Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus severe system and internet performance bottleneck.

Started by 'puter gunna die , Dec 25 2011 11:54 PM

  • Please log in to reply

#1
'puter gunna die
Posted 25 December 2011 - 11:54 PM

'puter gunna die

    Member

  • Member
  • PipPip
  • 49 posts
I recently got a virus which severely reduced performance along with Google redirects. Literally 30 to 40 seconds for the Start Menu to pop up after invocation. I managed to remove it with Malware Bytes' Anti Malware; which I will refer to as Mbam in this post. I ran it three times; once as a quick scan, revealing 3 threats. I then booted in safe mode with networking and ran a complete scan including C:\ and a thumb drive which was attached, revealing a few more threats, all of which were were on C:\.

It found some objects like this:
Files Infected:
c:\WINDOWS\system32\O24o3oV.com (Trojan.Email) -> No action taken.
c:\WINDOWS\temp\0.12653079340162598gtye.exe (Trojan.FakeMS) -> No action taken.
c:\WINDOWS\temp\ikafog\setup.exe (Trojan.Email) -> No action taken.

The virus was quiet for an hour or two; then it came back and redirected me here: http://www.scanerror...02kw=window xp. Something called PCcleaner Pro and Stopzilla.

I was a bit stumped so I decided to try this: http://www.geekstogo...ogle-redirects/

The program located a rootkit and removed it with success. I followed up with Mbam and got 2 new objects.

Files Infected:
c:\WINDOWS\temp\0.11677635010501664.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\0.16441685388996707.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

It's been a few weeks now; the virus is no longer active as far as Google redirects go, but the system is still slow. Not as bad as I described, but the internet connection is "dial-up" slow and the browser itself takes over 15 seconds to appear. This is the case with most other programs as well. Apparently there is a remnant of the virus still affecting my performance. To be completely thorough, I installed Avast! by recommendation from a friend; I did that immediately after removal of all known objects. I say immediately because I need you to know that I cannot confirm that the system sped up before possibly being lagged by the new anti-virus software I implemented. At this time I also installed Zone Alarm because I used it years ago and it seemed reliable. This seems unlikely because the system was fast before the attack slowed it down; I felt the need to mention the software I used.

I've gone as far as I can go and I honestly don't know what I should do at this point. This system is infuriatingly slow. The log below may reveal that certain memory levels are in the red, but they've been this way long before the attack. The system is very old and needs to be replaced; the money isn't there yet and I need this machine to be viable for a bit longer.

I just ran OTL.exe and produced a log:

OTL logfile created on: 12/25/2011 10:09:18 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Manner Panner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 226.89 Mb Available Physical Memory | 22.18% Memory free
1.91 Gb Paging File | 0.53 Gb Available in Paging File | 27.98% Paging File free
Paging file location(s): F:\pagefile.sys 1024 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.14 Gb Free Space | 0.70% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 98.41 Gb Free Space | 33.01% Space Free | Partition Type: NTFS
Drive H: | 979.78 Mb Total Space | 298.45 Mb Free Space | 30.46% Space Free | Partition Type: FAT

Computer Name: MP3 | User Name: Manner Panner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 10:23:39 | 000,909,088 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Guest\Local Settings\temp\jre-6u30-windows-i586-iftw-rv.exe
PRC - [2011/12/20 03:14:40 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\ramaint.exe
PRC - [2011/12/20 03:14:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\LMIGuardianSvc.exe
PRC - [2011/12/04 14:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manner Panner\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- F:\Programs\avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- F:\Programs\avast\AvastSvc.exe
PRC - [2011/11/18 16:24:40 | 000,561,664 | ---- | M] (Totem Entertainment) -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\Virtuagirl_Downloader.exe
PRC - [2011/11/10 00:31:20 | 000,924,632 | ---- | M] (Mozilla Corporation) -- F:\Programs\firefox\firefox.exe
PRC - [2011/11/10 00:31:18 | 000,016,856 | ---- | M] (Mozilla Corporation) -- F:\Programs\firefox\plugin-container.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- F:\Programs\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- F:\Programs\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 09:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/04/22 07:21:10 | 000,247,728 | ---- | M] (TomTom) -- F:\Programs\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- F:\Programs\tomtom\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\LogMeIn.exe
PRC - [2011/01/11 18:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\LogMeInSystray.exe
PRC - [2010/07/21 06:43:54 | 000,965,176 | ---- | M] (Secunia) -- F:\Programs\secunia\PSI\psi.exe
PRC - [2010/06/09 19:55:06 | 000,635,448 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwucli.exe
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- F:\Programs\Klavier\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/08 16:05:04 | 000,312,832 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Gateway\EzTune\dthtml.exe
PRC - [2008/04/08 16:02:58 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/04/08 16:02:48 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/04/08 15:46:24 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- F:\Programs\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/07/07 23:55:02 | 000,491,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2005/07/07 23:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/02/15 16:10:16 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2004/11/30 11:00:00 | 000,135,168 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
PRC - [2003/12/22 08:38:40 | 000,167,936 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/25 13:22:26 | 001,656,832 | ---- | M] () -- F:\Programs\avast\defs\11122501\algo.dll
MOD - [2011/12/24 10:06:34 | 001,656,832 | ---- | M] () -- F:\Programs\avast\defs\11122401\algo.dll
MOD - [2011/12/19 18:49:56 | 000,241,528 | ---- | M] () -- F:\Programs\avast\defs\11122501\aswRep.dll
MOD - [2011/12/19 18:49:56 | 000,241,528 | ---- | M] () -- F:\Programs\avast\defs\11122401\aswRep.dll
MOD - [2011/12/12 20:25:21 | 000,704,000 | ---- | M] () -- F:\Programs\secunia\PSI\psires.dll
MOD - [2011/11/30 22:40:46 | 000,076,800 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}\components\RadioWMPCoreGecko8.dll
MOD - [2011/11/26 13:42:40 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/16 13:12:28 | 008,451,072 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtGui4.dll
MOD - [2011/11/16 13:04:24 | 000,860,160 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtNetwork4.dll
MOD - [2011/11/16 13:03:36 | 000,358,400 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtXml4.dll
MOD - [2011/11/16 13:03:28 | 002,349,056 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtCore4.dll
MOD - [2011/11/10 00:31:20 | 001,989,592 | ---- | M] () -- F:\Programs\firefox\mozjs.dll
MOD - [2011/05/12 21:25:03 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_45fbd682\mscorlib.dll
MOD - [2011/05/12 21:24:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_87804e72\system.drawing.dll
MOD - [2011/05/12 21:24:50 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e67d7d9c\system.xml.dll
MOD - [2011/05/12 21:24:43 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f0627328\system.windows.forms.dll
MOD - [2011/05/12 21:24:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e4186cb8\system.dll
MOD - [2011/05/12 21:24:19 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:\Programs\winrar\RarExt.dll
MOD - [2009/10/28 23:45:28 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- F:\Programs\Klavier\SetPoint\khalwrapper.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/08 16:03:06 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/04/08 16:03:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/04/08 16:02:58 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/04/08 16:02:42 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/03/29 01:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll
MOD - [2008/03/29 01:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Essentials Codec Pack\Haali\mkunicode.dll
MOD - [2008/01/18 03:42:18 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/01/18 03:42:17 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/01/18 03:42:16 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/01/16 00:56:37 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2008/01/16 00:56:31 | 000,380,928 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2008/01/16 00:56:24 | 001,032,192 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2008/01/16 00:56:23 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2008/01/16 00:56:22 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2008/01/16 00:56:21 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2008/01/16 00:56:21 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2008/01/16 00:56:20 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2008/01/16 00:56:20 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2008/01/16 00:56:20 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2008/01/16 00:56:20 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2008/01/16 00:56:20 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2008/01/16 00:56:20 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2008/01/16 00:56:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2008/01/16 00:56:19 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2008/01/16 00:56:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2008/01/16 00:56:19 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2008/01/16 00:56:19 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2008/01/16 00:56:19 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2008/01/16 00:56:19 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2008/01/16 00:56:18 | 000,364,544 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2008/01/16 00:56:18 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2008/01/16 00:56:18 | 000,188,416 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2008/01/16 00:56:18 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2008/01/16 00:56:18 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2008/01/16 00:56:18 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2008/01/16 00:56:18 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2008/01/16 00:56:18 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2008/01/16 00:56:17 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2008/01/16 00:55:01 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/05/03 18:38:42 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\P17.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/20 03:14:40 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Programs\logmein\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 03:14:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Programs\logmein\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Programs\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- F:\Programs\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- F:\Programs\tomtom\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Programs\logmein\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/08 16:02:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/04/08 15:46:24 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Programs\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- F:\Programs\iso burner\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - [2011/12/20 03:14:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 09:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/08/15 21:06:58 | 000,003,968 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FRIdrv.sys -- (FRIdrv)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- F:\Programs\logmein\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/07 09:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/08 15:46:48 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2007/06/15 09:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/02/09 12:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 12:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/07/05 14:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/10/15 14:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/17 11:19:20 | 000,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Custom Search"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {3160baf9-cf68-48ec-9076-faed7ce49467}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Programs\powershot\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Manner Panner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF} [2009/08/29 23:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1B8822D-3A4A-4916-B012-78E4D46FF87A}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B1B8822D-3A4A-4916-B012-78E4D46FF87A} [2009/08/29 23:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{fa46cb24-1d5b-4048-911a-2857a0944395}: F:\Programs\FVD Suite\addons\Firefox [2011/07/01 00:47:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Programs\avast\WebRep\FF [2011/12/04 17:24:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/12/05 03:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: F:\Programs\firefox\components [2011/11/10 00:31:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: F:\Programs\firefox\plugins [2011/09/26 01:18:42 | 000,000,000 | ---D | M]

[2009/04/16 21:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Extensions
[2008/05/04 16:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Extensions\[email protected]
[2011/12/05 11:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions
[2010/06/28 13:05:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/01 03:18:51 | 000,000,000 | ---D | M] (dict.cc Community Toolbar) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}
[2011/12/05 11:35:27 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2009/08/29 23:22:16 | 000,000,000 | ---D | M] (Flash Video Downloader) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\artur.dubovoy@gmail(2).com
[2011/08/11 23:24:14 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\[email protected]
[2011/12/05 03:33:48 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2011/12/04 17:24:11 | 000,000,000 | ---D | M] (avast! WebRep) -- F:\PROGRAMS\AVAST\WEBREP\FF

Hosts file not found
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Programs\avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Programs\avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avast] F:\Programs\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Programs\logmein\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet File not found
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] F:\Programs\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] F:\Programs\tomtom\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver performer.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = F:\Programs\Klavier\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Manner Panner\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\vghd.exe (Totem Entertainment)
O4 - Startup: C:\Documents and Settings\Manner Panner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Manner Panner\Start Menu\Programs\Startup\Secunia PSI.lnk = F:\Programs\secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Search - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - mswsock.dll File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsof...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1161734793265 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1161734842718 (MUWebControl Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AE97ADC-3CF4-4F14-AB47-0D92BB5FC51A}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/05 03:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\My Documents\ForceField Shared Files
[2011/12/05 03:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Application Data\CheckPoint
[2011/12/05 03:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/12/05 03:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\ZoneAlarm_Security
[2011/12/05 03:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\temp
[2011/12/05 03:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\Conduit
[2011/12/05 03:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011/12/05 03:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011/12/05 03:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/12/05 03:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/12/04 17:24:32 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/04 17:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/04 17:24:31 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/04 17:24:29 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/04 17:24:28 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/04 17:24:28 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/04 17:24:27 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/04 17:24:27 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/04 17:24:27 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/04 17:24:10 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/04 17:24:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/04 17:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/04 14:51:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Manner Panner\Desktop\OTL.exe
[2011/12/04 02:46:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/12/03 18:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\ProgSense
[2011/12/03 18:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Orbit
[2011/12/03 15:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/11/26 14:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Application Data\Skype
[2011/11/26 14:13:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/11/26 14:13:37 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/11/26 14:13:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/11/26 13:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Control Center for KODAK Webcams
[2011/11/26 13:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\Control Center for KODAK Webcams
[2011/11/26 13:29:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\KodakWebcams
[2011/11/26 13:29:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Start Menu\Programs\Control Center for KODAK Webcams
[2011/11/26 13:29:32 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\WINDOWS\System32\pthreadGC2.dll
[2007/07/20 20:01:45 | 001,308,216 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis_v2.exe
[2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/25 22:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2011/12/25 21:31:02 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2011/12/25 13:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2011/12/25 12:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2011/12/25 11:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2011/12/25 10:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2011/12/25 09:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2011/12/25 08:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2011/12/25 07:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2011/12/25 06:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2011/12/25 05:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2011/12/25 04:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2011/12/25 03:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2011/12/25 02:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2011/12/25 01:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2011/12/25 00:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2011/12/24 23:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2011/12/24 21:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2011/12/24 20:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2011/12/24 19:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2011/12/24 18:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2011/12/24 17:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2011/12/24 16:54:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/24 16:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2011/12/24 15:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2011/12/24 14:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2011/12/20 03:14:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/12/20 03:14:15 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/12/20 03:14:15 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/12/16 03:18:10 | 000,155,881 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.jpg
[2011/12/16 03:17:50 | 000,597,912 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.psp
[2011/12/15 21:58:04 | 000,232,972 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Desktop\holy crap.jpg
[2011/12/15 12:46:43 | 000,267,361 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/12/14 03:53:21 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/05 04:06:49 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/05 04:04:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/05 04:04:55 | 1072,775,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/05 03:42:20 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/12/04 17:24:32 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/04 17:24:28 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/04 14:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manner Panner\Desktop\OTL.exe
[2011/12/04 02:45:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/03 17:50:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\176u1vlI.exe.b
[2011/12/03 17:50:25 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PTpRX7.dat
[2011/12/03 17:42:19 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\O24o3oV.com.b
[2011/11/28 13:01:25 | 000,041,184 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/11/28 13:01:23 | 000,199,816 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/11/28 12:51:59 | 000,105,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/11/26 14:13:39 | 000,001,878 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/11/26 13:45:16 | 000,001,153 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk
[2011/11/26 13:44:56 | 000,000,007 | ---- | M] () -- C:\WINDOWS\treeskp.sys
[2011/11/26 13:44:56 | 000,000,007 | ---- | M] () -- C:\WINDOWS\sbacknt.bin
[2011/11/26 13:42:31 | 000,484,620 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/26 13:42:31 | 000,080,634 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/16 03:18:10 | 000,155,881 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.jpg
[2011/12/16 03:12:33 | 000,597,912 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.psp
[2011/12/15 21:58:04 | 000,232,972 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Desktop\holy crap.jpg
[2011/12/05 03:34:12 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/12/04 17:24:32 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/03 19:01:46 | 1072,775,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/03 17:50:49 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\176u1vlI.exe_
[2011/12/03 17:50:49 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\176u1vlI.exe
[2011/12/03 17:50:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\176u1vlI.exe.b
[2011/12/03 13:03:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\O24o3oV.com.b
[2011/12/03 12:57:23 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PTpRX7.dat
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2011/12/03 12:57:17 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2011/12/03 12:57:16 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\O24o3oV.com_
[2011/12/03 12:57:16 | 000,000,348 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2011/11/26 14:13:39 | 000,001,878 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/07/25 06:02:32 | 000,602,112 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2011/06/14 01:18:25 | 000,001,510 | ---- | C] () -- C:\WINDOWS\Sketchpad Preferences.dat
[2011/06/01 15:13:01 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Application Data\Sketchpad 5 Preferences.dat
[2010/05/24 23:41:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Application Data\$_hpcst$.hpc
[2010/04/27 00:07:19 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\2262590918
[2010/04/27 00:07:19 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2262590918
[2010/04/27 00:00:48 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\R2ShtRq60k58
[2010/04/27 00:00:47 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\R2ShtRq60k58
[2010/04/18 23:54:12 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/23 18:29:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/01/13 15:20:24 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010/01/12 12:03:34 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/30 20:22:25 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/10/30 20:22:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/10/28 23:45:27 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/10/28 23:44:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/09/08 16:20:16 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2009/09/08 16:20:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2009/09/08 16:20:16 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2009/09/08 16:19:54 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2009/09/08 16:19:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2009/08/26 20:47:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jtunoz.dat
[2009/08/19 01:47:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/25 20:57:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/06/24 02:39:10 | 000,230,912 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/24 02:39:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/24 02:39:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/24 02:39:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/22 16:04:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/21 13:14:06 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/06/21 13:14:05 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/21 13:14:05 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\bz2.dll
[2009/06/19 21:48:56 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/05/05 11:43:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2009/04/17 02:29:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/01/28 01:23:40 | 000,019,777 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2009/01/28 01:23:40 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2009/01/28 01:23:16 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2009/01/28 01:23:09 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2009/01/28 00:39:18 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/09/18 22:01:15 | 000,083,216 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2008/01/16 00:57:28 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\fusioncache.dat
[2008/01/16 00:48:11 | 000,076,532 | ---- | C] () -- C:\WINDOWS\hpgins07.dat
[2008/01/16 00:48:11 | 000,000,848 | ---- | C] () -- C:\WINDOWS\hpgmdl07.dat
[2007/12/05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/20 19:51:11 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2007/07/08 15:09:29 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/18 23:31:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2007/01/18 23:19:39 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2007/01/18 23:19:39 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2007/01/18 23:19:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2007/01/10 00:48:45 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 00:24:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/09 23:58:05 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/01/09 23:58:05 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/10/24 18:23:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/24 18:17:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/11 12:39:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/11 12:38:41 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/03 06:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.DLL
[2005/03/21 20:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 20:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 006,566,656 | ---- | C] () -- C:\WINDOWS\System32\jcbpziuh.dat
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,633,600 | ---- | C] () -- C:\WINDOWS\System32\raxteavv.dat
[2004/08/04 07:00:00 | 000,484,620 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,219,392 | ---- | C] () -- C:\WINDOWS\System32\nahupbdc.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,080,634 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,047,360 | ---- | C] () -- C:\WINDOWS\System32\zjetltmn.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,045,824 | ---- | C] () -- C:\WINDOWS\System32\lirawbpk.dat
[2004/08/04 07:00:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\cfbowmch.dat
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 17:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/08/07 13:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1997/05/11 07:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll

========== LOP Check ==========

[2009/07/31 20:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/03/02 02:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/12/04 17:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/05 03:32:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/11/26 13:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Control Center for KODAK Webcams
[2010/02/10 02:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2011/12/25 03:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/01/22 20:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/02/10 02:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/08/24 02:38:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/01/22 02:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/06/14 01:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WeCareReminder
[2009/07/16 01:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
[2009/07/31 20:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\acccore
[2009/02/25 21:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Amazon
[2007/06/21 00:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Canon
[2011/12/05 03:33:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\CheckPoint
[2010/01/13 15:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\DisplayTune
[2010/02/22 21:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Ethereal
[2010/06/12 23:19:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Facebook
[2011/07/01 00:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\FVDToolbar
[2009/02/28 12:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\GetRightToGo
[2009/09/20 00:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\GrabPro
[2011/07/12 01:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\gtk-2.0
[2010/01/25 17:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Leadertech
[2011/05/27 00:58:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\OpenCandy
[2011/12/03 19:03:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Orbit
[2010/02/10 02:07:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\PC Suite
[2011/05/27 01:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\ProgSense
[2010/02/10 02:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Samsung
[2010/05/25 16:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Smart Recorder
[2007/09/05 19:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\TomTom
[2011/06/18 21:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\uTorrent
[2010/05/06 00:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\vghd
[2008/01/22 02:01:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Manner Panner\Application Data\Viewpoint
[2011/12/25 00:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2011/12/25 05:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At11.job
[2011/12/25 06:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At13.job
[2011/12/25 07:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At15.job
[2011/12/25 08:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At17.job
[2011/12/25 09:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At19.job
[2011/12/25 10:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At21.job
[2011/12/25 11:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At23.job
[2011/12/25 12:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At25.job
[2011/12/25 13:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At27.job
[2011/12/24 14:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At29.job
[2011/12/25 01:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2011/12/24 15:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At31.job
[2011/12/24 16:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At33.job
[2011/12/24 17:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At35.job
[2011/12/24 18:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At37.job
[2011/12/24 19:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At39.job
[2011/12/24 20:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At41.job
[2011/12/24 21:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At43.job
[2011/12/25 22:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At45.job
[2011/12/24 23:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At47.job
[2011/12/25 02:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At5.job
[2011/12/25 03:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At7.job
[2011/12/25 04:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\Tasks\At9.job

========== Purity Check ==========



< End of report >

Thank you for your time. I look forward to your insights.
  • 0

Advertisements

#2
RKinner
Posted 26 December 2011 - 02:20 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Start, Run, cmd, OK to bring up a command window. Type with an Enter after each line:



cd  \windows\tasks

del  at*.job


This should remove all of the malware tasks which look like:

[2011/12/25 22:24:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At45.job




ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe (Vista or Win 7 must right click and Run As Admin)
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Run TDSSKiller again but this time:
before you hit the Scan hit Change Parameters and check the two items under Additional Options. OK then Scan.
In this mode it is prone to false positives so do not change the SKIP option to DELETE unless it says TDSS.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply



Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

Do the following:
Start -> Run
type diskmgmt.msc
Click "OK"

Disk Management will open.

Click and hold the right side of the Disk Management Window and drag it to the right until you can see all the columns.

Take a screen Shot of the Disk Management Window and attach the screen shot to your reply.
http://graphicssoft....nscreenshot.htm Save the file as a .jpg or the forum won't allow it.


Run OTL
select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
'puter gunna die
Posted 28 December 2011 - 11:31 PM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I'm typing this from my laptop. The subject machine is unable to post replies on here; it just tries to load until it times out. I completed all the steps and I will use this laptop to upload shortly. aswMBR.exe found nothing to fix. The "fix" button was not active.
  • 0

#4
'puter gunna die
Posted 29 December 2011 - 12:00 AM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
All logs are attached. The site won't allow all that text at once.

Attached Thumbnails

  • 06-diskmgmt.jpg

Attached Files


  • 0

#5
'puter gunna die
Posted 29 December 2011 - 12:02 AM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
This is all of it as requested. This forum is the only site on earth where I cannot post with that machine; Facebook and such work fine.

OTL logfile created on: 12/29/2011 12:37:41 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Manner Panner\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.01 Mb Total Physical Memory | 489.83 Mb Available Physical Memory | 47.88% Memory free
1.91 Gb Paging File | 1.30 Gb Available in Paging File | 67.97% Paging File free
Paging file location(s): F:\pagefile.sys 1024 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19.53 Gb Total Space | 0.86 Gb Free Space | 4.39% Space Free | Partition Type: NTFS
Drive F: | 298.09 Gb Total Space | 98.35 Gb Free Space | 32.99% Space Free | Partition Type: NTFS
Drive H: | 979.78 Mb Total Space | 298.44 Mb Free Space | 30.46% Space Free | Partition Type: FAT

Computer Name: MP3 | User Name: Manner Panner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/20 03:14:40 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\ramaint.exe
PRC - [2011/12/20 03:14:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\LMIGuardianSvc.exe
PRC - [2011/12/04 14:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manner Panner\Desktop\OTL.exe
PRC - [2011/11/28 13:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- F:\Programs\avast\AvastUI.exe
PRC - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- F:\Programs\avast\AvastSvc.exe
PRC - [2011/11/18 16:24:40 | 000,561,664 | ---- | M] (Totem Entertainment) -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\Virtuagirl_Downloader.exe
PRC - [2011/11/17 15:55:12 | 001,624,576 | ---- | M] (Totem Entertainment) -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\vghd.exe
PRC - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- F:\Programs\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/11/09 20:01:38 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- F:\Programs\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/11/03 09:44:24 | 000,738,944 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/04/22 07:21:10 | 000,247,728 | ---- | M] (TomTom) -- F:\Programs\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- F:\Programs\tomtom\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/04/08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\LogMeIn.exe
PRC - [2011/01/11 18:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- F:\Programs\logmein\x86\LogMeInSystray.exe
PRC - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
PRC - [2009/07/20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- F:\Programs\Klavier\SetPoint\SetPoint.exe
PRC - [2009/07/10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/08 16:05:04 | 000,312,832 | ---- | M] (Portrait Displays, Inc) -- C:\Program Files\Gateway\EzTune\dthtml.exe
PRC - [2008/04/08 16:02:58 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2008/04/08 16:02:48 | 000,114,688 | ---- | M] (Portrait Displays Inc.) -- C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
PRC - [2008/04/08 15:46:24 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- F:\Programs\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
PRC - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
PRC - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/07/07 23:55:00 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
PRC - [2005/05/12 00:33:52 | 000,479,232 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/02/15 16:10:16 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
PRC - [2004/11/30 11:00:00 | 000,135,168 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/28 12:44:32 | 001,657,856 | ---- | M] () -- F:\Programs\avast\defs\11122801\algo.dll
MOD - [2011/12/19 18:49:56 | 000,241,528 | ---- | M] () -- F:\Programs\avast\defs\11122801\aswRep.dll
MOD - [2011/11/18 16:24:40 | 000,073,216 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\system.dll
MOD - [2011/11/16 14:33:10 | 000,029,184 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\imageformats\qico4.dll
MOD - [2011/11/16 14:33:08 | 000,287,232 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\imageformats\qtiff4.dll
MOD - [2011/11/16 14:32:56 | 000,222,720 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\imageformats\qmng4.dll
MOD - [2011/11/16 14:32:50 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\imageformats\qgif4.dll
MOD - [2011/11/16 14:32:46 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\imageformats\qjpeg4.dll
MOD - [2011/11/16 14:20:20 | 011,159,552 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtWebKit4.dll
MOD - [2011/11/16 13:18:30 | 000,270,336 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\phonon4.dll
MOD - [2011/11/16 13:12:28 | 008,451,072 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtGui4.dll
MOD - [2011/11/16 13:04:24 | 000,860,160 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtNetwork4.dll
MOD - [2011/11/16 13:03:36 | 000,358,400 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtXml4.dll
MOD - [2011/11/16 13:03:28 | 002,349,056 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\QtCore4.dll
MOD - [2011/10/27 16:49:34 | 000,184,832 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\dxmodules.dll
MOD - [2011/06/01 14:28:02 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\Windows.dll
MOD - [2011/06/01 14:27:48 | 000,818,176 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\vhd.dll
MOD - [2011/05/12 21:25:03 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_45fbd682\mscorlib.dll
MOD - [2011/05/12 21:24:59 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_87804e72\system.drawing.dll
MOD - [2011/05/12 21:24:50 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_e67d7d9c\system.xml.dll
MOD - [2011/05/12 21:24:43 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_f0627328\system.windows.forms.dll
MOD - [2011/05/12 21:24:31 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_e4186cb8\system.dll
MOD - [2011/05/12 21:24:19 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2010/03/15 11:28:22 | 000,141,824 | ---- | M] () -- F:\Programs\winrar\RarExt.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/01/06 23:27:48 | 000,473,704 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2009/10/28 23:45:28 | 000,774,144 | ---- | M] () -- c:\windows\assembly\gac\hpqbakup\3.0.0.0__a53cf5803f4c3827\hpqbakup.dll
MOD - [2009/10/23 19:34:36 | 000,827,904 | ---- | M] () -- C:\Program Files\dvd43\DVD43_Tray.exe
MOD - [2009/07/20 12:27:14 | 000,017,936 | ---- | M] () -- F:\Programs\Klavier\SetPoint\khalwrapper.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2008/04/08 16:03:06 | 000,151,552 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DThook.dll
MOD - [2008/04/08 16:03:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Plugins\CC\gui.dll
MOD - [2008/04/08 16:02:58 | 000,069,632 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
MOD - [2008/04/08 16:02:42 | 000,102,400 | ---- | M] () -- C:\Program Files\Common Files\Portrait Displays\Shared\PresetsCOM.dll
MOD - [2008/03/29 01:42:20 | 000,159,744 | ---- | M] () -- C:\Program Files\Essentials Codec Pack\Haali\mmfinfo.dll
MOD - [2008/03/29 01:41:52 | 000,023,552 | ---- | M] () -- C:\Program Files\Essentials Codec Pack\Haali\mkunicode.dll
MOD - [2008/01/18 03:42:18 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2008/01/18 03:42:17 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2008/01/18 03:42:16 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2008/01/16 00:56:37 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqisrtb\4.0.0.0__a53cf5803f4c3827\hpqisrtb.dll
MOD - [2008/01/16 00:56:31 | 000,380,928 | ---- | M] () -- c:\windows\assembly\gac\hpqcprsc\3.0.0.0__a53cf5803f4c3827\hpqcprsc.dll
MOD - [2008/01/16 00:56:24 | 001,032,192 | ---- | M] () -- c:\windows\assembly\gac\hpqedit\3.0.0.0__a53cf5803f4c3827\hpqedit.dll
MOD - [2008/01/16 00:56:23 | 000,004,096 | ---- | M] () -- c:\windows\assembly\gac\interop.hprblog\3.0.0.0__a53cf5803f4c3827\interop.hprblog.dll
MOD - [2008/01/16 00:56:22 | 000,163,840 | ---- | M] () -- c:\windows\assembly\gac\hpqvideo\3.0.0.0__a53cf5803f4c3827\hpqvideo.dll
MOD - [2008/01/16 00:56:21 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqprrsc\4.0.0.0__a53cf5803f4c3827\hpqprrsc.dll
MOD - [2008/01/16 00:56:21 | 000,053,248 | ---- | M] () -- c:\windows\assembly\gac\hpqovskn\3.0.0.0__a53cf5803f4c3827\hpqovskn.dll
MOD - [2008/01/16 00:56:20 | 000,430,080 | ---- | M] () -- c:\windows\assembly\gac\lead.wrapper\13.0.0.113__9cf889f53ea9b907\lead.wrapper.dll
MOD - [2008/01/16 00:56:20 | 000,090,112 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing.imaging.imageprocessing\13.0.0.113__9cf889f53ea9b907\lead.drawing.imaging.imageprocessing.dll
MOD - [2008/01/16 00:56:20 | 000,086,016 | ---- | M] () -- c:\windows\assembly\gac\lead.drawing\13.0.0.113__9cf889f53ea9b907\lead.drawing.dll
MOD - [2008/01/16 00:56:20 | 000,077,824 | ---- | M] () -- c:\windows\assembly\gac\lead\13.0.0.113__9cf889f53ea9b907\lead.dll
MOD - [2008/01/16 00:56:20 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms.drawingcontainer\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.drawingcontainer.dll
MOD - [2008/01/16 00:56:20 | 000,065,536 | ---- | M] () -- c:\windows\assembly\gac\hpqmdmr\4.0.0.0__a53cf5803f4c3827\hpqmdmr.dll
MOD - [2008/01/16 00:56:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\lead.windows.forms\13.0.0.113__9cf889f53ea9b907\lead.windows.forms.dll
MOD - [2008/01/16 00:56:19 | 000,512,000 | ---- | M] () -- c:\windows\assembly\gac\hpqimvlt\3.0.0.0__a53cf5803f4c3827\hpqimvlt.dll
MOD - [2008/01/16 00:56:19 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqntrop\4.0.0.0__a53cf5803f4c3827\hpqntrop.dll
MOD - [2008/01/16 00:56:19 | 000,057,344 | ---- | M] () -- c:\windows\assembly\gac\hpqimlib\3.0.0.0__a53cf5803f4c3827\hpqimlib.dll
MOD - [2008/01/16 00:56:19 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqcxm08\3.0.0.0__a53cf5803f4c3827\interop.hpqcxm08.dll
MOD - [2008/01/16 00:56:19 | 000,015,360 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqvideo\3.0.0.0__a53cf5803f4c3827\interop.hpqvideo.dll
MOD - [2008/01/16 00:56:19 | 000,010,752 | ---- | M] () -- c:\windows\assembly\gac\interop.hpqimgr\3.0.0.0__a53cf5803f4c3827\interop.hpqimgr.dll
MOD - [2008/01/16 00:56:18 | 000,364,544 | ---- | M] () -- c:\windows\assembly\gac\hpqtray\4.0.0.0__a53cf5803f4c3827\hpqtray.dll
MOD - [2008/01/16 00:56:18 | 000,225,280 | ---- | M] () -- c:\windows\assembly\gac\hpqutils\4.0.0.0__a53cf5803f4c3827\hpqutils.dll
MOD - [2008/01/16 00:56:18 | 000,188,416 | ---- | M] () -- c:\windows\assembly\gac\hpqimgrc\4.0.0.0__a53cf5803f4c3827\hpqimgrc.dll
MOD - [2008/01/16 00:56:18 | 000,069,632 | ---- | M] () -- c:\windows\assembly\gac\hpqglutl\4.0.0.0__a53cf5803f4c3827\hpqglutl.dll
MOD - [2008/01/16 00:56:18 | 000,045,056 | ---- | M] () -- c:\windows\assembly\gac\hpqthumb\3.0.0.0__a53cf5803f4c3827\hpqthumb.dll
MOD - [2008/01/16 00:56:18 | 000,036,864 | ---- | M] () -- c:\windows\assembly\gac\hpqfmrsc\4.0.0.0__a53cf5803f4c3827\hpqfmrsc.dll
MOD - [2008/01/16 00:56:18 | 000,024,576 | ---- | M] () -- c:\windows\assembly\gac\hpqasset\4.0.0.0__a53cf5803f4c3827\hpqasset.dll
MOD - [2008/01/16 00:56:18 | 000,020,480 | ---- | M] () -- c:\windows\assembly\gac\hpqiface\4.0.0.0__a53cf5803f4c3827\hpqiface.dll
MOD - [2008/01/16 00:56:17 | 000,589,824 | ---- | M] () -- c:\windows\assembly\gac\hpqcc2\3.0.0.0__a53cf5803f4c3827\hpqcc2.dll
MOD - [2008/01/16 00:55:01 | 000,007,680 | ---- | M] () -- c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll
MOD - [2007/02/09 12:17:30 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Floater.exe
MOD - [2007/02/09 12:17:26 | 000,694,008 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\wpCtrl.exe
MOD - [2007/02/09 12:16:08 | 000,245,760 | ---- | M] () -- C:\Program Files\Portrait Displays\Pivot Software\Winphook.dll
MOD - [2005/05/03 18:38:42 | 000,064,512 | ---- | M] () -- C:\WINDOWS\system32\P17.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/12/20 03:14:40 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Programs\logmein\x86\RaMaint.exe -- (LMIMaint)
SRV - [2011/12/20 03:14:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Programs\logmein\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2011/11/28 13:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- F:\Programs\avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/11/09 20:05:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- F:\Programs\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/11/03 09:44:28 | 000,497,280 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- F:\Programs\tomtom\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/01/11 18:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- F:\Programs\logmein\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2009/07/20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/04/08 16:02:58 | 000,069,632 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2008/04/08 15:46:24 | 000,090,112 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- F:\Programs\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Disabled | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- F:\Programs\iso burner\ImapiHelper.exe -- (Imapi Helper)
SRV - [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\IcdSptSv.exe -- (ICDSPTSV)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/12/20 03:14:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/11/28 12:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 12:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 12:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 12:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 12:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/11/28 12:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/11/28 12:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/11/09 20:01:38 | 000,525,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2011/11/03 09:44:20 | 000,027,016 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011/08/15 21:06:58 | 000,003,968 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FRIdrv.sys -- (FRIdrv)
DRV - [2011/01/11 18:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 18:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- F:\Programs\logmein\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/07 09:05:32 | 000,014,904 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/01/26 21:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009/06/17 11:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 11:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/06/17 11:55:34 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/04/08 15:46:48 | 000,017,064 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PdiPorts.sys -- (PdiPorts)
DRV - [2007/06/15 09:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/02/09 12:17:18 | 000,017,465 | ---- | M] (Portrait Displays, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pivot.sys -- (Pivot)
DRV - [2007/02/09 12:17:16 | 000,011,323 | ---- | M] (Portrait Displays, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pivotmou.sys -- (pivotmou)
DRV - [2006/07/05 14:35:54 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2005/01/10 17:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 17:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 17:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IcdUsb2.sys -- (ICDUSB2) Sony IC Recorder (P)
DRV - [2002/10/15 14:59:24 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2002/01/10 23:22:10 | 000,295,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtaa.sys -- (ati2mtaa)
DRV - [2001/08/17 11:19:20 | 000,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2645238
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {6778613D-616B-4A6C-9856-65DE943CF424} - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Custom Search"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}:1.0
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {3160baf9-cf68-48ec-9076-faed7ce49467}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: F:\Programs\powershot\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Manner Panner\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF} [2009/08/29 23:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1B8822D-3A4A-4916-B012-78E4D46FF87A}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B1B8822D-3A4A-4916-B012-78E4D46FF87A} [2009/08/29 23:37:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{fa46cb24-1d5b-4048-911a-2857a0944395}: F:\Programs\FVD Suite\addons\Firefox [2011/07/01 00:47:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: F:\Programs\avast\WebRep\FF [2011/12/04 17:24:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/12/05 03:33:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: F:\Programs\firefox\components [2011/11/10 00:31:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: F:\Programs\firefox\plugins [2011/09/26 01:18:42 | 000,000,000 | ---D | M]

[2009/04/16 21:44:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Extensions
[2008/05/04 16:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Extensions\[email protected]
[2011/12/05 11:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions
[2010/06/28 13:05:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/01 03:18:51 | 000,000,000 | ---D | M] (dict.cc Community Toolbar) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\{3160baf9-cf68-48ec-9076-faed7ce49467}
[2011/12/05 11:35:27 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2009/08/29 23:22:16 | 000,000,000 | ---D | M] (Flash Video Downloader) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\artur.dubovoy@gmail(2).com
[2011/08/11 23:24:14 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\extensions\[email protected]
[2011/12/05 03:33:48 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER
[2011/12/04 17:24:11 | 000,000,000 | ---D | M] (avast! WebRep) -- F:\PROGRAMS\AVAST\WEBREP\FF

O1 HOSTS File: ([2011/12/28 01:27:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Open FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D44} - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Programs\avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (FVD Suite Toolbar) - {2B171655-A69C-5c18-B693-6CB5DC269D41} - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - F:\Programs\avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [avast] F:\Programs\avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DT GWY] C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe ()
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] F:\Programs\logmein\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.DLL ()
O4 - HKLM..\Run: [PivotSoftware] C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] F:\Programs\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [TomTomHOME.exe] F:\Programs\tomtom\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] F:\Programs\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver performer.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = F:\Programs\Klavier\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\Manner Panner\Start Menu\Programs\Startup\DesktopVideoPlayer.lnk = C:\Documents and Settings\Manner Panner\Local Settings\Application Data\vghd\bin\vghd.exe (Totem Entertainment)
O4 - Startup: C:\Documents and Settings\Manner Panner\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Manner Panner\Start Menu\Programs\Startup\Secunia PSI.lnk = F:\Programs\secunia\PSI\psi.exe (Secunia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Search - F:\Programs\FVD Suite\addons\IE\FVDToolbar.dll (www.flashvideodownloader.org/fvd-suite/)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programs\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsof...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1161734793265 (WUWebControl Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creat...101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1161734842718 (MUWebControl Class)
O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-w...agi3.0.84.2.cab (UnagiAx Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...15108/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.251.129 167.206.251.130
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0AE97ADC-3CF4-4F14-AB47-0D92BB5FC51A}: DhcpNameServer = 167.206.251.129 167.206.251.130
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/28 23:59:05 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/28 00:10:39 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/05 03:33:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\My Documents\ForceField Shared Files
[2011/12/05 03:33:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Application Data\CheckPoint
[2011/12/05 03:33:37 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/12/05 03:33:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\ZoneAlarm_Security
[2011/12/05 03:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\temp
[2011/12/05 03:33:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\Conduit
[2011/12/05 03:33:28 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011/12/05 03:32:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Check Point
[2011/12/05 03:32:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/12/05 03:31:18 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/12/04 17:24:32 | 000,020,568 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/12/04 17:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/12/04 17:24:31 | 000,314,456 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/12/04 17:24:29 | 000,034,392 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/12/04 17:24:28 | 000,435,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/12/04 17:24:28 | 000,052,952 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/12/04 17:24:27 | 000,111,320 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/12/04 17:24:27 | 000,105,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/12/04 17:24:27 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/12/04 17:24:10 | 000,199,816 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/12/04 17:24:10 | 000,041,184 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/12/04 17:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/12/04 14:51:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Manner Panner\Desktop\OTL.exe
[2011/12/04 02:46:37 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/12/03 18:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\ProgSense
[2011/12/03 18:24:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Orbit
[2011/12/03 15:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2007/07/20 20:01:45 | 001,308,216 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HiJackThis_v2.exe
[2002/04/11 08:41:06 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/28 21:31:01 | 000,000,332 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2011/12/28 01:28:05 | 000,267,361 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/12/28 01:27:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/28 01:27:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 01:26:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/28 01:26:05 | 1072,775,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/28 00:10:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/12/24 16:54:24 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/12/20 03:14:16 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll
[2011/12/20 03:14:15 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll
[2011/12/20 03:14:15 | 000,030,592 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll
[2011/12/16 03:18:10 | 000,155,881 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.jpg
[2011/12/16 03:17:50 | 000,597,912 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.psp
[2011/12/15 21:58:04 | 000,232,972 | ---- | M] () -- C:\Documents and Settings\Manner Panner\Desktop\holy crap.jpg
[2011/12/14 03:53:21 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/12/05 03:42:20 | 000,415,859 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/12/04 17:24:32 | 000,000,597 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/04 17:24:28 | 000,002,616 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/12/04 14:51:41 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Manner Panner\Desktop\OTL.exe
[2011/12/04 02:45:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/03 17:50:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\176u1vlI.exe.b
[2011/12/03 17:50:25 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\PTpRX7.dat
[2011/12/03 17:42:19 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\O24o3oV.com.b
[11 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/29 00:35:55 | 000,226,924 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Desktop\06-diskmgmt.jpg
[2011/12/28 00:10:43 | 000,000,281 | ---- | C] () -- C:\Boot.bak
[2011/12/28 00:10:42 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/28 00:07:41 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/16 03:18:10 | 000,155,881 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.jpg
[2011/12/16 03:12:33 | 000,597,912 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Desktop\sln.psp
[2011/12/15 21:58:04 | 000,232,972 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Desktop\holy crap.jpg
[2011/12/05 03:34:12 | 000,415,859 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/12/04 17:24:32 | 000,000,597 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/12/03 19:01:46 | 1072,775,168 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/03 17:50:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\176u1vlI.exe.b
[2011/12/03 13:03:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\O24o3oV.com.b
[2011/12/03 12:57:23 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PTpRX7.dat
[2011/07/25 06:02:32 | 000,602,112 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2011/06/14 01:18:25 | 000,001,510 | ---- | C] () -- C:\WINDOWS\Sketchpad Preferences.dat
[2011/06/01 15:13:01 | 000,001,536 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Application Data\Sketchpad 5 Preferences.dat
[2010/05/24 23:41:29 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Application Data\$_hpcst$.hpc
[2010/04/27 00:07:19 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\2262590918
[2010/04/27 00:07:19 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2262590918
[2010/04/27 00:00:48 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\R2ShtRq60k58
[2010/04/27 00:00:47 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\R2ShtRq60k58
[2010/04/18 23:54:12 | 000,000,007 | ---- | C] () -- C:\WINDOWS\treeskp.sys
[2010/01/26 21:09:02 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2010/01/23 18:29:44 | 000,000,072 | ---- | C] () -- C:\WINDOWS\sbwin.ini
[2010/01/13 15:20:24 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\Machnm32.sys
[2010/01/12 12:03:34 | 002,283,526 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/30 20:22:25 | 000,000,234 | ---- | C] () -- C:\WINDOWS\PrnHlpLogConfig.ini
[2009/10/30 20:22:13 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_InstantSHareJPG.ini
[2009/10/28 23:45:27 | 000,000,217 | ---- | C] () -- C:\WINDOWS\HP_IZClosingDiscErrorPatch.ini
[2009/10/28 23:44:19 | 000,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2009/09/08 16:20:16 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\bsrmgcv.dll
[2009/09/08 16:20:16 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\bsrmgps.dll
[2009/09/08 16:20:16 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\Tr_sttool.dat
[2009/09/08 16:19:54 | 000,585,728 | ---- | C] () -- C:\WINDOWS\System32\bsratswf.dll
[2009/09/08 16:19:54 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\bsratwmv.dll
[2009/08/26 20:47:55 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Jtunoz.dat
[2009/08/19 01:47:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/06/25 20:57:40 | 000,000,007 | ---- | C] () -- C:\WINDOWS\sbacknt.bin
[2009/06/24 02:39:10 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/06/24 02:39:10 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/06/24 02:39:10 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/06/24 02:39:10 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/06/22 16:04:24 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/21 13:14:06 | 000,074,240 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2009/06/21 13:14:05 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/06/21 13:14:05 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\bz2.dll
[2009/06/19 21:48:56 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/05/05 11:43:55 | 000,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2009/04/17 02:29:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/01/28 01:23:40 | 000,019,777 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2009/01/28 01:23:40 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2009/01/28 01:23:16 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2009/01/28 01:23:09 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2009/01/28 00:39:18 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2008/09/18 22:01:15 | 000,083,216 | ---- | C] () -- C:\WINDOWS\System32\KmRemove.exe
[2008/01/16 00:57:28 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\fusioncache.dat
[2008/01/16 00:48:11 | 000,076,532 | ---- | C] () -- C:\WINDOWS\hpgins07.dat
[2008/01/16 00:48:11 | 000,000,848 | ---- | C] () -- C:\WINDOWS\hpgmdl07.dat
[2007/12/05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/07/20 19:51:11 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\Wh2Robo.dll
[2007/07/08 15:09:29 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/01/18 23:31:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2007/01/18 23:19:39 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\trc.dll
[2007/01/18 23:19:39 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2007/01/18 23:19:39 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2007/01/10 00:48:45 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/10 00:24:03 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/09 23:58:05 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini
[2007/01/09 23:58:05 | 000,000,075 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/10/24 18:23:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/10/24 18:17:38 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/10/11 12:39:49 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/10/11 12:38:41 | 000,286,904 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/05/03 06:38:42 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.DLL
[2005/03/21 20:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 20:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 07:00:00 | 006,566,656 | ---- | C] () -- C:\WINDOWS\System32\jcbpziuh.dat
[2004/08/04 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 07:00:00 | 000,633,600 | ---- | C] () -- C:\WINDOWS\System32\raxteavv.dat
[2004/08/04 07:00:00 | 000,484,620 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 07:00:00 | 000,219,392 | ---- | C] () -- C:\WINDOWS\System32\nahupbdc.dat
[2004/08/04 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 07:00:00 | 000,080,634 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 07:00:00 | 000,047,360 | ---- | C] () -- C:\WINDOWS\System32\zjetltmn.dat
[2004/08/04 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 07:00:00 | 000,045,824 | ---- | C] () -- C:\WINDOWS\System32\lirawbpk.dat
[2004/08/04 07:00:00 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\cfbowmch.dat
[2004/08/04 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/10/02 17:48:18 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2003/08/07 13:01:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[1997/05/11 07:20:50 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll

< End of report >

Attached Files


  • 0

#6
RKinner
Posted 29 December 2011 - 01:00 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Uninstall:
Java™ 6 Update 26
Java™ 6 Update 6 -get latest from java.com
Adobe Reader 8.3.1 -get latest from adobe.com
Adobe Flash Player 10 ActiveX -get latest from adobe.com (use IE)
Orbit Downloader
Dell Driver Download Manager
µTorrent


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF} [2009/08/29 23:37:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1B8822D-3A4A-4916-B012-78E4D46FF87A}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B1B8822D-3A4A-4916-B012-78E4D46FF87A} [2009/08/29 23:37:46 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver performer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
[2011/12/03 17:50:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\176u1vlI.exe.b
[2011/12/03 13:03:04 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\O24o3oV.com.b
[2011/12/03 12:57:23 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\PTpRX7.dat
[2010/04/27 00:07:19 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\2262590918
[2010/04/27 00:07:19 | 000,013,694 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\2262590918
[2010/04/27 00:00:48 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\R2ShtRq60k58
[2010/04/27 00:00:47 | 000,013,856 | -HS- | C] () -- C:\Documents and Settings\Manner Panner\Local Settings\Application Data\R2ShtRq60k58

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

    
:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\windows\system32\drivers\kaenjoo.sys

Driver::
nualtp


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows. Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?
I think on XP systems the log file can be found in text form in C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\boot.txt If you can find it please copy and paste it into a reply.


Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

How is it running now?

Ron
  • 0

#7
'puter gunna die
Posted 29 December 2011 - 08:06 PM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here's the OTL for the processes killed.

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ deleted successfully.
C:\Program Files\ZoneAlarm_Security\prxtbZone.dll moved successfully.
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Prefs.js: {E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}:1.0 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF}: C:\Documents and Settings\Manner Panner\Local Settings\Application Data\{E5DA3F2D-8D54-4F4C-86F1-A43E641D05FF} not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{B1B8822D-3A4A-4916-B012-78E4D46FF87A}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{B1B8822D-3A4A-4916-B012-78E4D46FF87A} not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Driver performer.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Low Rights\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
C:\Documents and Settings\All Users\Application Data\176u1vlI.exe.b moved successfully.
C:\WINDOWS\system32\O24o3oV.com.b moved successfully.
C:\Documents and Settings\All Users\Application Data\PTpRX7.dat moved successfully.
C:\Documents and Settings\Manner Panner\Local Settings\Application Data\2262590918 moved successfully.
C:\Documents and Settings\All Users\Application Data\2262590918 moved successfully.
C:\Documents and Settings\All Users\Application Data\R2ShtRq60k58 moved successfully.
C:\Documents and Settings\Manner Panner\Local Settings\Application Data\R2ShtRq60k58 moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manner Panner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Manner Panner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manner Panner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Manner Panner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manner Panner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Manner Panner\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Manner Panner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Manner Panner\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 405 bytes

User: All Users
->Flash cache emptied: 35 bytes

User: Default User
->Flash cache emptied: 56475 bytes

User: Guest

User: LocalService

User: Manner Panner
->Flash cache emptied: 181335 bytes

User: NetworkService
->Flash cache emptied: 12736 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Guest
->Java cache emptied: 0 bytes

User: LocalService

User: Manner Panner
->Java cache emptied: 33749660 bytes

User: NetworkService
->Java cache emptied: 14246 bytes

Total Java Files Cleaned = 32.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12292011_205813

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
'puter gunna die
Posted 29 December 2011 - 08:07 PM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hm I am able to reply on this machine again.
  • 0

#9
'puter gunna die
Posted 29 December 2011 - 08:45 PM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Now the ComboFix log... more to come.

ComboFix 11-12-29.05 - Manner Panner 12/29/2011 21:15:22.6.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.437 [GMT -5:00]
Running from: c:\documents and settings\Manner Panner\Desktop\Combo_Fix2.exe
Command switches used :: c:\documents and settings\Manner Panner\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Free Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\windows\system32\drivers\kaenjoo.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_nualtp
.
.
((((((((((((((((((((((((( Files Created from 2011-11-28 to 2011-12-30 )))))))))))))))))))))))))))))))
.
.
2011-12-30 01:58 . 2011-12-30 01:58 -------- d-----w- C:\_OTL
2011-12-30 01:39 . 2011-12-30 01:39 -------- d-----w- c:\program files\Common Files\Java
2011-12-30 01:37 . 2011-12-30 01:37 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-12-30 01:27 . 2011-12-30 01:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-12-15 17:45 . 2011-12-15 17:45 -------- d-----w- c:\documents and settings\Guest
2011-12-05 08:33 . 2011-12-05 08:33 -------- d-----w- c:\documents and settings\Manner Panner\Application Data\CheckPoint
2011-12-05 08:33 . 2011-12-05 08:33 -------- d-----w- c:\program files\Conduit
2011-12-05 08:33 . 2011-12-30 01:12 -------- d-----w- c:\documents and settings\Manner Panner\Local Settings\Application Data\ZoneAlarm_Security
2011-12-05 08:33 . 2011-12-10 08:47 -------- d-----w- c:\documents and settings\Manner Panner\Local Settings\Application Data\Conduit
2011-12-05 08:33 . 2011-12-05 08:33 -------- d-----w- c:\documents and settings\Manner Panner\Local Settings\Application Data\temp
2011-12-05 08:33 . 2011-12-30 01:58 -------- d-----w- c:\program files\ZoneAlarm_Security
2011-12-05 08:32 . 2011-12-05 08:32 -------- d-----w- c:\documents and settings\All Users\Application Data\CheckPoint
2011-12-05 08:31 . 2011-12-05 08:33 -------- d-----w- c:\program files\CheckPoint
2011-12-04 22:24 . 2011-11-28 17:51 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-12-04 22:24 . 2011-11-28 17:53 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-12-04 22:24 . 2011-11-28 17:52 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-12-04 22:24 . 2011-11-28 17:53 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-12-04 22:24 . 2011-11-28 17:52 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-12-04 22:24 . 2011-11-28 17:52 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-12-04 22:24 . 2011-11-28 17:51 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-12-04 22:24 . 2011-11-28 17:48 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-12-04 22:24 . 2011-11-28 18:01 41184 ----a-w- c:\windows\avastSS.scr
2011-12-04 22:24 . 2011-11-28 18:01 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-12-04 22:23 . 2011-12-04 22:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-12-04 07:46 . 2011-12-04 07:46 -------- d-----w- C:\_OTM
2011-12-03 23:24 . 2011-12-03 23:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\ProgSense
2011-12-03 23:24 . 2011-12-04 00:00 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Orbit
2011-12-03 22:30 . 2011-12-03 22:30 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-30 01:37 . 2011-03-07 03:55 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-12-30 01:13 . 2011-05-19 03:51 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-20 08:14 . 2011-08-12 03:58 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2011-12-20 08:14 . 2011-08-12 03:58 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2011-12-20 08:14 . 2011-08-12 03:58 30592 ----a-w- c:\windows\system32\LMIport.dll
2011-12-20 08:14 . 2011-08-12 03:58 87424 ----a-w- c:\windows\system32\LMIinit.dll
2011-12-10 20:24 . 2009-09-06 03:22 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-04 07:58 . 2004-08-04 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-10-08 07:55 . 2011-08-12 03:58 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
2011-10-08 07:55 . 2011-08-12 03:58 87424 ----a-w- c:\windows\system32\LMIinit.dll.000.bak
2007-07-21 01:01 . 2007-07-21 01:01 1308216 ----a-w- c:\program files\HiJackThis_v2.exe
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot_2011-12-28_06.30.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-30 02:33 . 2011-12-30 02:33 16384 c:\windows\temp\Perflib_Perfdata_4ac.dat
+ 2011-12-30 01:27 . 2011-12-30 01:27 28160 c:\windows\Installer\934c510.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\ViewerPS.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\reader_sl.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 88992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlr.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\eula.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrotextextractor.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32Info.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 63912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acroiehelpershim.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroIEHelper.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\Acrofx32.dll
+ 2011-12-30 01:13 . 2011-12-30 01:13 247968 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe
+ 2011-12-30 01:13 . 2011-12-30 01:13 335520 c:\windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.dll
- 2011-07-24 08:37 . 2011-05-04 08:52 157472 c:\windows\system32\javaws.exe
+ 2011-12-30 01:37 . 2011-12-30 01:37 157472 c:\windows\system32\javaws.exe
+ 2011-12-30 01:37 . 2011-12-30 01:37 149280 c:\windows\system32\javaw.exe
+ 2011-12-30 01:37 . 2011-12-30 01:37 149280 c:\windows\system32\java.exe
+ 2011-12-30 01:39 . 2011-12-30 01:39 203776 c:\windows\Installer\934c525.msi
+ 2011-12-30 01:37 . 2011-12-30 01:37 901120 c:\windows\Installer\934c515.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 249232 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\sqlite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 394136 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\pdfshell.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 103848 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\PDFPrevHndlrShim.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 183696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\nppdf32.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AiodLite.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 102808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRdIF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 755088 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroPDF.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 296344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\acrobroker.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\a3dutils.dll
+ 2011-12-30 01:47 . 2011-12-30 01:47 299008 c:\windows\ERDNT\AutoBackup\12-29-2011\Users\00000002\UsrClass.dat
+ 2011-12-30 01:47 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\12-29-2011\ERDNT.EXE
+ 2011-12-30 01:25 . 2011-12-30 01:25 2295808 c:\windows\Installer\934c509.msi
+ 2011-06-06 17:55 . 2011-06-06 17:55 2215312 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\rt3d.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 6543768 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\authplay.dll
+ 2011-06-06 17:55 . 2011-06-06 17:55 1240992 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AdobeCollabSync.exe
+ 2011-06-06 17:55 . 2011-06-06 17:55 1480600 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.exe
+ 2011-09-05 21:51 . 2011-09-05 21:51 13135872 c:\windows\Installer\934c50a.msp
+ 2011-06-06 17:55 . 2011-06-06 17:55 24731544 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\AcroRd32.dll
+ 2011-12-30 01:47 . 2011-12-30 01:47 13582336 c:\windows\ERDNT\AutoBackup\12-29-2011\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6778613D-616B-4A6C-9856-65DE943CF424}"= "f:\programs\FVD Suite\addons\IE\FVDToolbar.dll" [2011-04-18 485376]
.
[HKEY_CLASSES_ROOT\clsid\{6778613d-616b-4a6c-9856-65de943cf424}]
[HKEY_CLASSES_ROOT\FVDToolbar.FVDSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{2B171655-A69C-5c18-B693-6CB5DC269D40}]
[HKEY_CLASSES_ROOT\FVDToolbar.FVDSearchHook]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- f:\programs\avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2004-11-30 135168]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 19550344]
"TomTomHOME.exe"="f:\programs\tomtom\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"P17Helper"="P17.dll" [2005-05-03 64512]
"HPHUPD05"="c:\program files\HP\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904]
"PivotSoftware"="c:\program files\Portrait Displays\Pivot Software\wpctrl.exe" [2007-02-09 694008]
"DT GWY"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2008-04-08 81920]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408]
"LogMeIn GUI"="f:\programs\logmein\x86\LogMeInSystray.exe" [2011-01-11 63048]
"avast"="f:\programs\avast\avastUI.exe" [2011-11-28 3744552]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]
"ZoneAlarm"="f:\programs\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\Manner Panner\Start Menu\Programs\Startup\
DesktopVideoPlayer.lnk - c:\documents and settings\Manner Panner\Local Settings\Application Data\vghd\bin\vghd.exe [2011-3-2 1624576]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Secunia PSI.lnk - f:\programs\secunia\PSI\psi.exe [2010-7-21 965176]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-7 113664]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
Logitech SetPoint.lnk - f:\programs\Klavier\SetPoint\SetPoint.exe [2010-1-25 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2011-12-20 08:14 87424 ----a-w- c:\windows\system32\LMIinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Manner Panner^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\documents and settings\Manner Panner\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-04-18 06:49 50736 ----a-w- c:\program files\AOL 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2006-09-26 00:52 50736 ----a-w- c:\program files\Common Files\aol\1183925472\ee\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2003-12-22 13:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 19:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AOL ACS"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1183925472\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"f:\\Programs\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\AIM\\aim.exe"=
"f:\\Programs\\firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Manner Panner\\Local Settings\\Application Data\\vghd\\bin\\Virtuagirl_Downloader.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12/4/2011 5:24 PM 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12/4/2011 5:24 PM 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/4/2011 5:24 PM 20568]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 9:44 AM 27016]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 9:44 AM 497280]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/25/2010 5:23 PM 10384]
R2 LMIGuardianSvc;LMIGuardianSvc;f:\programs\logmein\x86\LMIGuardianSvc.exe [7/6/2011 3:32 PM 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;f:\programs\logmein\x86\rainfo.sys [1/11/2011 6:04 PM 12856]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 9:09 PM 50704]
R2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [1/13/2010 3:20 PM 90112]
R2 TomTomHOMEService;TomTomHOMEService;f:\programs\tomtom\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 7:21 AM 92592]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/31/2009 8:19 PM 24652]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [7/7/2010 9:05 AM 14904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [9/14/2008 10:53 PM 96256]
S3 FRIdrv;FRIdrv;c:\windows\system32\drivers\FRIdrv.sys [11/4/2010 7:46 PM 3968]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [1/18/2007 11:19 PM 39048]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-29 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2009-01-28 04:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
IE: Search - f:\programs\FVD Suite\addons\IE\FVDToolbar.dll/IECONTEXT.DLL.HTM
TCP: DhcpNameServer = 167.206.251.129 167.206.251.130
FF - ProfilePath - c:\documents and settings\Manner Panner\Application Data\Mozilla\Firefox\Profiles\nlczkstm.default\
FF - prefs.js: browser.search.selectedEngine - Google Custom Search
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
Toolbar-{91da5e8a-3318-4f8c-b67e-5964de3ab546} - (no file)
WebBrowser-{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-29 21:35
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(776)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'lsass.exe'(832)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'explorer.exe'(4052)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
f:\programs\Klavier\SetPoint\lgscroll.dll
c:\windows\system32\ieframe.dll
c:\program files\Portrait Displays\Pivot Software\winphook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
f:\programs\avast\AvastSvc.exe
f:\programs\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
f:\programs\Java\bin\jqs.exe
f:\programs\logmein\x86\RaMaint.exe
f:\programs\logmein\x86\LogMeIn.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\Rundll32.exe
c:\program files\Portrait Displays\Pivot Software\floater.exe
c:\program files\Gateway\EzTune\DTHtml.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\documents and settings\Manner Panner\Local Settings\Application Data\vghd\bin\VirtuaGirl_Downloader.exe
.
**************************************************************************
.
Completion time: 2011-12-29 21:43:29 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-30 02:43
ComboFix2.txt 2011-12-28 06:37
ComboFix3.txt 2009-09-07 08:24
ComboFix4.txt 2009-06-25 04:37
ComboFix5.txt 2011-12-30 02:13
.
Pre-Run: 361,967,616 bytes free
Post-Run: 360,775,680 bytes free
.
- - End Of File - - 3515C97A2DE2C9C40E5ED2108AC61926
  • 0

#10
'puter gunna die
Posted 30 December 2011 - 02:23 AM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
12/29/2011 21:53
Scan of all local drives

File C:\Qoobox\Quarantine\C\WINDOWS\idixeyak.dll.vir is infected by Win32:Hilot [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_lntlbsbq_.sys.zip|>lntlbsbq.sys is infected by Win32:Agent-PSI [Rtk], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\_xllskned_.sys.zip|>xllskned.sys is infected by Win32:DrvPatch, Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\_biqjwye_.dll.zip|>biqjwye.dll|>[Morphine]|>[UPX] is infected by Win32:Delf-HPR [Trj], Moved to chest
File C:\Qoobox\Quarantine\C\WINDOWS\system32\_sdra64_.exe.zip|>sdra64.exe is infected by Win32:MalOb-A [Cryp], Moved to chest
File C:\Qoobox\Quarantine\[4]-Submit_2009-06-25_00.27.17.zip|>ld10.exe|>[UPX] is infected by Win32:Koobface-T [Wrm], Moved to chest
File C:\Qoobox\Quarantine\[4]-Submit_2009-06-25_00.27.17.zip|>ukibufisawan.dll is infected by Win32:Hilot [Trj], Moved to chest
File F:\ca_setup.exe|>%MAINDIR%\Cain.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\ca_setup.exe|>%MAINDIR%\Abel.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\networking apps\actualspy.exe|>{group}\ActualSpy.exe is infected by Win32:ActualSpy-N [PUP], Moved to chest
File F:\networking apps\actualspy.exe|>{app}\ASMonitor.exe|>[ASProtect] is infected by Win32:ActualSpy-K [PUP], Moved to chest
File F:\networking apps\actualspy.exe|>{app}\hk2.dll is infected by Win32:ActualSpy-M [PUP], Moved to chest
File F:\networking apps\actualspy.exe|>{app}\hprog.dll is infected by Win32:Trojan-gen, Moved to chest
File F:\networking apps\actualspy.exe|>{app}\settings.exe is infected by Win32:Trojan-gen, Moved to chest
File F:\networking apps\ca_setup.exe|>%MAINDIR%\Abel.exe|>[UPX] is infected by Win32:Malware-gen, Moved to chest
File F:\New Folder\1.mpg is infected by WMA:Wimad [Susp], Moved to chest
File F:\New Folder\caroline pierce\W6a02992|>ap4083651.jpg Error 42125 {ZIP archive is corrupted.}
File F:\New Folder\kate\9\10.mpg is infected by WMA:Wimad [Susp], Moved to chest
File F:\Programs\Cain\Abel.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\Programs\Cain\Cain.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089672.exe|>%MAINDIR%\Cain.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089672.exe|>%MAINDIR%\Abel.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089673.exe|>{group}\ActualSpy.exe is infected by Win32:ActualSpy-N [PUP], Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089673.exe|>{app}\ASMonitor.exe|>[ASProtect] is infected by Win32:ActualSpy-K [PUP], Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089673.exe|>{app}\hk2.dll is infected by Win32:ActualSpy-M [PUP], Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089673.exe|>{app}\hprog.dll is infected by Win32:Trojan-gen, Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089673.exe|>{app}\settings.exe is infected by Win32:Trojan-gen, Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089674.exe|>%MAINDIR%\Abel.exe|>[UPX] is infected by Win32:Malware-gen, Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089675.exe is infected by Win32:PUP-gen [PUP], Moved to chest
File F:\System Volume Information\_restore{117877D3-E28E-4CB9-BC0F-04E34A5F2B41}\RP775\A0089676.exe is infected by Win32:PUP-gen [PUP], Moved to chest
Number of searched folders: 19118
Number of tested files: 1093577
Number of infected files: 29
  • 0

Advertisements

#11
'puter gunna die
Posted 30 December 2011 - 02:35 AM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Question about the boot-time scan. I noticed some of these discoveries are from programs I downloaded a while back. Cain and Abel for example; we used to use these apps to test virtual servers in a sandbox type network for a security course. Are they really laced with a virus or does it just snatch these objects up by default? The other one is Actual Spy. I was surprised at all the WIMAD type trojans in my videos. Another concern was "ap4083651.jpg Error 42125 {ZIP archive is corrupted.}" Is this a real threat? Thanks. I'll continue the other things later; this scan took 6 hours to complete.
  • 0

#12
RKinner
Posted 30 December 2011 - 12:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
If you look at the log you will see Avast knows the files you mentioned are not really viruses. It calls them [PUP] which means Potentially Unwanted Program. Not programs the average user would have any use for but which can be misused by malware.

The programs are in Avast's chest so you can recover them if you want them.

Any program that it took out that you think might be OK can be removed from the chest and submitted to http://virustotal.com. See what the other anti-virus programs think about it.

I could be wrong but I think this one:
File F:\New Folder\caroline pierce\W6a02992|>ap4083651.jpg Error 42125 {ZIP archive is corrupted.}
is just for information purposes as it did not say it had been moved to the chest.
  • 0

#13
'puter gunna die
Posted 05 January 2012 - 06:43 PM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Sorry went away for a while. I did the event viewer; now for the Vino Rosso thing.
  • 0

#14
'puter gunna die
Posted 15 January 2012 - 01:43 AM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Vino's Event Viewer v01c run on Windows XP in English
Report run at 15/01/2012 2:42:23 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#15
'puter gunna die
Posted 15 January 2012 - 01:45 AM

'puter gunna die

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Unfortunately it still runs slow. Not sure what's going on.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP