Ok, I forgot to copy the OTMoveit report, but the first three files and the last one were not found, other two were moved.
Panda scan:
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-03-18 14:34:34
PROTECTIONS: 1
MALWARE: 19
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
avast! antivirus 4.7.1098 [VPS 080318-0] 4.7.1098 No Yes
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139535 Application/Processor HackTools No 0 No No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP141\A0032481.exe[Â²Æ’Ă‡]
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.com.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.xiti.com/]
00167747 Cookie/Azjmp TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.azjmp.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.adultfriendfinder.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.atwola.com/]
00519333 Application/Processor HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP141\A0032481.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP162\A0036815.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP181\A0039733.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP159\A0035694.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035767.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP158\A0035592.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP144\A0032541.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035820.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP145\A0032547.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP145\A0032602.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP145\A0032589.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP145\A0032629.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP145\A0032697.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP145\A0032712.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP144\A0032544.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP149\A0034193.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP149\A0034214.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP149\A0034254.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP152\A0034418.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP152\A0034445.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP152\A0034481.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP153\A0034910.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP153\A0034926.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP153\A0034950.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP158\A0035475.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP158\A0035495.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP158\A0035528.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP158\A0035578.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP144\A0032525.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP159\A0035678.com
01262593 Application/NirCmd.A HackTools No 0 No No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP162\A0036852.EXE[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP159\A0035697.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP160\A0035739.com
01262593 Application/NirCmd.A HackTools No 0 No No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP162\A0036852.EXE[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035770.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035806.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP145\A0032733.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035823.exe
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035842.com
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035857.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035857.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP161\A0035899.com
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\UnitShift\Application Data\Mozilla\Firefox\Profiles\j1qeu3xv.default\cookies.txt[.adserver.easyad.info/]
02095979 Dialer.ISB Dialers No 1 Yes No C:\WINDOWS\system32\oobe\ISPSoftware\BTYahoo\BroadbandFromBT.exe
02904838 W32/Lineage.HRP.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP167\A0037227.inf
02904838 W32/Lineage.HRP.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP167\A0037235.INF
02904838 W32/Lineage.HRP.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP166\A0037220.inf
02904839 W32/Lineage.HRP.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP185\A0040015.BAT
02905161 Trj/Lineage.HSE Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP185\A0040016.CMD
02905162 Trj/Lineage.HSE Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP168\A0037314.INF
02905162 Trj/Lineage.HSE Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP168\A0037312.INF
02905162 Trj/Lineage.HSE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP171\A0037699.inf
02905162 Trj/Lineage.HSE Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP168\A0037310.inf
02905162 Trj/Lineage.HSE Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP171\A0037700.INF
02905885 W32/Autorun.RO.worm Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP185\A0040017.COM
02906574 W32/lineage.HUB.worm Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP185\A0040014.EXE
02906575 W32/lineage.HUB.worm Virus/Worm No 0 Yes No C:\Documents and Settings\UnitShift\Local Settings\Temp\22umqpcg.dll
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No C:\QooBox\Quarantine\C\autorun.inf.vir
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP180\A0039653.inf
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP180\A0039532.inf
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP178\A0039354.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP178\A0039487.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP181\A0039737.inf
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP179\A0039499.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP179\A0039529.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP180\A0039534.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP180\A0039609.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP180\A0039655.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP181\A0039738.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No F:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP179\A0039496.INF
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP179\A0039494.inf
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No C:\System Volume Information\_restore{8CEF57C7-733C-4C48-BEA9-6DA51175C09C}\RP178\A0039352.inf
02906734 BAT/Autorun.RR Virus/Worm No 0 Yes No C:\QooBox\Quarantine\F\autorun.inf.vir
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
DSS scan:
Deckard's System Scanner v20071014.68
Run by UnitShift on 2008-03-18 14:35:26
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- HijackThis Clone ------------------------------------------------------------
Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-03-18 14:35:37
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Toshiba\E-KEY\CeEKey.exe
C:\Program Files\Toshiba\TouchPad\TPTray.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Apoint2K\ApntEx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\UnitShift\My Documents\Mozilla Downloads\dss.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{0FDF5EEA-593F-443C-BA07-D0E13DB0B1AF}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 10943 bytes
-- Files created between 2008-02-18 and 2008-03-18 -----------------------------
2008-03-18 13:18:49 0 d-------- C:\WINDOWS\LastGood
2008-03-18 13:16:13 0 d-------- C:\Program Files\Panda Security
2008-03-18 13:11:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-16 19:50:33 0 d-------- C:\VundoFix Backups
2008-03-16 16:35:09 68096 --a------ C:\WINDOWS\system32\zip.exe
2008-03-16 16:35:09 98816 --a------ C:\WINDOWS\system32\sed.exe
2008-03-16 16:35:09 80412 --a------ C:\WINDOWS\system32\grep.exe
2008-03-16 16:35:09 73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-15 19:23:20 626688 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2008-03-15 19:23:20 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2008-03-15 19:23:20 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2008-03-15 19:23:20 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2008-03-15 19:23:20 65602 --a------ C:\WINDOWS\system32\cook3260.dll <Not Verified; RealNetworks, Inc.; RealPlayer 10>
2008-03-13 16:01:34 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-03-07 16:39:23 0 d-------- C:\Program Files\Multiquence
2008-03-04 05:56:09 0 dr-h----- C:\Documents and Settings\UnitShift\Recent
2008-03-03 21:09:11 0 d-------- C:\Documents and Settings\UnitShift\Application Data\CD-LabelPrint
2008-03-03 19:45:11 0 d-------- C:\Documents and Settings\UnitShift\Application Data\GetRightToGo
2008-03-02 16:11:18 138752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-03-02 16:11:16 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Spyware Terminator
2008-03-02 16:11:16 0 d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-03-02 16:11:12 0 d-------- C:\Program Files\Spyware Terminator
2008-02-25 11:29:43 0 d-------- C:\Program Files\QuickTime
2008-02-22 08:16:56 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Help
-- Find3M Report ---------------------------------------------------------------
2008-03-18 13:16:15 2515 --a------ C:\WINDOWS\mozver.dat
2008-03-18 00:03:44 12397 --a------ C:\WINDOWS\system32\tablet.dat
2008-03-17 17:20:40 0 d-------- C:\Program Files\Winamp
2008-03-16 22:31:24 321 --a------ C:\Documents and Settings\UnitShift\Application Data\Multique.ini
2008-03-16 16:55:52 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Winamp
2008-03-15 21:02:59 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Vso
2008-03-15 21:02:58 668 --a------ C:\Documents and Settings\UnitShift\Application Data\vso_ts_preview.xml
2008-03-15 19:23:22 0 d-------- C:\Program Files\VSO
2008-03-13 16:01:34 0 d-------- C:\Program Files\Common Files
2008-03-13 06:02:58 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Eltima Software
2008-03-11 23:40:05 0 d-------- C:\Documents and Settings\UnitShift\Application Data\CopyToDvd
2008-03-10 05:48:41 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-03-07 16:39:25 1403 --a------ C:\Documents and Settings\UnitShift\Application Data\MQPreset.ini
2008-03-07 16:31:14 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Adobe
2008-03-06 20:42:04 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-02 16:12:12 0 d-------- C:\Documents and Settings\UnitShift\Application Data\SUPERAntiSpyware.com
2008-03-02 16:12:08 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-02 13:36:10 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-16 21:26:55 0 d-------- C:\Program Files\Apoint2K
2008-02-16 18:35:56 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Grisoft
2008-02-14 18:48:05 0 d-------- C:\Documents and Settings\UnitShift\Application Data\Orbit
2008-02-13 19:47:05 37888 --a------ C:\WINDOWS\system32\rar.exe <Not Verified; Microsoft Corporation; Microsoft® Windows ® 2000 Operating System>
2008-02-13 19:45:19 741376 --a------ C:\WINDOWS\system32\WinUpdating.exe
2008-02-11 10:30:26 952 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2008-02-11 10:30:26 88 -r-hs---- C:\WINDOWS\system32\716D453F9D.sys
2008-02-10 20:27:32 0 d-------- C:\Documents and Settings\UnitShift\Application Data\funkitron
2008-02-08 11:09:19 0 d-------- C:\Documents and Settings\UnitShift\Application Data\U3
2008-02-08 10:00:44 695568 --a------ C:\Documents and Settings\UnitShift\Application Data\GDIPFONTCACHEV1.DAT
2008-01-31 00:34:23 0 d-------- C:\Program Files\Apophysis 2.0
2008-01-21 16:39:16 0 d-------- C:\Documents and Settings\UnitShift\Application Data\AdobeUM
2008-01-20 21:17:08 0 d-------- C:\Program Files\DivX
2008-01-20 16:27:09 0 d-------- C:\Documents and Settings\UnitShift\Application Data\dvdcss
2008-01-20 16:20:38 0 d-------- C:\Program Files\Common Files\Download Manager
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [22/12/2004 02:10 C:\WINDOWS\agrsmmsg.exe]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [23/03/2004 23:40]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [06/09/2005 15:04]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [25/08/2005 20:11]
"HWSetup"="C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [01/05/2004 14:45]
"SVPWUTIL"="C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe" [01/05/2004 14:45]
"Zooming"="ZoomingHook.exe" [06/06/2005 10:58 C:\WINDOWS\system32\ZoomingHook.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [22/08/2005 17:49 C:\WINDOWS\system32\TCtrlIOHook.exe]
"Tvs"="C:\Program Files\TOSHIBA\Tvs\TvsTray.exe" [05/04/2005 17:25]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/08/2005 21:05]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [14/12/2004 02:12]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [04/12/2007 15:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [16/01/2008 00:54]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [15/07/2005 23:48]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/07/2001 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [02/01/2008 12:45]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [14/01/2004 03:10]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 11:25]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [02/03/2008 16:11]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [14/11/2007 16:05]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [11/04/2005 12:26]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 14:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [18/11/2007 23:40:46]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [20/12/2006 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 27/02/2007 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51ec1ce3-e918-11dc-afa4-00166f3d6faf}]
AutoRun\command- E:\22wcb21o.exe
explore\Command- E:\22wcb21o.exe
open\Command- E:\22wcb21o.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66dc50e3-b070-11dc-bf24-00166f3d6faf}]
AutoRun\command- G:\8.bat
explore\Command- G:\8.bat
open\Command- G:\8.bat
-- End of Deckard's System Scanner: finished at 2008-03-18 14:36:25 ------------