OS: Windows Server 2003

I've run Spybot S&D (downloaded the latest version) about 4 times, rebooting after each run.

Several times during the scanning process, it gets interrupted and says, "it is recommended that you reboot and scan again". The first time it popped up about 6 times, now, it happens twice.

I've seen this post (http://forums.spybot.info/showthread.php?t=32138) which indicates it's Virtumonde itself that is causing this popup.

I was planning to install hijackthis, but will wait for instructions. One problem though, is that when it finishes, Windows continues its boot, then i get the teatimer popups.

Anyone who can help has my undivided attention.

Hi hoomaster

Click here (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to download HJTInstall.exe
Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:13 PM, on 9/26/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
C:\ColdFusion8\jnbridge\JNBDotNetSide.exe
C:\ColdFusion8\runtime\bin\jrunsvc.exe
C:\ColdFusion8\db\slserver54\bin\swagent.exe
C:\ColdFusion8\runtime\bin\jrun.exe
C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
C:\ColdFusion8\db\slserver54\bin\swsoc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\rundll32.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\System32\logon.scr
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Rundll32.exe
E:\Shared\Programs\VundoFix.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\cidaemon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irvonline.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://auto.search.msn.com/response.asp?MT=yo,+i+can+now+see+you+-+cool,+go+to+terminal+services+manager,+click+on+users+and+right+click+user+to+control+or+watch,+this+is+great&srch=3&prov=&utf8
O2 - BHO: (no name) - {2445DB26-8630-413C-913B-7C7735DAF6D1} - (no file)
O2 - BHO: (no name) - {38866221-D56D-4B3A-BDE1-0BBF206382F9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58D6C6-5018-4AD6-844D-ADA0CC5E1F46} - C:\WINDOWS\system32\tuvVMDUl.dll
O2 - BHO: {79324e53-c17a-4738-bc04-7a96934ae7db} - {bd7ea439-69a7-40cb-8374-a71c35e42397} - C:\WINDOWS\system32\bfeopw.dll
O2 - BHO: (no name) - {E77CFE5E-0B03-4CBC-9EAE-FADEE863168F} - (no file)
O2 - BHO: (no name) - {E9F6353D-78FA-4955-B331-61B95B4C24B6} - C:\WINDOWS\system32\ati2dra.dll
O4 - HKLM\..\Run: [AuFlag] 
O4 - HKLM\..\Run: [604bbd27] rundll32.exe "C:\WINDOWS\system32\lplsgyry.dll",b
O4 - HKLM\..\Run: [BM63788ebb] Rundll32.exe "C:\WINDOWS\system32\pmiqkhfc.dll",s
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [!teamcfg] %SystemRoot%\..\dell\nicteaming\intel\nicteamconfig.bat (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - S-1-5-21-2327334369-3909220587-1950453740-500 Startup: MagicDisc.lnk.disabled (User 'Administrator')
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
O4 - Global Startup: ScanSnap! Monitor.lnk.disabled
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://blogs.adobe.com
O15 - ESC Trusted Zone: http://examples.adobe.com
O15 - ESC Trusted Zone: http://bwp.download.com
O15 - ESC Trusted Zone: http://software-files.download.com
O15 - ESC Trusted Zone: http://www.download.com
O15 - ESC Trusted Zone: http://www.irvonline.com
O15 - ESC Trusted Zone: http://www.ixm2.com
O15 - ESC Trusted Zone: http://www.nxtbook.com
O15 - ESC Trusted Zone: http://forums.spybot.info
O15 - ESC Trusted Zone: http://www.trendsecure.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222312927078
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mdsdb.com
O17 - HKLM\Software\..\Telephony: DomainName = mdsdb.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mdsdb.com
O20 - AppInit_DLLs: jfoibp.dll wocwhr.dll bfeopw.dll
O20 - Winlogon Notify: ljJCrOgd - C:\WINDOWS\
O23 - Service: ColdFusion 8 .NET Service - Unknown owner - C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
O23 - Service: ColdFusion 8 Application Server - Macromedia Inc. - C:\ColdFusion8\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion 8 ODBC Agent - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion 8 ODBC Server - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion 8 Search Server - Verity, Inc. - C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe

--
End of file - 6249 bytes

Please read what it says here (http://forums.spybot.info/showpost.php?p=25712&postcount=5)

This is my personal development machine, in my house. Are you saying that you don't support this operating system?

It just looked to me that it is not personal computer due to O17 entries which point to mdsdb.com.

As you confirm that it is, we can continue.

If so, we will start with this:

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/ww.homepage) - Free edition of the AVG anti-virus program for Windows.

You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Post back a fresh HijackThis log afterwards, please.

I tried each of the protections you showed, but none were compatible with Windows 2003 Server. I found that Panda is compatible and installed it.

http://www.pandasecurity.com/usa/enterprise/downloads/

Here is myupdated log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:49:35 PM, on 9/26/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP2 (6.00.3790.3959)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVNT\PavFnSvr.exe
C:\Program Files\PANDA SOFTWARE\AVNT\TPSrv.exe
C:\Program Files\PANDA SOFTWARE\AVNT\PavSrv51.exe
C:\Program Files\PANDA SOFTWARE\AVNT\AVENGINE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
C:\WINDOWS\system32\cisvc.exe
C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
C:\ColdFusion8\jnbridge\JNBDotNetSide.exe
C:\ColdFusion8\runtime\bin\jrunsvc.exe
C:\ColdFusion8\runtime\bin\jrun.exe
C:\ColdFusion8\db\slserver54\bin\swagent.exe
C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
C:\ColdFusion8\db\slserver54\bin\swsoc.exe
C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL$PADMINISTRATOR\Binn\sqlservr.exe
C:\ColdFusion8\verity\k2\_nti40\bin\k2server.exe
C:\ColdFusion8\verity\k2\_nti40\bin\k2index.exe
C:\WINDOWS\system32\ntfrs.exe
C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
C:\Program Files\PANDA SOFTWARE\AVNT\PsCtrlS.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\PANDA SOFTWARE\AVNT\PSHost.exe
C:\Program Files\PANDA SOFTWARE\AVNT\PsImSvc.exe
C:\WINDOWS\system32\r_server.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PANDA SOFTWARE\AVNT\WebProxy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
c:\windows\system32\inetsrv\w3wp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe
C:\Program Files\PANDA SOFTWARE\AVNT\PSCtrlC.exe
C:\Program Files\PANDA SOFTWARE\AVNT\CpIcnMng.exe
C:\Program Files\Spybot - Search & Destroy\blindman.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {2445DB26-8630-413C-913B-7C7735DAF6D1} - (no file)
O2 - BHO: (no name) - {38866221-D56D-4B3A-BDE1-0BBF206382F9} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {B0CE7496-09A6-437B-97A0-81E89B0AC62E} - C:\WINDOWS\system32\tuvVMDUl.dll
O2 - BHO: {79324e53-c17a-4738-bc04-7a96934ae7db} - {bd7ea439-69a7-40cb-8374-a71c35e42397} - C:\WINDOWS\system32\bfeopw.dll
O2 - BHO: (no name) - {E77CFE5E-0B03-4CBC-9EAE-FADEE863168F} - (no file)
O2 - BHO: (no name) - {E9F6353D-78FA-4955-B331-61B95B4C24B6} - C:\WINDOWS\system32\ati2dra.dll
O4 - HKLM\..\Run: [AuFlag] 
O4 - HKLM\..\Run: [PASystemTray] "C:\Program Files\Panda Software\Panda Administrator 3\Console\PASystemTray.exe"
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\PANDA SOFTWARE\AVNT\PSCtrlC.exe"
O4 - HKLM\..\Run: [CpnIconMng] C:\Program Files\PANDA SOFTWARE\AVNT\CpIcnMng.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [!teamcfg] %SystemRoot%\..\dell\nicteaming\intel\nicteamconfig.bat (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: MagicDisc.lnk.disabled
O4 - Global Startup: Adobe Reader Speed Launch.lnk.disabled
O4 - Global Startup: Adobe Reader Synchronizer.lnk.disabled
O4 - Global Startup: ScanSnap! Monitor.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\OmniPage15.0\PDFConverter3\IEShellExt.dll /100
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O15 - ESC Trusted Zone: http://blog.739saintlouis.com
O15 - ESC Trusted Zone: http://examples.adobe.com
O15 - ESC Trusted Zone: http://trials.adobe.com
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://www.altavistasports.com
O15 - ESC Trusted Zone: http://www.apple.com
O15 - ESC Trusted Zone: http://www.argentuma.com
O15 - ESC Trusted Zone: http://www.bleepingcomputer.com
O15 - ESC Trusted Zone: http://www.brothervsbrothervsworld.com
O15 - ESC Trusted Zone: http://dw.com.com
O15 - ESC Trusted Zone: http://secured2k.home.comcast.net
O15 - ESC Trusted Zone: http://*.crackdb.org
O15 - ESC Trusted Zone: http://software-files.download.com
O15 - ESC Trusted Zone: http://blog.flexexamples.com
O15 - ESC Trusted Zone: http://blog.flexmonkeypatches.com
O15 - ESC Trusted Zone: http://msn.foxsports.com
O15 - ESC Trusted Zone: http://www.fujitsu.com
O15 - ESC Trusted Zone: http://www.godaddy.com
O15 - ESC Trusted Zone: http://www.gotoanauction.com
O15 - ESC Trusted Zone: http://www.in.gov
O15 - ESC Trusted Zone: http://www.irvonline.com
O15 - ESC Trusted Zone: http://www.ixm2.com
O15 - ESC Trusted Zone: http://www.leads360.com
O15 - ESC Trusted Zone: http://download.macromedia.com
O15 - ESC Trusted Zone: http://www.mdsdb.com
O15 - ESC Trusted Zone: http://www.msn.com
O15 - ESC Trusted Zone: http://www.nxtbook.com
O15 - ESC Trusted Zone: http://download.puretna.com
O15 - ESC Trusted Zone: http://www.serv-u.com
O15 - ESC Trusted Zone: http://www.sitedynamics.com
O15 - ESC Trusted Zone: http://cache.torrentspy.com
O15 - ESC Trusted Zone: http://www.torrentspy.com
O15 - ESC Trusted Zone: http://epix.tucows.com
O15 - ESC Trusted Zone: http://www.votefortheworst.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://127.0.0.1
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.apple.com.edgesuite.net/qtinstall.info.apple.com/lupin/us/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222312927078
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mdsdb.com
O17 - HKLM\Software\..\Telephony: DomainName = mdsdb.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = mdsdb.com
O20 - AppInit_DLLs: jfoibp.dll wocwhr.dll bfeopw.dll
O20 - Winlogon Notify: ljJCrOgd - C:\WINDOWS\
O23 - Service: Panda AdminSecure Administration Server (AdminServer) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\AdminServer\AdminServer.exe
O23 - Service: ColdFusion 8 .NET Service - Unknown owner - C:\ColdFusion8\jnbridge\CF8DotNetsvc.exe
O23 - Service: ColdFusion 8 Application Server - Macromedia Inc. - C:\ColdFusion8\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion 8 ODBC Agent - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swagent.exe
O23 - Service: ColdFusion 8 ODBC Server - Unknown owner - C:\ColdFusion8\db\slserver54\bin\swstrtr.exe
O23 - Service: ColdFusion 8 Search Server - Verity, Inc. - C:\ColdFusion8\verity\k2\_nti40\bin\k2admin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Panda AdminSecure Distribution Server (PadFSvr) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Distribution Server\PadFSvr.exe
O23 - Service: Panda Software Controller - Panda Security - C:\Program Files\PANDA SOFTWARE\AVNT\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVNT\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVNT\PavSrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVNT\PSHost.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVNT\PsImSvc.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\PANDA SOFTWARE\AVNT\TPSrv.exe

--
End of file - 10318 bytes

Problem is that if antiviruses are incompatible some tools might be as well.

But let's try.

Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

I think you're right, RSIT wouldn't fully execute. It gave me some value = -1 error. I appreciate your help though.

That might not be related OS at all.

Please download OTViewIt (http://oldtimer.geekstogo.com/OTViewIt.exe) by OldTimer and save it to your Desktop.
Close all applications and windows.
Double-click on the OTViewIt.exeto start OTViewIt.
Place a checkmark in the blue-colored "Scan All Users" checkbox.
Click the blue Run Scan button.
OTViewIt will now start its scan.
When the scan is complete, two text files will be created, OTViewIt.Txt <- this one will be opened in Notepad and Extras.txt, on Desktop.
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of OTViewIt.Txt and the Extras.txt to your post.

Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.