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

[2012/07/03 10:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys

[2012/07/03 10:21:53 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys

[2012/07/03 10:21:53 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys

[2012/07/03 10:21:53 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys

[2012/07/03 10:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys

[2012/07/03 10:21:52 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys

[2012/07/03 10:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr

[2012/07/03 10:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/30 23:55:44 | 000,120,975 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SDQ_English(USA)_ptscoring.pdf

[2012/07/22 20:39:02 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/15 09:27:07 | 000,012,701 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\me_large.jpg

[2012/07/13 19:14:01 | 000,010,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\IMG_0210_large.jpg

[2012/07/07 15:24:37 | 000,000,316 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job

[2012/05/24 18:33:01 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012/03/23 18:55:52 | 000,000,102 | ---- | C] () -- C:\Documents and Settings\Administrator\jobq.dat

[2012/02/14 14:03:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011/11/15 18:39:16 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/11/14 18:46:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2011/11/12 11:10:31 | 000,022,340 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2011/10/14 19:31:23 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

[2011/10/14 19:29:34 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll

[2011/10/14 18:52:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2011/10/14 18:47:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2011/10/14 12:38:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2011/10/14 12:37:45 | 000,141,240 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== LOP Check ==========

[2011/12/30 00:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Amazon

[2012/05/04 00:01:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon

[2012/07/31 20:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Dropbox

[2011/11/11 19:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org

[2011/10/14 19:49:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Panda Security

[2011/10/14 19:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer

[2011/11/11 14:58:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software

[2012/07/07 15:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

[2012/03/05 11:50:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2012/04/04 19:35:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV

[2012/03/05 12:48:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan

[2011/10/14 19:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security

[2012/03/15 20:42:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder

[2012/03/15 20:31:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE

[2011/11/11 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2012/03/15 22:00:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{A37818CF-E0CC-4A13-B685-605AE2F01FD2}

[2012/07/31 20:44:08 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\Tasks\avast! Emergency Update.job

[2012/07/31 20:44:12 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Step 1

Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. My suggestion is to uninstall Panda Cloud Antivirus and to keep avast! Free Antivirus. Finally, reboot your PC.

Step 2

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&appid=394&systemid=406&sr=0
    IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
    IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://dts.search-results.com/sidebar.html?src=ssb&appid=394&systemid=406&sr=0
    IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    IE - HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
    [2012/07/05 19:36:36 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
    CHR - homepage: http://www.searchnu.com/406
    CHR - homepage: http://www.searchnu.com/406
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    [2012/07/05 19:36:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess

    :files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

Hello Maniac! It appears to have been fixed. You are a genius! Thank you!!!

I also uninstalled Panda Cloud. I'm betting things will run much faster now.

OTL fix log:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!

HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKU\S-1-5-21-329068152-2049760794-1606980848-500\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.

Use Chrome's Settings page to change the HomePage.

Use Chrome's Settings page to change the HomePage.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

C:\Documents and Settings\All Users\Application Data\boost_interprocess\F053C788865CCD01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\boost_interprocess folder moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.bat deleted successfully.

C:\Documents and Settings\Administrator\My Documents\Downloads\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 1083939927 bytes

->Temporary Internet Files folder emptied: 320726017 bytes

->Java cache emptied: 0 bytes

->Google Chrome cache emptied: 369402575 bytes

->Flash cache emptied: 89187 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56475 bytes

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 45241 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 619057 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2402044 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 45544340 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 119046867 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 859153 bytes

Total Files Cleaned = 1,853.00 mb

OTL by OldTimer - Version 3.2.55.0 log created on 08022012_160844

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

[2012/08/02 16:11:07 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

Link to post
Share on other sites

Open Google Chrome. Click on Customize and control Google Chrome icon and select Settings. Choose Basic Options. Change Google Chrome homepage to google.com or any other and click the Manage search engines... button. Select Google from the list and make it your default search engine. Select Search Results from the list remove it by clicking the "X" mark.

Any progress now?

Link to post
Share on other sites

  • 2 weeks later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.