Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

VIRUS,SPYWARE CAUSE SLOW BOOT UP/GAME CLIENT CRASH/ MEMORY LOSS

Started by schaferschloss , Oct 08 2011 03:29 PM

  • Please log in to reply

#1
schaferschloss
Posted 08 October 2011 - 03:29 PM

schaferschloss

    New Member

  • Member
  • Pip
  • 6 posts
I have problems in rebooting or just starting my computer, it takes like 15- to 20 min to boot up. I get to my desktop with no icons or taskbar, at this time I am able to bring up the task manager and see only a few process are running and after 15-20 min everything loads. Sometimes when I click on anything to open it locks up and nothing works. During this I notice my moden is very active. when in msconfig I see things running that I google search like Rthdcpl, yahoo updater, windows search could have corrupt files and cuase problems. Also I play an online game that just release an major update anf their game client crashes; using their tech support and forms they are saying virus or spyware thats cuase memory lost and the game crashes( think they have bad files) I run zone alarm Extreme security and it finds nothing.

OTL logfile created on: 10/8/2011 3:31:54 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Anthony W. Schafer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 72.13% Memory free
5.08 Gb Paging File | 4.14 Gb Available in Paging File | 81.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 502.05 Gb Free Space | 84.21% Space Free | Partition Type: NTFS

Computer Name: ANTHONY-5F8DF99 | User Name: Anthony W. Schafer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/08 15:31:50 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony W. Schafer\Desktop\OTL.exe
PRC - [2011/10/06 22:47:38 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2010/09/07 14:15:28 | 002,787,224 | ---- | M] (Razer USA Ltd) -- C:\Program Files\Razer\Imperator\RazerImperatorTray.exe
PRC - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/08/29 02:53:14 | 001,039,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/08/27 04:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/08/27 04:34:00 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/04/13 16:33:04 | 000,238,592 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\Razer\Lycosa\razerhid.exe
PRC - [2009/10/09 15:32:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe
PRC - [2009/09/10 11:15:42 | 000,870,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/06 22:47:38 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2011/08/21 16:08:58 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\40893760431f8f0dcce3e18630e45b23\System.Web.ni.dll
MOD - [2011/08/21 16:07:32 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\77df2cd21a5b85a1605b335aa9ad9d44\System.Configuration.ni.dll
MOD - [2011/08/21 16:06:56 | 000,025,600 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll
MOD - [2011/08/21 16:05:23 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\10154dcad2d62f226af2fd4211460a4b\System.Xml.ni.dll
MOD - [2011/08/21 16:05:17 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d00cc387e462e4c3cdcd112b137cac87\System.Windows.Forms.ni.dll
MOD - [2011/08/21 16:05:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7ed09623172a292eaee51e2e3bcaf784\System.Drawing.ni.dll
MOD - [2011/08/21 16:04:21 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e6c79e1d71b0c9000afd7e5e439b5c54\System.ni.dll
MOD - [2011/08/21 16:04:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MOD - [2011/08/11 06:53:26 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010/10/25 18:44:46 | 000,266,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3188.36940__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:46 | 000,204,800 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3188.36964__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2010/10/25 18:44:46 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3188.36957__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2010/10/25 18:44:45 | 001,691,648 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3188.36961__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2010/10/25 18:44:45 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3188.37109__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2010/10/25 18:44:45 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3188.37111__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:45 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.3188.36962__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:45 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3188.37076__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:45 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3188.36948__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:45 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3188.37045__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:45 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3188.37018__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:45 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.3188.36962__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:45 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3188.36949__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:44 | 000,356,352 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3188.37054__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:44 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3188.37055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2010/10/25 18:44:44 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3188.37053__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:43 | 000,671,744 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3188.37134__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:43 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3188.37133__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:42 | 000,811,008 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3188.37023__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:42 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3188.36966__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:42 | 000,442,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3188.36951__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:42 | 000,405,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3188.37067__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2010/10/25 18:44:42 | 000,286,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared\2.0.3188.37007__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Dashboard.Shared.dll
MOD - [2010/10/25 18:44:42 | 000,225,280 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3188.36965__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:42 | 000,122,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3188.37039__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:42 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3188.37021__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:42 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3188.36971__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:42 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3188.37038__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:41 | 000,450,560 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3188.37013__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:41 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3188.37020__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2010/10/25 18:44:41 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3188.37019__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:41 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3188.37021__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:41 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3188.37041__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2010/10/25 18:44:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3156.17694__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2010/10/25 18:44:41 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3156.17689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2010/10/25 18:44:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3156.17698__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll
MOD - [2010/10/25 18:44:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3156.17722__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2010/10/25 18:44:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3156.17701__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2010/10/25 18:44:41 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3156.17721__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2010/10/25 18:44:40 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2010/10/25 18:44:40 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.3156.17681__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2010/10/25 18:44:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3156.17682__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2010/10/25 18:44:40 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3156.17747__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2010/10/25 18:44:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3156.17703__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2010/10/25 18:44:40 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll
MOD - [2010/10/25 18:44:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.3156.17699__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2010/10/25 18:44:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.3156.17703__90ba9c70f846762e\DEM.OS.dll
MOD - [2010/10/25 18:44:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll
MOD - [2010/10/25 18:44:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.3156.17703__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2010/10/25 18:44:40 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2010/10/25 18:44:40 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2010/10/25 18:44:39 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3156.17721__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.3156.17682__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2010/10/25 18:44:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3156.17697__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3156.17695__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3156.17689__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3156.17694__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2010/10/25 18:44:39 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3188.37089__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2010/10/25 18:44:38 | 000,397,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3188.36956__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2010/10/25 18:44:38 | 000,106,496 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.3188.37099__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2010/10/25 18:44:38 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3188.36936__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2010/10/25 18:44:38 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3188.37095__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2010/10/25 18:44:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3188.36938__90ba9c70f846762e\CLI.Component.SkinFactory.dll
MOD - [2010/10/25 18:44:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3156.17708__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3156.17707__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2010/10/25 18:44:38 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3188.37126__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2010/10/25 18:44:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2010/10/25 18:44:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3156.17710__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3156.17689__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2010/10/25 18:44:38 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3156.17701__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3156.17706__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3156.17702__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3156.17698__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2010/10/25 18:44:38 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3156.17709__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3156.17702__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2010/10/25 18:44:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3156.17704__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.3156.17700__90ba9c70f846762e\APM.Foundation.dll
MOD - [2010/10/25 18:44:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3156.17686__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll
MOD - [2010/10/25 18:44:38 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3156.17695__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2010/10/25 18:44:38 | 000,014,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
MOD - [2010/10/25 18:44:38 | 000,013,312 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll
MOD - [2010/10/25 18:44:38 | 000,011,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3188.37139__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll
MOD - [2010/10/25 18:44:38 | 000,007,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3188.36933__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2010/10/25 18:44:37 | 001,032,192 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3188.36945__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2010/10/25 18:44:37 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.3188.36937__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2010/10/25 18:44:37 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.3188.36935__90ba9c70f846762e\APM.Server.dll
MOD - [2010/10/25 18:44:37 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.3188.36934__90ba9c70f846762e\AEM.Server.dll
MOD - [2010/10/25 18:44:37 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3156.17692__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2010/10/25 18:44:37 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2010/10/25 18:44:37 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.3188.37098__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2010/10/25 18:44:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3156.17702__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2010/10/25 18:44:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3156.17711__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2010/10/25 18:44:37 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private\2.0.3156.17718__90ba9c70f846762e\CLI.Aspect.CustomFormatSelection.Graphics.Dashboard.Shared.Private.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/11/20 16:48:40 | 000,245,760 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\avsys\kavess.dll
MOD - [2009/11/20 16:48:40 | 000,010,240 | ---- | M] () -- C:\WINDOWS\system32\ZoneLabs\avsys\queue.dll
MOD - [2009/10/09 15:32:20 | 000,143,360 | ---- | M] () -- C:\Program Files\Razer\Lycosa\razertra.exe
MOD - [2009/09/10 11:17:16 | 000,088,848 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\crsrpt.dll
MOD - [2009/09/10 11:15:48 | 000,013,072 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\MlfHook.dll
MOD - [2009/09/10 11:15:44 | 000,276,752 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mtdsdk.dll
MOD - [2009/09/10 11:15:26 | 000,169,744 | ---- | M] () -- C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\resources\mbzaenu.dll
MOD - [2009/04/15 15:04:38 | 000,104,520 | ---- | M] () -- C:\WINDOWS\system32\OSD.dll
MOD - [2008/06/23 13:58:36 | 000,016,384 | R--- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (LVPrcSrv)
SRV - [2011/08/19 09:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/09/01 15:51:28 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/08/29 02:54:52 | 002,434,568 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/08/27 04:34:02 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/07/01 04:45:02 | 000,136,616 | ---- | M] () [Auto | Stopped] -- C:\Program Files\AMD\OverDrive\AODAssist.exe -- (AODService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)


========== Driver Services (SafeList) ==========

DRV - [2011/08/19 09:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 600(UVC)
DRV - [2011/08/19 09:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/08/27 04:33:54 | 000,035,568 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Program Files\CheckPoint\ZAForceField\AK\icsak.sys -- (icsak)
DRV - [2010/08/27 04:33:54 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/07/27 03:15:20 | 000,023,904 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2010/07/06 03:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2010/06/09 19:16:12 | 000,528,128 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009/12/21 21:50:16 | 000,005,760 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vHidDev.sys -- (vHidDev)
DRV - [2009/10/12 18:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009/10/12 18:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)
DRV - [2008/09/23 22:09:07 | 003,331,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/08/12 03:10:50 | 004,751,360 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/22 13:21:46 | 000,016,896 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lycosa.sys -- (LycoFltr)
DRV - [2008/05/08 09:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 07:00:00 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2007/07/20 18:40:10 | 000,084,992 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2005/12/20 19:23:00 | 000,023,872 | ---- | M] (Your Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\FOXCONN\FOX LiveUpdate\FXDrv32.sys -- (FXDrv32)
DRV - [2001/08/17 08:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.91: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Documents and Settings\Anthony W. Schafer\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Anthony W. Schafer\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/09/09 08:54:36 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Lycosa] C:\Program Files\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech....Detection32.cab (Device Detection)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1287985646250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: vzTCPConfig http://my.verizon.co...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D9A769D0-DE89-4DF1-9199-8FC8928DDDEF}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Anthony W. Schafer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Anthony W. Schafer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:16:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/08 15:31:46 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Anthony W. Schafer\Desktop\OTL.exe
[2011/10/06 22:48:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\Desktop\LOTRO High Res Install Files EN
[2011/09/29 18:50:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/09/28 17:37:06 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2011/09/28 17:37:04 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2011/09/28 17:36:19 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2011/09/28 17:36:15 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2011/09/28 17:35:43 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2011/09/28 17:35:40 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2011/09/28 17:35:26 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2011/09/28 17:35:08 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2011/09/28 17:34:50 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2011/09/28 17:34:48 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2011/09/28 17:34:45 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2011/09/28 17:34:39 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2011/09/28 17:34:35 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2011/09/28 17:34:30 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2011/09/28 17:34:27 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2011/09/28 17:34:11 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2011/09/28 17:34:00 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2011/09/28 17:33:57 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2011/09/28 17:33:55 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2011/09/28 17:33:47 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2011/09/28 17:33:29 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2011/09/28 17:33:19 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2011/09/28 17:33:16 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2011/09/28 17:33:00 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2011/09/28 17:32:57 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2011/09/28 17:32:55 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2011/09/28 17:32:52 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2011/09/28 17:32:50 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2011/09/28 17:32:48 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2011/09/28 17:32:23 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2011/09/28 17:32:17 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2011/09/28 17:32:15 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2011/09/28 17:32:14 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2011/09/28 17:32:10 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2011/09/28 17:32:08 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2011/09/28 17:31:53 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2011/09/28 17:31:51 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2011/09/28 17:31:14 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2011/09/28 17:31:12 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2011/09/28 17:31:10 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2011/09/28 17:31:06 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2011/09/28 17:30:58 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2011/09/28 17:30:38 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2011/09/28 17:30:12 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2011/09/28 17:30:09 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2011/09/28 17:30:06 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2011/09/28 17:30:04 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2011/09/28 17:30:02 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2011/09/28 17:29:39 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2011/09/28 17:29:37 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2011/09/28 17:29:34 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2011/09/28 17:29:29 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2011/09/28 17:29:03 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2011/09/28 17:29:01 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2011/09/28 17:28:59 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2011/09/28 17:28:56 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2011/09/28 17:28:35 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2011/09/28 17:28:29 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2011/09/28 17:28:27 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2011/09/28 17:28:15 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2011/09/28 17:28:13 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2011/09/28 17:28:10 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2011/09/28 17:28:08 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2011/09/28 17:28:06 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2011/09/28 17:28:04 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2011/09/28 17:28:02 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2011/09/28 17:28:00 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2011/09/28 17:27:58 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2011/09/28 17:27:52 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2011/09/28 17:27:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2011/09/28 17:27:48 | 000,029,696 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2011/09/28 17:27:48 | 000,027,648 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2011/09/28 17:27:34 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2011/09/28 17:27:27 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2011/09/28 17:27:24 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2011/09/28 17:27:19 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2011/09/28 17:26:58 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2011/09/28 17:26:56 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2011/09/28 17:26:30 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2011/09/28 17:26:28 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2011/09/28 17:26:26 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2011/09/28 17:26:18 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2011/09/28 17:25:30 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2011/09/28 17:25:22 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2011/09/28 17:25:21 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2011/09/28 17:25:19 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2011/09/28 17:24:47 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2011/09/28 17:24:45 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2011/09/28 17:24:43 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2011/09/28 17:24:40 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2011/09/28 17:24:12 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2011/09/28 17:23:58 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2011/09/28 17:23:56 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2011/09/28 17:23:51 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2011/09/28 17:23:39 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2011/09/28 17:23:37 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2011/09/28 17:23:27 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2011/09/28 17:23:25 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2011/09/28 17:23:24 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2011/09/28 17:23:22 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2011/09/28 17:23:20 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2011/09/28 17:23:18 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2011/09/28 17:23:12 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2011/09/28 17:23:10 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2011/09/28 17:23:08 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2011/09/28 17:23:06 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2011/09/28 17:23:04 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2011/09/28 17:22:02 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2011/09/28 17:21:22 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2011/09/28 17:21:04 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2011/09/28 17:21:02 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2011/09/28 17:21:01 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2011/09/28 17:20:59 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2011/09/28 17:20:59 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2011/09/28 17:20:57 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2011/09/28 17:20:49 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2011/09/28 17:20:47 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2011/09/28 17:20:45 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2011/09/28 17:20:43 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2011/09/28 17:20:39 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2011/09/28 17:20:37 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2011/09/28 17:19:28 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2011/09/28 17:18:33 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2011/09/28 17:17:04 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2011/09/28 17:16:57 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2011/09/28 17:16:32 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2011/09/28 17:16:31 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2011/09/28 17:16:28 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2011/09/28 17:16:16 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2011/09/28 17:16:01 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2011/09/28 17:15:59 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2011/09/28 17:15:53 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2011/09/28 17:15:52 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2011/09/28 17:15:50 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2011/09/28 17:15:48 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2011/09/28 17:15:33 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2011/09/28 17:15:30 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2011/09/28 17:15:29 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2011/09/28 17:14:18 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2011/09/28 17:14:08 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2011/09/28 17:13:52 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2011/09/28 17:13:51 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2011/09/28 17:13:50 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2011/09/28 17:13:47 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2011/09/28 17:13:46 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2011/09/28 17:13:46 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2011/09/28 17:13:45 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2011/09/28 17:13:41 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2011/09/28 17:13:24 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2011/09/28 17:13:24 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2011/09/28 17:13:20 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2011/09/28 17:12:59 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2011/09/28 17:12:58 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2011/09/28 17:12:58 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2011/09/28 17:12:57 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2011/09/28 17:12:56 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2011/09/28 17:12:56 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2011/09/28 17:12:55 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2011/09/28 17:12:53 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2011/09/28 17:12:46 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2011/09/28 17:12:25 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2011/09/28 17:12:17 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2011/09/28 17:12:06 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2011/09/28 17:12:05 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2011/09/28 17:12:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2011/09/28 17:12:05 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2011/09/28 17:12:04 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2011/09/28 17:12:01 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2011/09/28 17:12:00 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2011/09/28 17:12:00 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2011/09/28 17:11:59 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2011/09/28 17:11:58 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2011/09/28 17:11:57 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2011/09/28 17:11:06 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2011/09/28 17:11:06 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2011/09/28 17:11:05 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2011/09/28 17:11:05 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2011/09/28 17:11:05 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2011/09/28 17:11:04 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2011/09/28 17:11:04 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2011/09/28 17:11:03 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2011/09/28 17:11:02 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2011/09/28 17:11:01 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2011/09/28 17:11:01 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2011/09/28 17:11:00 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2011/09/28 17:11:00 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2011/09/28 17:10:59 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2011/09/28 17:10:59 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2011/09/28 17:10:59 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2011/09/28 17:10:58 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2011/09/28 17:10:58 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2011/09/28 17:10:52 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2011/09/28 17:10:49 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2011/09/28 17:10:49 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2011/09/28 17:10:48 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2011/09/28 17:10:48 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2011/09/28 17:10:47 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2011/09/28 17:10:46 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2011/09/28 17:10:46 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2011/09/28 17:10:10 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2011/09/28 17:10:04 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2011/09/28 17:09:45 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2011/09/28 17:09:43 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2011/09/28 17:09:43 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2011/09/28 17:09:43 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2011/09/28 17:09:42 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2011/09/28 17:09:40 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2011/09/28 17:09:37 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2011/09/28 17:09:37 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2011/09/28 17:09:35 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2011/09/28 17:09:35 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2011/09/28 17:09:35 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2011/09/28 14:58:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\Desktop\vcredist
[2011/09/25 08:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\Desktop\xbox
[2011/09/25 08:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\Desktop\unemplconfir
[2011/09/24 16:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\My Documents\Deusdictum
[2011/09/24 16:59:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\My Documents\Turbine
[2011/09/24 10:06:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\Desktop\WhiteHandofSaruman
[2011/09/20 08:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\ts3overlay
[2011/09/19 13:00:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Anthony W. Schafer\Desktop\awana
[2011/09/09 08:32:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ZoneAlarm
[2011/09/09 08:32:35 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\kl1.sys
[2011/09/09 08:32:31 | 000,317,072 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2011/09/09 08:32:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/09/09 08:32:02 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/09/09 08:31:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/09/09 08:14:17 | 000,000,000 | ---D | C] -- C:\Program Files\zonealarm_extreme_security
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/08 15:31:50 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Anthony W. Schafer\Desktop\OTL.exe
[2011/10/08 15:21:30 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{55CC7F74-8CB5-41A5-8892-E6B947D11D0B}.job
[2011/10/08 15:01:15 | 000,013,748 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/10/08 14:58:08 | 000,000,144 | ---- | M] () -- C:\WINDOWS\System32\pdfl.dat
[2011/10/08 14:51:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/10/08 14:51:27 | 000,055,160 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/10/08 14:51:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/10/08 12:52:26 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/10/07 14:48:38 | 000,001,866 | ---- | M] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\The Lord of the Rings Online.lnk
[2011/10/06 22:44:58 | 002,376,560 | ---- | M] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\lotrohigh.exe
[2011/10/06 15:05:25 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/09/30 06:37:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/09/24 10:06:23 | 005,124,892 | ---- | M] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\WhiteHandofSaruman.zip
[2011/09/21 09:13:01 | 000,033,314 | ---- | M] () -- C:\Documents and Settings\Anthony W. Schafer\My Documents\ts3_clientui-win32-15001-2011-09-21 09_13_01.843750.dmp
[2011/09/14 10:51:22 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Adobe Reader 9.lnk
[2011/09/14 10:15:40 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/09/12 11:01:07 | 000,000,123 | ---- | M] () -- C:\Documents and Settings\Anthony W. Schafer\Application Data\default.pls
[2011/09/09 08:33:18 | 000,425,725 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/09/09 08:32:37 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\ZoneAlarm Security.lnk
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/07 14:48:38 | 000,001,866 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\The Lord of the Rings Online.lnk
[2011/10/06 22:44:50 | 002,376,560 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\lotrohigh.exe
[2011/09/28 17:37:04 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2011/09/28 17:37:01 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2011/09/28 17:26:23 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2011/09/28 17:26:20 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2011/09/28 17:22:13 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2011/09/28 17:17:02 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2011/09/28 17:16:59 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2011/09/28 17:16:56 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2011/09/28 17:16:53 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2011/09/28 17:16:50 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2011/09/28 17:13:49 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2011/09/28 17:13:48 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2011/09/28 17:13:48 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2011/09/28 17:10:31 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2011/09/28 17:10:30 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2011/09/28 17:10:30 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2011/09/28 17:10:28 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2011/09/28 17:10:28 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2011/09/28 17:10:27 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2011/09/28 17:10:27 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2011/09/28 17:10:27 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2011/09/28 17:10:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2011/09/28 17:10:20 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2011/09/24 10:06:05 | 005,124,892 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\WhiteHandofSaruman.zip
[2011/09/21 09:13:01 | 000,033,314 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\My Documents\ts3_clientui-win32-15001-2011-09-21 09_13_01.843750.dmp
[2011/09/09 08:32:37 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/09/09 08:32:37 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Desktop\ZoneAlarm Security.lnk
[2011/09/09 08:32:03 | 000,425,725 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/06/20 08:02:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI
[2011/06/09 18:03:27 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 07:35:55 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Application Data\default.pls
[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2010/10/25 21:11:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/25 20:45:04 | 000,000,141 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Local Settings\Application Data\fusioncache.dat
[2010/10/25 19:39:11 | 000,001,848 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Application Data\ImperatorProfile0.dat
[2010/10/25 19:39:11 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Application Data\ImperatorProfile1.dat
[2010/10/25 19:39:11 | 000,001,824 | ---- | C] () -- C:\Documents and Settings\Anthony W. Schafer\Application Data\ImperatorProfile2.dat
[2010/10/25 19:19:02 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/10/24 23:12:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2010/10/24 23:08:19 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\pdfl.dat
[2010/10/24 23:08:19 | 000,000,144 | ---- | C] () -- C:\WINDOWS\System32\lkfl.dat
[2010/10/24 23:08:19 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\ibfl.dat
[2010/10/24 22:58:31 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010/10/24 22:55:41 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2010/10/24 22:39:07 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/10/24 22:39:07 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/10/24 22:38:55 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/10/24 22:38:55 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/10/24 22:38:52 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/10/24 22:31:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/10/24 22:25:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/10/24 17:15:31 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/10/24 17:14:13 | 000,118,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/07/27 03:03:20 | 010,898,456 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2010/07/27 03:03:20 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2010/07/27 03:03:18 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/15 15:04:38 | 000,104,520 | ---- | C] () -- C:\WINDOWS\System32\OSD.dll
[2008/07/31 22:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2008/07/31 22:59:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2008/07/31 22:59:05 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2008/07/30 12:00:51 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\atibrtmon.exe
[2008/06/23 08:47:40 | 000,176,918 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/14 07:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 07:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll
[2008/04/14 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 07:00:00 | 000,562,466 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 07:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll
[2008/04/14 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 07:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll
[2008/04/14 07:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll
[2008/04/14 07:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll
[2008/04/14 07:00:00 | 000,106,772 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 07:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe

========== LOP Check ==========

[2011/06/23 20:33:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\CheckPoint
[2010/10/24 23:51:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky SDK
[2010/10/28 13:08:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\LightScribe
[2011/10/06 22:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\PMB Files
[2010/10/27 12:42:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Razer
[2011/09/09 07:11:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\CheckPoint
[2011/09/28 14:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\ElevatedDiagnostics
[2010/10/25 19:20:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\Leadertech
[2011/02/07 19:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\MailFrontier
[2010/10/29 11:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\OpenOffice.org
[2010/10/27 13:54:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\Razer
[2011/09/20 08:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\TS3Client
[2011/09/20 08:30:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\ts3overlay
[2011/04/16 20:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\Unity
[2010/10/25 01:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\Windows Desktop Search
[2010/10/27 12:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Anthony W. Schafer\Application Data\Windows Search
[2011/10/08 15:21:30 | 000,000,448 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{55CC7F74-8CB5-41A5-8892-E6B947D11D0B}.job

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
RKinner
Posted 09 October 2011 - 08:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Is there a reason you are running IIS?

If not turn it off: http://support.micro...kb;en-us;321141

Did you get an Extras log when you ran OTL if so please post if not:
Run OTL

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste the Extras log.

I don't see any obvious malware but let's run a few scans:


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Let's see if we can figure out what is slowing you down:

Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Ron
  • 0

#3
schaferschloss
Posted 09 October 2011 - 11:59 AM

schaferschloss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Also I notice when my internet is not working the computer does this slow boot up too, but it seems like when the internet is working it happens less often. Sorry I forgot the other Log....

OTL Extras logfile created on: 10/8/2011 3:31:54 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Anthony W. Schafer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.34 Gb Available Physical Memory | 72.13% Memory free
5.08 Gb Paging File | 4.14 Gb Available in Paging File | 81.39% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 596.16 Gb Total Space | 502.05 Gb Free Space | 84.21% Space Free | Partition Type: NTFS

Computer Name: ANTHONY-5F8DF99 | User Name: Anthony W. Schafer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57772:TCP" = 57772:TCP:*:Enabled:Pando Media Booster
"57772:UDP" = 57772:UDP:*:Enabled:Pando Media Booster
"56962:TCP" = 56962:TCP:*:Enabled:Pando Media Booster
"56962:UDP" = 56962:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57772:TCP" = 57772:TCP:*:Enabled:Pando Media Booster
"57772:UDP" = 57772:UDP:*:Enabled:Pando Media Booster
"56962:TCP" = 56962:TCP:*:Enabled:Pando Media Booster
"56962:UDP" = 56962:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service -- (Check Point Software Technologies LTD)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22F358CE-610B-A033-0D36-4FADA6E8F67A}" = Skins
"{24F2E03B-ACF2-42FB-8A2A-5F015ACBDD16}" = FOX ONE
"{255F566C-3F57-15AD-2CA5-E7EA41F9904F}" = Catalyst Control Center Graphics Full Existing
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java™ 6 Update 20
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 26
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DBBE5D1-AE9E-4B8B-9CD1-18740CE71033}" = Nero 8 Essentials
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4287A29F-EA4C-24E4-4AAE-3E6CDC9C965A}" = CCC Help English
"{43523FEF-9D8E-4572-BB11-0E914D366E0A}" = LightScribe Template Labeler
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FEEDAA3-0D0C-7584-63F2-0F216D3426C9}" = ccc-core-preinstall
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{61F25370-7465-4404-BE28-4629BF808699}" = LightScribe Applications
"{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
"{652F3200-5E12-4CAD-BA2E-88EFE0113BCD}" = AMD OverDrive
"{6854A2CA-361F-4DD9-A8D8-C229E5EF4654}" = FOX DMI
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7EC9E7A1-A576-43C8-9CBB-31BD5625EBCA}" = FOX LiveUpdate
"{80AE66E6-E9FA-0CAC-C9F1-4E5A144886F0}" = Catalyst Control Center Graphics Full New
"{80CCA55B-FCA8-47E2-9BFE-A24CDEE51033}" = SecurDisc Viewer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D6EC7D6-E71D-8743-1396-591F4195F347}" = Catalyst Control Center Graphics Light
"{8FD697DD-C94F-22BE-6EFD-AA4CA7CF2B33}" = ccc-core-static
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AE667894-44ED-4CF9-98B0-C875150E4A27}" = FOX LOGO
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B38C3184-F573-CDC2-9452-FA9C576AB010}" = ccc-utility
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{BE7E6C3D-A42B-4BA3-9767-124EB8ED27E3}" = LightScribe System Software
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D9292112-253F-438D-B1AB-432E5A1FE1B5}" = Razer Imperator Firmware Updater
"{DB6901C6-E8B7-F5F0-F0C6-9028AFCD5A74}" = Catalyst Control Center Graphics Previews Common
"{E068CD0F-E631-17E7-9A01-05C2B2B54C84}" = Catalyst Control Center Core Implementation
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EC07DA92-5054-4F0F-AA63-6B50441AF45B}" = LightScribe Diagnostic Utility
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA3A247D-437A-455E-A88F-7EB6E5F9E799}" = Catalyst Control Center - Branding
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = The Lord of the Rings Online™ v03.03.05.8039
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"e01f4d10-f2d0-11dd-ba2f-0800200c9a66_is1" = The Lord of the Rings Online™: Siege of Mirkwood™ v03.02.00.185
"ie8" = Windows Internet Explorer 8
"Logitech Vid" = Logitech Vid HD
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PC Tune-Up" = PC Tune-Up
"Picasa 3" = Picasa 3
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm Extreme Security" = ZoneAlarm Extreme Security

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"UnityWebPlayer" = Unity Web Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/6/2011 10:20:17 PM | Computer Name = ANTHONY-5F8DF99 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ANTHONY W. SCHAFER\MY DOCUMENTS\THE
LORD OF THE RINGS ONLINE\ZIPFILES\TRAVELWINDOW-8.2\DHORPLUGINS\UTILS\BITOPS.LUA>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/6/2011 10:20:18 PM | Computer Name = ANTHONY-5F8DF99 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ANTHONY W. SCHAFER\MY DOCUMENTS\THE
LORD OF THE RINGS ONLINE\ZIPFILES\TRAVELWINDOW-8.2\DHORPLUGINS\TRAVEL> in the hash
map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)

Error - 10/6/2011 10:20:18 PM | Computer Name = ANTHONY-5F8DF99 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ANTHONY W. SCHAFER\MY DOCUMENTS\THE
LORD OF THE RINGS ONLINE\ZIPFILES\TRAVELWINDOW-8.2\DHORPLUGINS\TRAVEL> in the hash
map cannot be updated. Context: Application, SystemIndex Catalog Details: A device
attached to the system is not functioning. (0x8007001f)

Error - 10/6/2011 10:20:18 PM | Computer Name = ANTHONY-5F8DF99 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ANTHONY W. SCHAFER\MY DOCUMENTS\THE
LORD OF THE RINGS ONLINE\ZIPFILES\TRAVELWINDOW-8.2\DHORPLUGINS\TRAVEL\ORENDARUIMODS>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/6/2011 10:20:18 PM | Computer Name = ANTHONY-5F8DF99 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ANTHONY W. SCHAFER\MY DOCUMENTS\THE
LORD OF THE RINGS ONLINE\ZIPFILES\TRAVELWINDOW-8.2\DHORPLUGINS\TRAVEL\ORENDARUIMODS>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/6/2011 10:20:18 PM | Computer Name = ANTHONY-5F8DF99 | Source = Windows Search Service | ID = 3013
Description = The entry <C:\DOCUMENTS AND SETTINGS\ANTHONY W. SCHAFER\MY DOCUMENTS\THE
LORD OF THE RINGS ONLINE\ZIPFILES\TRAVELWINDOW-8.2\DHORPLUGINS\TRAVEL\ORENDARUIMODS\LABEL.LUA>
in the hash map cannot be updated. Context: Application, SystemIndex Catalog Details:
A
device attached to the system is not functioning. (0x8007001f)

Error - 10/6/2011 10:56:52 PM | Computer Name = ANTHONY-5F8DF99 | Source = Application Error | ID = 1000
Description = Faulting application lotroclient.exe, version 3.4.3.8026, faulting
module lotroclient.exe, version 3.4.3.8026, fault address 0x000df2f4.

Error - 10/6/2011 10:56:54 PM | Computer Name = ANTHONY-5F8DF99 | Source = Application Error | ID = 1001
Description = Fault bucket -1670237793.

Error - 10/7/2011 10:51:25 PM | Computer Name = ANTHONY-5F8DF99 | Source = Application Error | ID = 1000
Description = Faulting application lotroclient.exe, version 3.4.3.8026, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0003d053.

Error - 10/7/2011 10:51:27 PM | Computer Name = ANTHONY-5F8DF99 | Source = Application Error | ID = 1001
Description = Fault bucket -1670085160.

[ System Events ]
Error - 10/6/2011 11:42:02 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 10/7/2011 9:11:38 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 10/8/2011 9:43:08 AM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 10/8/2011 1:30:43 PM | Computer Name = ANTHONY-5F8DF99 | Source = Serial | ID = 393252
Description = While validating that \Device\Serial1 was really a serial port, the
contents of the divisor latch register was identical to the interrupt enable and
the receive registers. The device is assumed not to be a serial port and will be
deleted.

Error - 10/8/2011 1:31:07 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 10/8/2011 1:37:02 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 10/8/2011 3:55:44 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7000
Description = The Process Monitor service failed to start due to the following error:
%%2

Error - 10/8/2011 3:55:49 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Windows Live ID Sign-in
Assistant service to connect.

Error - 10/8/2011 3:55:49 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7000
Description = The Windows Live ID Sign-in Assistant service failed to start due
to the following error: %%1053

Error - 10/8/2011 4:15:08 PM | Computer Name = ANTHONY-5F8DF99 | Source = Service Control Manager | ID = 7034
Description = The TrueVector Internet Monitor service terminated unexpectedly.
It has done this 1 time(s).


< End of report >
I will run the scans and get back to you...

Thank you,
Tony
  • 0

#4
schaferschloss
Posted 09 October 2011 - 02:40 PM

schaferschloss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron,
here are the logs in order from your post.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7909

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

10/9/2011 1:55:02 PM
mbam-log-2011-10-09 (13-55-02).txt

Scan type: Quick scan
Objects scanned: 274178
Time elapsed: 30 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\documents and settings\all users\AVP 2009 (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

ComboFix 11-10-09.01 - Anthony W. Schafer 10/09/2011 14:15:50.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2452 [GMT -5:00]
Running from: c:\documents and settings\Anthony W. Schafer\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\d3d9caps.dat
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 18:20 . 2011-10-09 18:20 -------- d-----w- c:\documents and settings\Anthony W. Schafer\Application Data\Malwarebytes
2011-10-09 18:20 . 2011-10-09 18:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-10-09 18:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 18:20 . 2011-10-09 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-28 22:37 . 2008-04-14 10:42 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2011-09-28 22:37 . 2008-04-14 10:42 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2011-09-28 22:37 . 2001-08-18 03:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2011-09-28 22:37 . 2001-08-18 03:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2011-09-28 22:36 . 2001-08-18 03:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2011-09-28 22:36 . 2001-08-18 03:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2011-09-28 22:36 . 2001-08-17 17:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2011-09-28 22:36 . 2008-04-14 03:04 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2011-09-28 22:36 . 2008-04-14 03:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2011-09-28 22:34 . 2008-04-14 03:04 29311 -c--a-w- c:\windows\system32\dllcache\watv01nt.sys
2011-09-28 22:33 . 2001-08-17 18:28 793598 -c--a-w- c:\windows\system32\dllcache\usr1806.sys
2011-09-28 22:32 . 2001-08-18 03:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2011-09-28 22:31 . 2001-08-17 18:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2011-09-28 22:30 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-09-28 22:29 . 2008-04-14 05:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-09-28 22:28 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-09-28 22:27 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-09-28 22:26 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-09-28 22:25 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-09-28 22:24 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-09-28 22:23 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-09-28 22:22 . 2008-04-14 10:42 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2011-09-28 22:22 . 2008-04-14 04:53 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2011-09-28 22:22 . 2008-04-14 04:53 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2011-09-28 22:22 . 2008-04-14 05:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-09-28 22:22 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-09-28 22:22 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-09-28 22:22 . 2008-04-14 05:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-09-28 22:22 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-09-28 22:22 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-09-28 22:22 . 2008-04-14 05:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-09-28 22:22 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-09-28 22:20 . 2008-04-14 04:53 606684 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2011-09-28 22:19 . 2008-04-14 10:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-09-28 22:19 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-09-28 22:19 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-09-28 22:19 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-09-28 22:19 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-09-28 22:19 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-09-28 22:19 . 2008-04-14 05:15 46592 -c--a-w- c:\windows\system32\dllcache\irbus.sys
2011-09-28 22:19 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-09-28 22:19 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-09-28 22:19 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-09-28 22:19 . 2008-04-14 05:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-09-28 22:19 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-09-28 22:19 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-09-28 22:17 . 2008-04-14 04:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2011-09-28 22:16 . 2001-08-18 03:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-09-28 22:15 . 2001-08-17 17:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2011-09-28 22:14 . 2001-08-18 03:36 51200 -c--a-w- c:\windows\system32\dllcache\eqnlogr.exe
2011-09-28 22:13 . 2008-04-14 05:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2011-09-28 22:12 . 2008-04-14 03:06 48640 -c--a-w- c:\windows\system32\dllcache\cwrwdm.sys
2011-09-28 22:11 . 2001-08-17 17:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2011-09-28 22:10 . 2001-08-18 03:36 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll
2011-09-28 22:09 . 2008-04-14 05:06 44928 -c--a-w- c:\windows\system32\dllcache\agpcpq.sys
2011-09-28 22:08 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-09-20 13:12 . 2011-09-20 13:30 -------- d-----w- c:\documents and settings\Anthony W. Schafer\Application Data\ts3overlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 12:16 . 2011-06-21 14:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-20 12:46 . 2011-05-17 12:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-19 14:26 . 2010-10-26 00:19 545056 ----a-w- c:\windows\system32\LVUI2.dll
2011-08-19 14:26 . 2010-10-26 00:19 540960 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-08-19 14:26 . 2010-10-26 00:19 4334624 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-08-19 14:26 . 2011-08-19 14:26 196896 ----a-w- c:\windows\system32\lvci13301394.dll
2011-08-19 14:26 . 2010-10-26 00:19 307488 ----a-w- c:\windows\system32\lvcodec2.dll
2011-08-19 14:26 . 2010-10-26 00:19 315808 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-08-19 14:26 . 2010-07-27 08:03 10898456 ----a-w- c:\windows\system32\LogiDPP.dll
2011-08-19 14:26 . 2010-07-27 08:03 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-08-19 14:26 . 2010-07-27 08:03 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-08-03 14:15 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-03 14:15 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-26 11:49 . 2010-10-26 00:19 38958 ----a-w- c:\windows\system32\Repository.reg
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-07 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Razer Imperator Driver"="c:\program files\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2010-04-13 238592]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\Anthony W Schafer\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-03-02 04:14 190808 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 20:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57772:TCP"= 57772:TCP:Pando Media Booster
"57772:UDP"= 57772:UDP:Pando Media Booster
"56962:TCP"= 56962:TCP:Pando Media Booster
"56962:UDP"= 56962:UDP:Pando Media Booster
.
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/27/2010 4:33 AM 26352]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/27/2010 4:34 AM 493032]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2011 1:20 PM 366152]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [8/27/2010 4:33 AM 35568]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [10/25/2010 7:32 AM 16896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2011 1:20 PM 22216]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [10/27/2010 12:41 PM 5760]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [7/1/2010 4:45 AM 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 __FOX__FOXONE_DRIVER__;__FOX__FOXONE_DRIVER__;\??\c:\docume~1\ANTHON~1.SCH\LOCALS~1\Temp\FoxDriver.sys --> c:\docume~1\ANTHON~1.SCH\LOCALS~1\Temp\FoxDriver.sys [?]
S3 FXDrv32;FXDrv32;c:\progra~1\FOXCONN\FOXLIV~1\FXDrv32.sys [6/11/2009 6:11 PM 23872]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/14/2008 7:00 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - IPFILTERDRIVER
*NewlyCreated* - MBAMPROTECTOR
*NewlyCreated* - MBAMSERVICE
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{55CC7F74-8CB5-41A5-8892-E6B947D11D0B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 14:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'lsass.exe'(868)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'csrss.exe'(772)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
Completion time: 2011-10-09 14:27:48
ComboFix-quarantined-files.txt 2011-10-09 19:27
.
Pre-Run: 536,981,319,680 bytes free
Post-Run: 543,653,056,512 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 993051747081DB8E8D6D9AAD59DE4BCA

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 95.70 0 K 28 K
ISWSVC.exe 580 1.56 6,836 K 9,056 K ZoneAlarm ForceField Check Point Software Technologies
jqs.exe 1120 1.17 4,092 K 1,424 K Java™ Quick Starter Service Sun Microsystems, Inc.
lsass.exe 868 0.78 5,740 K 1,768 K LSA Shell (Export Version) Microsoft Corporation
System 4 0.39 0 K 312 K
procexp.exe 128 0.39 10,740 K 16,016 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
zlclient.exe 4540 21,544 K 2,708 K ZoneAlarm Client Check Point Software Technologies LTD
YahooAUService.exe 2844 5,372 K 8,612 K AutoUpater Service Module Yahoo! Inc.
wmiprvse.exe 5332 4,040 K 6,524 K WMI Microsoft Corporation
WLIDSVCM.EXE 3492 2,364 K 3,740 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
WLIDSVC.EXE 2152 6,792 K 10,896 K Microsoft® Windows Live ID Service Microsoft Corporation
winlogon.exe 812 9,076 K 8,088 K Windows NT Logon Application Microsoft Corporation
vsmon.exe 4900 96,140 K 32,692 K TrueVector Service Check Point Software Technologies LTD
UMVPFSrv.exe 1092 2,264 K 3,504 K Logitech User mode UMVPF service Logitech Inc.
svchost.exe 1068 3,644 K 6,256 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1144 3,624 K 6,124 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1240 23,652 K 37,008 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1392 3,476 K 5,668 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1432 6,880 K 8,500 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1228 3,444 K 5,740 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2100 3,308 K 6,120 K Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 2160 3,400 K 5,032 K Generic Host Process for Win32 Services Microsoft Corporation
spoolsv.exe 684 3,972 K 6,768 K Spooler SubSystem App Microsoft Corporation
snmp.exe 940 3,204 K 5,524 K SNMP Service Microsoft Corporation
smss.exe 704 176 K 440 K Windows NT Session Manager Microsoft Corporation
services.exe 856 3,628 K 6,256 K Services and Controller app Microsoft Corporation
searchindexer.exe 2400 22,764 K 27,104 K Microsoft Windows Search Indexer Microsoft Corporation
RTHDCPL.EXE 2740 27,472 K 23,548 K Realtek HD Audio Control Panel Realtek Semiconductor Corp.
razertra.exe 1628 3,236 K 5,244 K razertra MFC Application
RazerImperatorTray.exe 2864 5,108 K 8,168 K Razer Imperator Configuration Utility Razer USA Ltd
razerhid.exe 2856 3,544 K 6,760 K razerhid MFC Application Razer USA Ltd.
PMB.exe 3860 83,960 K 62,824 K Pando Media Booster
msdtc.exe 1372 3,688 K 6,744 K MS DTC console program Microsoft Corporation
mqtgsvc.exe 3368 3,116 K 5,464 K Windows NT MSMQ Trigger Service Microsoft Corporation
mqsvc.exe 2912 3,896 K 7,672 K Message Queuing Service Microsoft Corporation
MOM.exe 508 28,056 K 3,348 K Catalyst Control Center: Monitoring program Advanced Micro Devices Inc.
mbamservice.exe 2804 121,304 K 120,396 K Malwarebytes' Anti-Malware Malwarebytes Corporation
mantispm.exe 3252 7,064 K 9,788 K Spam Filter SonicWALL, Inc.
LSSrvc.exe 1704 2,388 K 3,908 K LightScribe Service Hewlett-Packard Company
IoctlSvc.exe 1264 2,160 K 3,300 K PLFlash DeviceIoControl Service Prolific Technology Inc.
inetinfo.exe 720 6,736 K 11,460 K Internet Information Services Microsoft Corporation
iexplore.exe 4752 15,144 K 4,172 K Internet Explorer Microsoft Corporation
iexplore.exe 3896 57,348 K 68,596 K Internet Explorer Microsoft Corporation
ForceField.exe 2712 22,524 K 6,516 K ZoneAlarm ForceField Check Point Software Technologies
explorer.exe 5244 40,720 K 59,576 K Windows Explorer Microsoft Corporation
csrss.exe 772 2,016 K 5,252 K Client Server Runtime Process Microsoft Corporation
cisvc.exe 5976 5,628 K 512 K Content Index service Microsoft Corporation
cidaemon.exe 3212 5,680 K 1,552 K Indexing Service filter daemon Microsoft Corporation
cidaemon.exe 5884 2,968 K 1,232 K Indexing Service filter daemon Microsoft Corporation
CCC.exe 3620 41,428 K 4,756 K Catalyst Control Centre: Host application ATI Technologies Inc.
ati2evxx.exe 1048 2,512 K 4,552 K ATI External Event Utility EXE Module ATI Technologies Inc.
ati2evxx.exe 1596 2,724 K 5,056 K ATI External Event Utility EXE Module ATI Technologies Inc.
alg.exe 3924 2,920 K 5,304 K Application Layer Gateway Service Microsoft Corporation

Attached Files


  • 0

#5
RKinner
Posted 09 October 2011 - 03:44 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download and save the norton removal tool
ftp://ftp.symantec.com/public/english_us_canada/removal_tools/Norton_Removal_Tool.exe
Run the Norton Removal tool.

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

DirLook::
C:\Program Files\Common
%user%\library

File::
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
c:\windows\pss\Windows Search.lnkCommon Startup

Driver::
__FOX__FOXONE_DRIVER__
nosGetPlusHelper
FXDrv32

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"nosGetPlusHelper"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#6
schaferschloss
Posted 09 October 2011 - 09:20 PM

schaferschloss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
ComboFix 11-10-09.01 - Anthony W. Schafer 10/09/2011 18:44:36.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2733 [GMT -5:00]
Running from: c:\documents and settings\Anthony W. Schafer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anthony W. Schafer\Desktop\CFScript.txt
FW: ZoneAlarm Extreme Security Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
FILE ::
"c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk"
"c:\windows\pss\Windows Search.lnkCommon Startup"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_FXDRV32
-------\Legacy_NOSGETPLUSHELPER
-------\Legacy___FOX__FOXONE_DRIVER__
-------\Service___FOX__FOXONE_DRIVER__
-------\Service_FXDrv32
-------\Service_nosGetPlusHelper
.
.
((((((((((((((((((((((((( Files Created from 2011-09-09 to 2011-10-09 )))))))))))))))))))))))))))))))
.
.
2011-10-09 22:12 . 2011-10-09 22:12 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Adobe
2011-10-09 20:25 . 2011-10-09 20:25 -------- d-----w- c:\program files\Speccy
2011-10-09 20:14 . 2011-10-09 20:46 -------- d-----w- c:\program files\FileHippo.com
2011-10-09 18:20 . 2011-10-09 18:20 -------- d-----w- c:\documents and settings\Anthony W. Schafer\Application Data\Malwarebytes
2011-10-09 18:20 . 2011-10-09 18:20 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-10-09 18:20 . 2011-08-31 22:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-09 18:20 . 2011-10-09 18:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-09-28 22:32 . 2001-08-17 19:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2011-09-28 22:32 . 2001-08-17 17:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2011-09-28 22:32 . 2001-08-17 17:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2011-09-28 22:32 . 2001-08-17 17:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2011-09-28 22:32 . 2001-08-17 19:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2011-09-28 22:32 . 2008-04-14 05:10 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2011-09-28 22:32 . 2001-08-17 17:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2011-09-28 22:32 . 2001-08-17 17:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2011-09-28 22:32 . 2001-08-17 18:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2011-09-28 22:30 . 2001-08-17 17:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2011-09-28 22:29 . 2008-04-14 05:06 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2011-09-28 22:28 . 2001-08-17 17:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2011-09-28 22:27 . 2001-08-17 17:50 166720 -c--a-w- c:\windows\system32\dllcache\s3m.sys
2011-09-28 22:26 . 2001-08-17 18:28 714762 -c--a-w- c:\windows\system32\dllcache\r2mdmkxx.sys
2011-09-28 22:25 . 2001-08-18 03:36 121344 -c--a-w- c:\windows\system32\dllcache\phvfwext.dll
2011-09-28 22:24 . 2001-08-17 19:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2011-09-28 22:23 . 2001-08-17 17:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2011-09-28 22:22 . 2008-04-14 10:42 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2011-09-28 22:22 . 2008-04-14 04:53 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2011-09-28 22:22 . 2008-04-14 04:53 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2011-09-28 22:22 . 2008-04-14 05:16 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2011-09-28 22:22 . 2001-08-17 18:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2011-09-28 22:22 . 2001-08-17 19:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2011-09-28 22:22 . 2008-04-14 05:24 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2011-09-28 22:22 . 2001-08-17 19:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2011-09-28 22:22 . 2001-08-17 18:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2011-09-28 22:22 . 2008-04-14 05:16 51200 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2011-09-28 22:22 . 2001-08-17 18:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2011-09-28 22:20 . 2008-04-14 04:53 606684 -c--a-w- c:\windows\system32\dllcache\ltmdmnt.sys
2011-09-28 22:19 . 2008-04-14 10:39 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2011-09-28 22:19 . 2001-08-17 19:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2011-09-28 22:19 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2011-09-28 22:19 . 2001-08-17 19:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2011-09-28 22:19 . 2001-08-17 18:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2011-09-28 22:19 . 2001-08-17 18:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2011-09-28 22:19 . 2008-04-14 05:15 46592 -c--a-w- c:\windows\system32\dllcache\irbus.sys
2011-09-28 22:19 . 2001-08-17 17:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2011-09-28 22:19 . 2001-08-18 03:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2011-09-28 22:19 . 2001-08-17 18:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2011-09-28 22:19 . 2008-04-14 05:10 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2011-09-28 22:19 . 2001-08-17 18:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2011-09-28 22:19 . 2001-08-17 18:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2011-09-28 22:17 . 2008-04-14 04:53 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2011-09-28 22:16 . 2001-08-18 03:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2011-09-28 22:15 . 2001-08-17 17:15 455680 -c--a-w- c:\windows\system32\dllcache\fus2base.sys
2011-09-28 22:14 . 2001-08-18 03:36 51200 -c--a-w- c:\windows\system32\dllcache\eqnlogr.exe
2011-09-28 22:13 . 2008-04-14 05:10 8320 -c--a-w- c:\windows\system32\dllcache\dlttape.sys
2011-09-28 22:12 . 2008-04-14 03:06 48640 -c--a-w- c:\windows\system32\dllcache\cwrwdm.sys
2011-09-28 22:11 . 2001-08-17 17:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2011-09-28 22:10 . 2001-08-18 03:36 12800 -c--a-w- c:\windows\system32\dllcache\brevif.dll
2011-09-28 22:09 . 2008-04-14 05:06 44928 -c--a-w- c:\windows\system32\dllcache\agpcpq.sys
2011-09-28 22:08 . 2001-08-17 19:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2011-09-20 13:12 . 2011-09-20 13:30 -------- d-----w- c:\documents and settings\Anthony W. Schafer\Application Data\ts3overlay
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-09 12:16 . 2011-06-21 14:33 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2011-09-09 09:12 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-08-20 12:46 . 2011-05-17 12:28 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-19 14:26 . 2010-10-26 00:19 545056 ----a-w- c:\windows\system32\LVUI2.dll
2011-08-19 14:26 . 2010-10-26 00:19 540960 ----a-w- c:\windows\system32\LVUI2RC.dll
2011-08-19 14:26 . 2010-10-26 00:19 4334624 ----a-w- c:\windows\system32\drivers\lvuvc.sys
2011-08-19 14:26 . 2011-08-19 14:26 196896 ----a-w- c:\windows\system32\lvci13301394.dll
2011-08-19 14:26 . 2010-10-26 00:19 307488 ----a-w- c:\windows\system32\lvcodec2.dll
2011-08-19 14:26 . 2010-10-26 00:19 315808 ----a-w- c:\windows\system32\drivers\lvrs.sys
2011-08-19 14:26 . 2010-07-27 08:03 10898456 ----a-w- c:\windows\system32\LogiDPP.dll
2011-08-19 14:26 . 2010-07-27 08:03 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-08-19 14:26 . 2010-07-27 08:03 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-08-03 14:15 . 2009-08-18 16:30 564632 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\wlidui.dll
2011-08-03 14:15 . 2009-08-18 16:24 18328 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-07-26 11:49 . 2010-10-26 00:19 38958 ----a-w- c:\windows\system32\Repository.reg
2011-07-15 13:29 . 2008-04-14 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-09_19.26.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-09 23:53 . 2011-10-09 23:53 16384 c:\windows\Temp\Perflib_Perfdata_954.dat
+ 2011-10-09 23:53 . 2011-10-09 23:53 16384 c:\windows\Temp\Perflib_Perfdata_230.dat
+ 2011-10-09 23:53 . 2011-10-09 23:55 3637 c:\windows\Temp\sdk8\Report\g_objid.dat
+ 2011-10-09 23:53 . 2011-10-09 23:55 5060 c:\windows\Temp\sdk8\Report\g_objdt.dat
+ 2011-10-09 23:53 . 2011-10-09 23:55 2288 c:\windows\Temp\sdk8\Report\g_objbt.dat
- 2011-09-09 13:32 . 2011-10-09 17:57 4212 c:\windows\system32\zllictbl.dat
+ 2011-09-09 13:32 . 2011-10-09 19:58 4212 c:\windows\system32\zllictbl.dat
+ 2011-10-09 23:54 . 2011-10-09 23:54 196608 c:\windows\Temp\sfdb.dat
+ 2011-10-09 23:54 . 2011-10-09 23:54 327680 c:\windows\Temp\iswift.dat
+ 2011-07-13 13:50 . 2011-10-09 23:53 219740 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-07 3077528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-31 16806912]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Razer Imperator Driver"="c:\program files\Razer\Imperator\RazerImperatorTray.exe" [2010-09-07 2787224]
"Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2010-04-13 238592]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-08-29 1039360]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2007-10-04 307200]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
.
c:\documents and settings\Anthony W Schafer\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk - c:\program files\Logitech\Ereg\eReg.exe [2009-11-16 517384]
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2010-5-28 911920]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-09-07 22:58 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2008-06-19 08:20 57344 ----a-w- c:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWS]
2011-03-02 04:14 190808 ----a-w- c:\program files\Logitech\LWS\Webcam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-07-09 20:39 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 17:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57772:TCP"= 57772:TCP:Pando Media Booster
"57772:UDP"= 57772:UDP:Pando Media Booster
"56962:TCP"= 56962:TCP:Pando Media Booster
"56962:UDP"= 56962:UDP:Pando Media Booster
.
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/27/2010 4:33 AM 26352]
R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/27/2010 4:34 AM 493032]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [10/9/2011 1:20 PM 366152]
R2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [4/1/2011 12:11 AM 450848]
R3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [8/27/2010 4:33 AM 35568]
R3 LycoFltr;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [10/25/2010 7:32 AM 16896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [10/9/2011 1:20 PM 22216]
R3 vHidDev;Razer Gaming Device;c:\windows\system32\drivers\vHidDev.sys [10/27/2010 12:41 PM 5760]
S2 AODService;AODService;c:\program files\AMD\OverDrive\AODAssist.exe [7/1/2010 4:45 AM 136616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-09-16 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-09 c:\windows\Tasks\User_Feed_Synchronization-{55CC7F74-8CB5-41A5-8892-E6B947D11D0B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/hsi/vzTCPConfig.CAB
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-09 18:54
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'lsass.exe'(868)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
.
- - - - - - - > 'explorer.exe'(5712)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\CheckPoint\ZAForceField\AK\icsak.dll
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfhook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(772)
c:\program files\CheckPoint\ZAForceField\AK\akconsole.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\SearchIndexer.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\SearchProtocolHost.exe
c:\windows\RTHDCPL.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Razer\Lycosa\razertra.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\windows\system32\SearchFilterHost.exe
.
**************************************************************************
.
Completion time: 2011-10-09 18:59:01 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-09 23:58
ComboFix2.txt 2011-10-09 19:27
.
Pre-Run: 542,610,259,968 bytes free
Post-Run: 542,565,040,128 bytes free
.
- - End Of File - - F25EBD9942A776B9092F71C126405D05

Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/10/2011 10:12:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/10/2011 9:32:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Process Monitor service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/10/2011 9:33:23 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


Vino's Event Viewer v01c run on Windows XP in English
Report run at 09/10/2011 10:13:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 09/10/2011 9:32:13 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 09/10/2011 9:32:13 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .

Attached Files


  • 0

#7
RKinner
Posted 09 October 2011 - 10:02 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Log: 'System' Date/Time: 09/10/2011 9:32:20 PM
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The Process Monitor service failed to start due to the following error: The system cannot find the file specified.


I'm thinking this is actually the Logitech Process Monitor. Start, Run, service.msc , OK then find Logitech Process Monitor and right click and select Properties then change the Startup Type to Disabled then Apply.


Log: 'System' Date/Time: 09/10/2011 9:33:23 PM
Type: warning Category: 0
Event: 4226 Source: Tcpip
TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.


This is usually caused by a P2P program. Only thing I can see that looks suspicious is Pando Media Booster so you might try uninstalling it.

Log: 'Application' Date/Time: 09/10/2011 9:32:13 PM
Type: warning Category: 0
Event: 1015 Source: EvntAgnt
TraceLevel parameter not located in registry; Default trace level used is 32.

Log: 'Application' Date/Time: 09/10/2011 9:32:13 PM
Type: warning Category: 0
Event: 1003 Source: EvntAgnt
TraceFileName parameter not located in registry; Default trace file used is .


This problem occurs if you install the Simple Network Management Protocol (SNMP) service but you do not also configure this service. These error events are logged by the SNMP service when you restart the computer. If the Evntagnt.dll file is not configured for debug tracing when the SNMP service starts, these two warning events are logged. Simple fix is to turn off SNMP:

Click Start, click Run, type services.msc in the Open box, and then click OK.
In the list of services, double-click SNMP Service.
In the Startup type list, click Disabled, and then click OK.



If it is still starting up slowly then:

Start Run, msconfig, OK
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it doesn't run faster then go back into msconfig and recheck the
things you turned off. If it helps then go back and turn on a few items each
time until you find the culprit.

It could be that ZA is acting up. You might try uninstalling it as a test.

Ron
  • 0

#8
schaferschloss
Posted 10 October 2011 - 08:45 AM

schaferschloss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
The logitech process monitor was not listed in the service.msc but listed as process monitor and now it's diable. The pando media booster(pmb) is what the LOTRO(lord of the rings online) use's to download the install files; but I am fuzzy about do I need this for the online game to operate. I research this and found out it is a uploader resource hog of your bandwidth; that explains my slow upload. I did not unistall this yet but did disable it in msconfig start tab and in the control panel by opening the pmb and uncheck the box "start media boster when I start windows" and then click shut down. The SNMP is disable now. The zonealarm force field I found out can cause problems; I remember an new update from ZA that cause my computer (thats XP pro sp3) alot of problems; ZA had me do some test and log the files then unload ZA and install the older program.

The restart time has increase greatly!!!!

I am going through the msconfig start/service tabs to find what I need and do not need to start or be running in the back ground. I started by disable them all(except microsoft services) and searching if they are needed or not. Is there any that you would recomend that should be check?

Thank you,
Tony
  • 0

#9
RKinner
Posted 10 October 2011 - 10:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I don't know much about the Razer stuff. Something to do with your keyboard/mouse I think. You would have to try it to see if you need it.

SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

You don't need the Yahoo Auto Update service.


These three are from Microsoft but are part of IIS. I asked you at the beginning if you needed IIS for something. Most people don't. IIS is the webserver from MS.

SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 07:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)

Suspect this one:
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
is also part of IIS.

Doubtful you really need these:
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

I would also uninstall Windows Desktop Search and turn off Windows Search. Both CPU hogs and how often do you search anyway? (Search will still work - it just takes a minute or two more).

If ZA is the paid version you might try using the free Avast anti-virus
http://www.avast.com...ivirus-download
and the free Online Armor
http://www.online-armor.com/
when your subscription expires. (Or now if this is the free version) They usually put less of a load on your CPU and I think are better protection. I haven't used ZA in years because it was so slow loading and prone to not loading at all.

I think we are pretty much done now so I'm going to give you the cleanup/goodbye speech:

We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 27 or 7 update 0). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#10
schaferschloss
Posted 10 October 2011 - 04:03 PM

schaferschloss

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ron,

Thank you with expertise with this/these problems. I took care of the IIS and had no idea it was running. The pando media booster is diable and shut down; and appears the LOTRO client does not need it. I thought I removed all files for firefox. The zonealrm firewall/anti-virus(its a paid version)has become buggy; will be looking into a differant type like you said: Avast anti-virus
http://www.avast.com...ivirus-download
and the free Online Armor
http://www.online-armor.com/

Thank you for your time,
Thank you again,
Tony
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP