svn2cool
2010-07-03, 17:27
Hey Guys, Im kind of new to this stuff so please bare with me.
For about the past week or so I have been having the Blue Screen of Death. (BSOD) I didn't really think much of it because at first I thought it was normal. I was hit with a massive trojanware thing called AV security suite about two weeks ago. I ultimately used spybot to get rid of this trojanware, which it eventually did.
However, I am now being plagued with multiple shutdowns linking to the Page_fault_in_nonpaged_area. At first I just thought this was a system problem and that my Dad would be able to fix it. After doing further research I eventually took a picture of the BSOD. I noticed something odd in the picture.
pavTPK.sys
That didn't seem right to me. So after doing further research I found that it was a panda file. (Google)
The computer has been shutting down off and on. For instance I have been on the computer for about an hour now. Last Night I couldn't get on for a minute, it would just shut down.
My main question being, whats is pavTPK.sys mean when it comes up on the BSOD.
Second: Could AV security suite still somehow be linked onto my computer???
I have to go back to school in a week and I will be doing alot of stuff on my cp. The last thing I need is for my cp to crash in the middle of a huge paper. Sorry if this type of problem doesn't belong on this site, I just looked at my spyware program and found a forums. If there is a specific place to post a problem like this it would be really helpful if someone could point the way.
Thanks
Forgot to post my DDS log, sorry.
DDS (Ver_10-03-17.01) - NTFSX64
Run by Trent at 10:10:16.64 on Sat 07/03/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1965 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
C:\Windows\system32\svchost -k Panda
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxbxcoms.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
c:\program files (x86)\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Trent\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Trent\Downloads\dds.scr
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\TPSRVAUX.EXE
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090125
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090125
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files (x86)\real\realplayer\rpbrowserrecordplugin.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files (x86)\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\trent\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search protection\SearchProtection.exe"
mRun: [lxbxmon.exe] "c:\program files (x86)\lexmark 7100 series\lxbxmon.exe"
mRun: [EzPrint] "c:\program files (x86)\lexmark 7100 series\ezprint.exe"
mRun: [Carbonite Backup] "c:\program files (x86)\carbonite\carbonite backup\CarboniteUI.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APVXDWIN] "c:\program files (x86)\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files (x86)\panda security\panda global protection 2009\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [cwcptray] "c:\program files (x86)\contentwatch\internet protection\cwtray.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [CWPhoenixApp] "c:\program files (x86)\contentwatch\internet protection\updater\Phoenix.exe" /r
StartupFolder: c:\users\trent\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files (x86)\digital line detect\DLG.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hawkin~1.lnk - c:\windows\RaUI.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files (x86)\netgear\wg111v3\WG111v3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=RGxdm023YYUS
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\cwalsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\trent\appdata\roaming\mozilla\firefox\profiles\9mk0zb67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedengine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files (x86)\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\trent\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot64.sys [2009-3-8 33800]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-1-25 53488]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT64.SYS [2009-3-8 114688]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt64.sys [2009-3-8 82944]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetm64.sys [2009-3-8 31800]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt64.sys [2009-3-8 78848]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETTDI64.SYS [2009-3-8 169984]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 31016]
R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\drivers\ShldFlt.sys [2009-3-8 46136]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt64.sys [2009-3-8 74752]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2009-1-25 86016]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm6460.sys [2009-3-8 57400]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-3-8 15928]
R2 CwAltaService20;ContentWatch;c:\program files (x86)\contentwatch\internet protection\cwsvc.exe [2010-5-25 2100544]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files (x86)\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 Panda Software Controller;Panda Software Controller;c:\program files (x86)\panda security\panda global protection 2009\PsCtrlS.exe [2009-3-8 181504]
R2 PAVFNSVR;Panda Function Service;c:\program files (x86)\panda security\panda global protection 2009\PavFnSvr.exe [2009-3-8 169216]
R2 PavPrSrv;Panda Process Protection Service;c:\program files (x86)\common files\panda security\pavshld\PavPrSrv.exe [2009-3-8 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files (x86)\panda security\panda global protection 2009\pavsrvx86.exe [2009-3-8 290048]
R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\panda security\panda global protection 2009\psksvc.exe [2009-3-8 28928]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2009-1-25 411136]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\n64i1634.sys [2009-3-8 211456]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-10-14 418816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca60e1477235f1;Google Update Service (gupdate1ca60e1477235f1);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-8 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx64.sys [2009-2-16 320512]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-19 89920]
============== File Associations ===============
JSEFile=c:\progra~2\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~2\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~2\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
=============== Created Last 30 ================
2010-07-02 03:04:02 0 d-----w- c:\users\trent\appdata\roaming\LolClient
2010-07-02 03:03:28 68616 ----a-w- c:\windows\syswow64\XAPOFX1_1.dll
2010-07-02 03:03:28 509448 ----a-w- c:\windows\syswow64\XAudio2_2.dll
2010-07-02 03:03:28 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll
2010-07-02 03:03:28 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-07-02 03:03:28 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll
2010-07-02 02:59:39 0 d-----w- C:\Riot Games
2010-07-02 01:58:49 0 d-----w- c:\programdata\PMB Files
2010-07-02 01:58:27 0 d-----w- c:\program files (x86)\Pando Networks
2010-07-01 19:16:32 524288 --sha-w- c:\users\trent\ntuser.dat{081f90fb-8545-11df-b086-00223fdc33b0}.TMContainer00000000000000000002.regtrans-ms
2010-07-01 19:16:31 65536 --sha-w- c:\users\trent\ntuser.dat{081f90fb-8545-11df-b086-00223fdc33b0}.TM.blf
2010-07-01 19:16:31 524288 --sha-w- c:\users\trent\ntuser.dat{081f90fb-8545-11df-b086-00223fdc33b0}.TMContainer00000000000000000001.regtrans-ms
2010-07-01 19:14:17 65536 --sha-w- c:\users\trent\ntuser.dat{b5d9ad39-8544-11df-a776-00223fdc33b0}.TM.blf
2010-07-01 19:14:17 524288 --sha-w- c:\users\trent\ntuser.dat{b5d9ad39-8544-11df-a776-00223fdc33b0}.TMContainer00000000000000000002.regtrans-ms
2010-07-01 19:14:17 524288 --sha-w- c:\users\trent\ntuser.dat{b5d9ad39-8544-11df-a776-00223fdc33b0}.TMContainer00000000000000000001.regtrans-ms
2010-06-29 19:04:09 0 d-----w- c:\program files\iPod
2010-06-29 19:04:06 0 d-----w- c:\program files\iTunes
2010-06-29 19:04:06 0 d-----w- c:\program files (x86)\iTunes
2010-06-29 19:00:42 0 d-----w- c:\program files\Bonjour
2010-06-29 19:00:42 0 d-----w- c:\program files (x86)\Bonjour
2010-06-29 14:26:21 412660725 ----a-w- c:\windows\MEMORY.DMP
2010-06-24 13:32:43 0 d-----w- c:\programdata\McAfee
2010-06-24 00:44:41 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-24 00:44:41 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-24 00:44:41 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 00:44:41 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 00:44:41 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 00:44:41 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-24 00:44:41 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-24 00:44:41 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 00:44:41 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-24 00:44:41 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 11:02:22 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-06-23 11:02:22 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 11:02:22 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-06-23 11:02:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 03:23:08 4384 ----a-w- c:\windows\wininit.ini
2010-06-19 03:06:07 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-18 20:32:35 0 d-----w- c:\users\trent\appdata\roaming\Malwarebytes
2010-06-18 20:32:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-18 20:32:28 0 d-----w- c:\programdata\Malwarebytes
2010-06-18 20:29:18 0 d---a-w- c:\programdata\TEMP
2010-06-15 18:31:03 65536 --sha-w- c:\users\trent\ntuser.dat{1bc62b62-78ac-11df-830f-00223fdc33b0}.TM.blf
2010-06-15 18:31:03 524288 --sha-w- c:\users\trent\ntuser.dat{1bc62b62-78ac-11df-830f-00223fdc33b0}.TMContainer00000000000000000002.regtrans-ms
2010-06-15 18:31:03 524288 --sha-w- c:\users\trent\ntuser.dat{1bc62b62-78ac-11df-830f-00223fdc33b0}.TMContainer00000000000000000001.regtrans-ms
==================== Find3M ====================
2010-07-03 13:05:21 445636 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-07-03 13:05:21 445636 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-07-03 13:05:20 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-07-03 13:05:20 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-07-01 04:51:28 975872 ----a-w- c:\windows\syswow64\libxml2_CW.dll
2010-07-01 04:51:28 81920 ----a-w- c:\windows\syswow64\wxcode_msw28u_wxjson_CW.dll
2010-07-01 04:51:28 720896 ----a-w- c:\windows\syswow64\cwalsp.dll
2010-07-01 04:51:28 1880064 ----a-w- c:\windows\syswow64\AltaRecovery.exe
2010-07-01 04:51:28 151552 ----a-w- c:\windows\syswow64\libexpat.dll
2010-07-01 04:51:28 1073152 ----a-w- c:\windows\syswow64\wxcode_msw28u_wxcurl_CW.dll
2010-07-01 04:51:28 1012736 ----a-w- c:\windows\system32\cwalsp64.dll
2010-06-29 19:02:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-29 19:02:07 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-29 19:02:07 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-04 06:56:19 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:51:49 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 06:51:48 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-04 05:59:11 1209344 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-04 05:58:07 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-05-04 05:56:49 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-04 05:56:28 5950976 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-04 05:56:25 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-05-04 05:56:25 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-04 05:55:56 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-05-04 05:55:42 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-05-04 05:55:42 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-05-04 05:55:41 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-05-04 05:55:41 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-05-04 05:55:41 11076096 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-04 05:55:37 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-04 05:01:59 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 04:31:05 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-05-04 04:30:58 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-05-04 04:30:19 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-05-01 14:39:56 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 11:47:48 248128 ----a-w- c:\windows\syswow64\wxIE.dll
2010-04-23 14:33:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-05 17:31:27 84480 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-05 17:01:01 67072 ----a-w- c:\windows\syswow64\asycfilt.dll
2009-11-07 08:08:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2007-12-28 18:59:30 342528 ----a-w- c:\windows\inf\wg111v3\WG111v3.sys
2007-12-28 18:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-12-28 18:58:30 289280 ----a-w- c:\windows\inf\wg111v3\vista\wg111v3.sys
2007-11-27 21:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 21:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2007-04-23 17:15:48 31016 ----a-w- c:\windows\inf\wg111v3\vista64\RtlProt.sys
2007-04-23 14:50:50 25896 ----a-w- c:\windows\inf\wg111v3\vista\RtlProt.sys
2007-04-20 01:22:44 75264 ----a-w- c:\windows\inf\wg111v3\vista64\rtkbind.exe
2007-04-20 01:22:28 74752 ----a-w- c:\windows\inf\wg111v3\vista\rtkbind.exe
2006-12-15 15:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 15:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 15:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 15:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 15:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-01 19:38:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-01 19:38:00 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-01 19:38:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-11-06 18:10:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-25 23:05:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 10:11:51.96 ===============
For about the past week or so I have been having the Blue Screen of Death. (BSOD) I didn't really think much of it because at first I thought it was normal. I was hit with a massive trojanware thing called AV security suite about two weeks ago. I ultimately used spybot to get rid of this trojanware, which it eventually did.
However, I am now being plagued with multiple shutdowns linking to the Page_fault_in_nonpaged_area. At first I just thought this was a system problem and that my Dad would be able to fix it. After doing further research I eventually took a picture of the BSOD. I noticed something odd in the picture.
pavTPK.sys
That didn't seem right to me. So after doing further research I found that it was a panda file. (Google)
The computer has been shutting down off and on. For instance I have been on the computer for about an hour now. Last Night I couldn't get on for a minute, it would just shut down.
My main question being, whats is pavTPK.sys mean when it comes up on the BSOD.
Second: Could AV security suite still somehow be linked onto my computer???
I have to go back to school in a week and I will be doing alot of stuff on my cp. The last thing I need is for my cp to crash in the middle of a huge paper. Sorry if this type of problem doesn't belong on this site, I just looked at my spyware program and found a forums. If there is a specific place to post a problem like this it would be really helpful if someone could point the way.
Thanks
Forgot to post my DDS log, sorry.
DDS (Ver_10-03-17.01) - NTFSX64
Run by Trent at 10:10:16.64 on Sat 07/03/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1965 [GMT -4:00]
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwsvc.exe
C:\Windows\system32\svchost -k Panda
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxbxcoms.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PsImSvc.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
c:\program files (x86)\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Trent\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\ContentWatch\Internet Protection\cwtray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files (x86)\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Trent\Downloads\dds.scr
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\TPSRVAUX.EXE
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090125
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0090125
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
mURLSearchHooks: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files (x86)\real\realplayer\rpbrowserrecordplugin.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files (x86)\dell\bae\BAE.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files (x86)\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files (x86)\swag_bucks\tbSwag.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [swg] c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Search Protection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [YSearchProtection] c:\program files (x86)\yahoo!\search protection\SearchProtection.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\trent\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [YSearchProtection] "c:\program files (x86)\yahoo!\search protection\SearchProtection.exe"
mRun: [lxbxmon.exe] "c:\program files (x86)\lexmark 7100 series\lxbxmon.exe"
mRun: [EzPrint] "c:\program files (x86)\lexmark 7100 series\ezprint.exe"
mRun: [Carbonite Backup] "c:\program files (x86)\carbonite\carbonite backup\CarboniteUI.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe
mRun: [APVXDWIN] "c:\program files (x86)\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files (x86)\panda security\panda global protection 2009\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [cwcptray] "c:\program files (x86)\contentwatch\internet protection\cwtray.exe"
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [CWPhoenixApp] "c:\program files (x86)\contentwatch\internet protection\updater\Phoenix.exe" /r
StartupFolder: c:\users\trent\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files (x86)\digital line detect\DLG.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hawkin~1.lnk - c:\windows\RaUI.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files (x86)\netgear\wg111v3\WG111v3.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search - ?p=RGxdm023YYUS
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: c:\windows\system32\cwalsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\program files (x86)\cozi express\CoziProtocolHandler.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\trent\appdata\roaming\mozilla\firefox\profiles\9mk0zb67.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedengine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files (x86)\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files (x86)\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files (x86)\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\users\trent\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\windows\syswow64\macromed\flash\NPSWF32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files (x86)\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files (x86)\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot64.sys [2009-3-8 33800]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-1-25 53488]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT64.SYS [2009-3-8 114688]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt64.sys [2009-3-8 82944]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetm64.sys [2009-3-8 31800]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt64.sys [2009-3-8 78848]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETTDI64.SYS [2009-3-8 169984]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-4-23 31016]
R1 ShldFlt;Panda File Shield Driver;c:\windows\system32\drivers\ShldFlt.sys [2009-3-8 46136]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt64.sys [2009-3-8 74752]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSr64.exe [2009-1-25 86016]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm6460.sys [2009-3-8 57400]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-3-8 15928]
R2 CwAltaService20;ContentWatch;c:\program files (x86)\contentwatch\internet protection\cwsvc.exe [2010-5-25 2100544]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-9-24 155648]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 MSSQL$SOSHOME309;SQL Server (SOSHOME309);c:\program files (x86)\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2008-11-24 29263712]
R2 Panda Software Controller;Panda Software Controller;c:\program files (x86)\panda security\panda global protection 2009\PsCtrlS.exe [2009-3-8 181504]
R2 PAVFNSVR;Panda Function Service;c:\program files (x86)\panda security\panda global protection 2009\PavFnSvr.exe [2009-3-8 169216]
R2 PavPrSrv;Panda Process Protection Service;c:\program files (x86)\common files\panda security\pavshld\PavPrSrv.exe [2009-3-8 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files (x86)\panda security\panda global protection 2009\pavsrvx86.exe [2009-3-8 290048]
R2 PskSvcRetail;Panda PSK service;c:\program files (x86)\panda security\panda global protection 2009\psksvc.exe [2009-3-8 28928]
R3 CAXHWBS2;CAXHWBS2;c:\windows\system32\drivers\CAXHWBS2.sys [2009-1-25 411136]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\n64i1634.sys [2009-3-8 211456]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [2009-10-14 418816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca60e1477235f1;Google Update Service (gupdate1ca60e1477235f1);c:\program files (x86)\google\update\GoogleUpdate.exe [2009-11-8 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 netr7364;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx64.sys [2009-2-16 320512]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-10-16 50176]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-8-19 89920]
============== File Associations ===============
JSEFile=c:\progra~2\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~2\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~2\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
=============== Created Last 30 ================
2010-07-02 03:04:02 0 d-----w- c:\users\trent\appdata\roaming\LolClient
2010-07-02 03:03:28 68616 ----a-w- c:\windows\syswow64\XAPOFX1_1.dll
2010-07-02 03:03:28 509448 ----a-w- c:\windows\syswow64\XAudio2_2.dll
2010-07-02 03:03:28 467984 ----a-w- c:\windows\syswow64\d3dx10_39.dll
2010-07-02 03:03:28 3851784 ----a-w- c:\windows\syswow64\D3DX9_39.dll
2010-07-02 03:03:28 1493528 ----a-w- c:\windows\syswow64\D3DCompiler_39.dll
2010-07-02 02:59:39 0 d-----w- C:\Riot Games
2010-07-02 01:58:49 0 d-----w- c:\programdata\PMB Files
2010-07-02 01:58:27 0 d-----w- c:\program files (x86)\Pando Networks
2010-07-01 19:16:32 524288 --sha-w- c:\users\trent\ntuser.dat{081f90fb-8545-11df-b086-00223fdc33b0}.TMContainer00000000000000000002.regtrans-ms
2010-07-01 19:16:31 65536 --sha-w- c:\users\trent\ntuser.dat{081f90fb-8545-11df-b086-00223fdc33b0}.TM.blf
2010-07-01 19:16:31 524288 --sha-w- c:\users\trent\ntuser.dat{081f90fb-8545-11df-b086-00223fdc33b0}.TMContainer00000000000000000001.regtrans-ms
2010-07-01 19:14:17 65536 --sha-w- c:\users\trent\ntuser.dat{b5d9ad39-8544-11df-a776-00223fdc33b0}.TM.blf
2010-07-01 19:14:17 524288 --sha-w- c:\users\trent\ntuser.dat{b5d9ad39-8544-11df-a776-00223fdc33b0}.TMContainer00000000000000000002.regtrans-ms
2010-07-01 19:14:17 524288 --sha-w- c:\users\trent\ntuser.dat{b5d9ad39-8544-11df-a776-00223fdc33b0}.TMContainer00000000000000000001.regtrans-ms
2010-06-29 19:04:09 0 d-----w- c:\program files\iPod
2010-06-29 19:04:06 0 d-----w- c:\program files\iTunes
2010-06-29 19:04:06 0 d-----w- c:\program files (x86)\iTunes
2010-06-29 19:00:42 0 d-----w- c:\program files\Bonjour
2010-06-29 19:00:42 0 d-----w- c:\program files (x86)\Bonjour
2010-06-29 14:26:21 412660725 ----a-w- c:\windows\MEMORY.DMP
2010-06-24 13:32:43 0 d-----w- c:\programdata\McAfee
2010-06-24 00:44:41 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-06-24 00:44:41 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-06-24 00:44:41 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-24 00:44:41 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-06-24 00:44:41 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-24 00:44:41 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-06-24 00:44:41 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-06-24 00:44:41 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-06-24 00:44:41 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-06-24 00:44:41 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 11:02:22 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-06-23 11:02:22 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-06-23 11:02:22 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-06-23 11:02:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-06-19 03:23:08 4384 ----a-w- c:\windows\wininit.ini
2010-06-19 03:06:07 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-06-18 20:32:35 0 d-----w- c:\users\trent\appdata\roaming\Malwarebytes
2010-06-18 20:32:28 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-18 20:32:28 0 d-----w- c:\programdata\Malwarebytes
2010-06-18 20:29:18 0 d---a-w- c:\programdata\TEMP
2010-06-15 18:31:03 65536 --sha-w- c:\users\trent\ntuser.dat{1bc62b62-78ac-11df-830f-00223fdc33b0}.TM.blf
2010-06-15 18:31:03 524288 --sha-w- c:\users\trent\ntuser.dat{1bc62b62-78ac-11df-830f-00223fdc33b0}.TMContainer00000000000000000002.regtrans-ms
2010-06-15 18:31:03 524288 --sha-w- c:\users\trent\ntuser.dat{1bc62b62-78ac-11df-830f-00223fdc33b0}.TMContainer00000000000000000001.regtrans-ms
==================== Find3M ====================
2010-07-03 13:05:21 445636 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-07-03 13:05:21 445636 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-07-03 13:05:20 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-07-03 13:05:20 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-07-01 04:51:28 975872 ----a-w- c:\windows\syswow64\libxml2_CW.dll
2010-07-01 04:51:28 81920 ----a-w- c:\windows\syswow64\wxcode_msw28u_wxjson_CW.dll
2010-07-01 04:51:28 720896 ----a-w- c:\windows\syswow64\cwalsp.dll
2010-07-01 04:51:28 1880064 ----a-w- c:\windows\syswow64\AltaRecovery.exe
2010-07-01 04:51:28 151552 ----a-w- c:\windows\syswow64\libexpat.dll
2010-07-01 04:51:28 1073152 ----a-w- c:\windows\syswow64\wxcode_msw28u_wxcurl_CW.dll
2010-07-01 04:51:28 1012736 ----a-w- c:\windows\system32\cwalsp64.dll
2010-06-29 19:02:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-29 19:02:07 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-06-29 19:02:07 143360 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-21 18:14:28 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-04 06:56:19 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:51:49 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 06:51:48 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-04 05:59:11 1209344 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-04 05:58:07 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-05-04 05:56:49 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-04 05:56:28 5950976 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-04 05:56:25 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-05-04 05:56:25 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-04 05:55:56 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-05-04 05:55:42 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-05-04 05:55:42 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-05-04 05:55:41 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-05-04 05:55:41 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-05-04 05:55:41 11076096 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-04 05:55:37 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-04 05:01:59 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 04:31:05 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-05-04 04:30:58 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-05-04 04:30:19 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-05-01 14:39:56 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 11:47:48 248128 ----a-w- c:\windows\syswow64\wxIE.dll
2010-04-23 14:33:28 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-23 14:13:55 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-04-05 17:31:27 84480 ----a-w- c:\windows\system32\asycfilt.dll
2010-04-05 17:01:01 67072 ----a-w- c:\windows\syswow64\asycfilt.dll
2009-11-07 08:08:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2007-12-28 18:59:30 342528 ----a-w- c:\windows\inf\wg111v3\WG111v3.sys
2007-12-28 18:59:30 342528 ----a-w- c:\windows\inf\wg111v3\vista64\wg111v3.sys
2007-12-28 18:58:30 289280 ----a-w- c:\windows\inf\wg111v3\vista\wg111v3.sys
2007-11-27 21:53:58 63488 ----a-w- c:\windows\inf\wg111v3\SetDrv64.exe
2007-11-27 21:52:44 32768 ----a-w- c:\windows\inf\wg111v3\SetDrv.exe
2007-04-23 17:15:48 31016 ----a-w- c:\windows\inf\wg111v3\vista64\RtlProt.sys
2007-04-23 14:50:50 25896 ----a-w- c:\windows\inf\wg111v3\vista\RtlProt.sys
2007-04-20 01:22:44 75264 ----a-w- c:\windows\inf\wg111v3\vista64\rtkbind.exe
2007-04-20 01:22:28 74752 ----a-w- c:\windows\inf\wg111v3\vista\rtkbind.exe
2006-12-15 15:30:36 98304 ----a-w- c:\windows\inf\wg111v3\UScanM.exe
2006-12-15 15:30:36 315392 ----a-w- c:\windows\inf\wg111v3\InstallDriver.exe
2006-12-15 15:30:36 212992 ----a-w- c:\windows\inf\wg111v3\CopyWHQLDriver.exe
2006-12-15 15:30:36 20480 ----a-w- c:\windows\inf\wg111v3\RTWUPath.exe
2006-12-15 15:30:36 19968 ----a-w- c:\windows\inf\wg111v3\RTWREFU.EXE
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-04-01 19:38:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2010-04-01 19:38:00 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2010-04-01 19:38:00 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-11-06 18:10:24 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-01-25 23:05:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT
============= FINISH: 10:11:51.96 ===============