Threat win32 malware gen


 SHARE  
Rating: 0 / 5 (0)

BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Avast reports win32 Malware-gen High-Threat

simple.me 13 Jul 2011

Problem: Avast reports high threat win32-gen (with no obvious malware symptoms)

Avast installed over a year, windows XP-pro, Windows firewall always on, PC used for business by me only-

- no gaming/risky site browsing.

- Connects to business server at times.

- No banking or accounting.

Avast is set to full scan at night installed for over a year.

Windows XP firewall-

Windows auto updates set to “on”.

First Avast report of malware 7/5/2011.

- PC had been offline about a week.

- The cable/internet ISP service was down- tech said the line connections 'fixed" at last service call about a month prior- was issue.

- Techs did not touch PC… just modem & cable.

Once PC online again, Avast performed a program update & virus definition updates. 1. next day Avast reported high threat win32-gen
c:\program files\online services\PeoplePC\ISP5900\Bin\BartShel.exe

2. i think i moved this to chest- thought this was installed by manufacturer & never used ( i am not owner of PC and it is an older Compaq XP media center- plenty of junk installed that i ignore).

3. Avast recommended a boot-time scan (it scans before windows fully loads)

4. boot-time scan reported the following :

1 - High Threat: Win32:Malware-gen.

o c:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP279\A0054917.exe

4- low Threats: PUP: Win32:PUP-gen.

o D:\I386\APPS\APP17286\src\CompaqPresario_Spring06.exe|>[Embedded_R#001280]|>%MAINDIR%\. |>[Embedded_I#051f0]

o D:\I386\APPS\APP17286\src\HPPavillion_Spring06.exe|>[Embedded_R#001280]|>%MAINDIR%\. |>[Embedded_I#051f0]

o D:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP279\. |>[Embedded_I#051f0]

o D:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP279\. |>[Embedded_I#051f0]

I think.. that I then

1. scanned w/prevex, Malwarebytes & Gmer and all reported no threats detected.

2. I moved items to Avast Virus Chest- assumed I did not really need any of it.

3. From Avast virus Chest Submitted to Virus lab as likely false positive.

Then over next couple of days PC seemed not quite right-

I think that I then I restored the files from the virus chest told Avast to ignore HP files (seemed I had had same issues when installed Avast- and found the HP-ware often sets off av false positives., PC still odd-

Avast re-reported high threat win32-gen

· c:\program files\online services\PeoplePC\ISP5900\Bin\BartShel.exe

o I think I moved this to chest- I know I do not need it.

· c:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP279\A0054917.exe

So, I began keeping the PC offline and watching more closely & reran Gmer I think.

- No redirects when browsing when online, no difficulty going to malware help sites, or installing running anti-malware programs at any time.. just not quite right feel an avast reports.. and growing uneasiness that what seemed like false positive may be something after all.

Then next day Avast scan reported 2 high threat win32-gen:

· c:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP279\A0054917.exe

· c:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP281\A0056089.exe

During this period we had thunderstorms and PC lacking battery backup lost power, rebooted itself & lost power again before I could turn it off.

So by now too many things going on with it- so I tried system restore, and ran hard drive, CPU & memory diagnostics to see if installed updates, PC changes or possible crashes resulting in the not quite right feel of the PC.

I saw no significant change. I noticed file deletes taking a long time- even after emptying recycle bin during this period, even when not connected to external sources, internet & PC not busy with other work.

· Removed a mapped/disconnected network drive- that seems to fix slow delete.

Over past day or so went to your site & completed all steps & scans to ask for assistance.

Now Avast reports 4 high threats win32-gen (the 3 in restore may be 3 instances of same file?):

· c:\program files\online services\PeoplePC\ISP5900\Bin\BartShel.exe

· c:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP279\A0054917.exe

· c:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP281\A0056089.exe

· c:\system volume information\_restore<106CF321-99A3-4EA-9103-1BD027606A99>\RP285\A0058203.exe

I moved all threats to the virus chest and I am keeping the PC offline, except for troubleshooting & help request to Bleeping Computer.

I am Checking business email via webmail on personal PC which reports clean… which shares same internet connection with affected PC, but not networked with it.

Thank yo9u very much for your help!

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by user.name at 16:04:01 on 2011-07-12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.1053 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* <7591DB91-41F0-48A3-B128-1A293FD8233D>
FW: Norton Internet Worm Protection *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Rohos\agent.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\arservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\GlidePoint\glidesvc.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\WINDOWS\system32\DrvMon.exe
C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.marketplaceleaders.org/blog/
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
uURLSearchHooks: Yahoo! Toolbar: -
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: <06849e9f-c8d7-4d59-b87d-784b7d6be0b3>- c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: <074c1dc5-9320-4a9a-947d-c042949c6216>- c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: avast! WebRep: <8e5e2654-ad2d-48bf-ac2d-d17f00898d06>- c:\program files\alwil software\avast5\aswWebRepIE.dll
BHO: Adobe PDF Conversion Toolbar Helper: - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: - No File
BHO: Java™ Plug-In 2 SSV Helper: - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: <47833539-d0c5-4125-9fa8-0819e2eaac93>- c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: <517bdde4-e3a7-4570-b21e-2b52b6139fc7>- c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: avast! WebRep: <8e5e2654-ad2d-48bf-ac2d-d17f00898d06>- c:\program files\alwil software\avast5\aswWebRepIE.dll
TB: Yahoo! Toolbar: -
EB: Adobe PDF: <182ec0be-5110-49c8-a062-beb1d02a220b>- c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Rohos] c:\program files\rohos\agent.exe
uRun: [DrvMon.exe] c:\windows\system32\DrvMon.exe
uRun: [Boxoft Tools] "c:\documents and settings\all users\application data\boxtools\Boxofttoolbox.exe" -autorun
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [PCDrProfiler]
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [Reminder] "c:\windows\creator\Remind_XP.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [ ]
mRun: [Adobe_ID0EYTHM] c:\progra

2.EXE
mRun: [hpqSRMon]
mRun: [Eraser] "c:\progra

1\eraser\Eraser.exe" --atRestart
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume

1\programs\startup\pinmclnk.lnk - c:\hp\bin\cloaker.exe
StartupFolder: c:\docume

1\programs\startup\voip080.lnk - c:\program files\philips\voip080\VOIP080.exe
StartupFolder: c:\docume

1.lnk - c:\program files\pfu\cardminder\CardLauncher.exe
StartupFolder: c:\docume

1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume

1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra

4\office12\REFIEBAR.DLL
DPF: <02BCC737-B171-4746-94C9-0D8A0B2C0089>- hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: <6E32070A-766D-4EE6-879C-DC1FA91D2FC3>- hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289597001031
DPF: <83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E>- hxxp://tra.mlxtempo.com/5.1.01.9919/Control/IRCSharc.cab
DPF: <8AD9C840-044E-11D1-B3E9-00805F499D93>- hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\ <03C2FD26-57E2-4DC5-ACBF-018602FF608C>: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\ <892900FC-9814-4488-99C0-81491C1EE93D>: DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
Handler: belarc - <6318E0AB-2E93-11D1-B8ED-00608CC9A71F>- c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - - c:\progra

1.DLL
SSODL: WPDShServiceObj - - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user.name\application data\mozilla\firefox\profiles\jy3x0kxd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://rc-nc.com/index.shtml
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\user.name\application data\mozilla\firefox\profiles\jy3x0kxd.default\extensions\\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx,aswSnx,c:\windows\system32\drivers\aswSnx.sys [2011-3-26 441176]
R1 aswSP,aswSP,c:\windows\system32\drivers\aswSP.sys [2010-11-28 309848]
R2 aswFsBlk,aswFsBlk,c:\windows\system32\drivers\aswFsBlk.sys [2010-11-28 19544]
R2 avast! Antivirus,avast! Antivirus,c:\program files\alwil software\avast5\AvastSvc.exe [2010-11-28 42184]
R2 GlidePoint,GlidePoint Touchpad Client,c:\program files\glidepoint\glidesvc.exe [2009-6-4 193832]
R2 Hamachi2Svc,LogMeIn Hamachi 2.0 Tunneling Engine,c:\program files\logmein hamachi\hamachi-2.exe [2011-5-25 1336712]
R2 McrdSvc,Media Center Extender Service,c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 RHDISK,RHDISK,c:\program files\rohos\rhdisk.sys [2010-11-22 33280]
R2 Rohos Disk,Rohos Disk service,c:\program files\rohos\agent.exe [2010-11-22 800880]
R3 glideusb,GlidePoint USB Touchpad Filter,c:\windows\system32\drivers\glideusb.sys [2010-11-18 65064]
RUnknown 1498916drv,1498916drv, [x]
RUnknown 16645786,16645786, [x]
S2 clr_optimization_v4.0.30319_32,Microsoft .NET Framework NGEN v4.0.30319_X86,c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132,cpuz132,\??\c:\docume

1\temp\cpuz132\cpuz132_x32.sys [?]
S3 WinRM,Windows Remote Management (WS-Management),c:\windows\system32\svchost.exe -k WINRM [2004-8-10 14336]
S3 WPFFontCache_v0400,Windows Presentation Foundation Font Cache 4.0.0.0,c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-11 10:41:54 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-07-11 10:41:54 -------- d-----w- c:\windows\system32\wbem\Repository
2011-07-11 02:47:18 131072 ----a-w- c:\program files\online services\peoplepc\isp5900\isp50\bin\BartShel.exe
2011-07-10 02:26:45 -------- d-----w- c:\program files\A.F.5 Rename your files 1.1
2011-06-27 17:05:58 -------- d-----w- c:\documents and settings\user.name\local settings\application data\PCHealth
2011-06-26 02:18:24 95672 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-25 03:14:34 -------- d-----w- C:\RC-Fileroom
2011-06-25 03:13:01 -------- d-----w- C:\1-RC-Fileroom
2011-06-25 02:21:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-06-25 02:21:29 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-06-25 01:35:50 -------- d-----w- c:\program files\NirSoft
2011-06-24 00:00:10 114 ----a-w- c:\windows\Printdir.bat
2011-06-23 23:17:16 -------- d-----w- C:\1-RC-Fileroom.1st
2011-06-20 21:00:12 -------- d-----w- c:\documents and settings\user.name\application data\Fujitsu
2011-06-20 21:00:02 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2011-06-20 21:00:02 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2011-06-17 19:12:26 -------- d-----w- c:\program files\ABBYY FineReader for ScanSnap
2011-06-16 22:34:38 -------- d-----w- c:\program files\KnowledgeLake
2011-06-16 22:28:38 476672 ----a-w- c:\windows\system32\s1100u.dll
2011-06-16 22:28:38 3559424 ----a-w- c:\windows\system32\ippi5s1100.dll
2011-06-16 22:28:38 2269184 ----a-w- c:\windows\system32\ijl5s1100.dll
2011-06-16 22:27:19 35328 ----a-w- c:\windows\system32\pfdvmn.dll
2011-06-16 22:27:19 32768 ----a-w- c:\windows\system32\chksti.dll
2011-06-16 22:27:19 31232 ----a-w- c:\windows\system32\pfusti.dll
2011-06-16 22:26:57 69632 ----a-w- c:\windows\system32\PFUIRT.dll
2011-06-16 22:26:57 393216 ----a-w- c:\windows\system32\PFUP60.dll
2011-06-16 22:26:57 249856 ----a-w- c:\windows\system32\PFURT.dll
2011-06-16 22:17:17 -------- d-----w- c:\documents and settings\user.name\application data\PFU
2011-06-16 22:15:06 279552 ----a-w- c:\windows\system32\S1300u.dll
2011-06-16 22:15:06 264192 ----a-w- c:\windows\system32\s300u.dll
2011-06-16 22:15:06 24064 ----a-w- c:\windows\system32\Fjmcusb.dll
2011-06-16 22:15:06 21504 ----a-w- c:\windows\system32\fj52usb.dll
2011-06-16 22:15:06 1990656 ----a-w- c:\windows\system32\ippi5s300.dll
2011-06-16 22:15:06 1990656 ----a-w- c:\windows\system32\ippi5s1300.dll
2011-06-16 22:15:06 1302528 ----a-w- c:\windows\system32\ijl5s300.dll
2011-06-16 22:15:06 1302528 ----a-w- c:\windows\system32\ijl5s1300.dll
2011-06-16 22:14:58 69632 ----a-w- c:\windows\system32\distortion.dll
2011-06-16 22:14:55 -------- d-----w- c:\windows\SSDriver
2011-06-16 22:14:19 -------- d-----w- c:\program files\common files\PFU
2011-06-16 22:14:06 -------- d-----w- c:\program files\PFU
2011-06-16 07:19:57 -------- d-----w- c:\program files\LogMeIn Hamachi
2011-06-15 23:52:27 105472 ------w- c:\windows\system32\dllcache\mup.sys
.
==================== Find3M ====================
.
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-25 05:42:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-26 19:12:21 86016 ----a-w- c:\windows\SOUNDMAN.EXE
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 16:07:22.71 ===============

Attached Files

  • Ark.txt388.37KB 3 downloads

Shannon2012 19 Jul 2011

Welcome to Bleeping Computer.

My name is Shannon and I will be working with you to remove the malware that is on your machine.

I apologize for the delay in replying to your post, but this forum is extremely busy.

Please Track this topic - On the top right on this tread, click on the Watch Topic button, click on 'Immediate Email Notification', and then click on the Proceed button at the bottom.

Do Not make any changes on your own to the infected computer.

Please set your system to show all files.
Click Start, open My Computer, select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.

Now, let's look more thoroughly at the infected computer -

We need to see some information about what is happening in your machine. Please perform the following scan:

  • We need to create an OTL Report
  • Please download OTL from here:
  • Main Mirror
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "Use SafeList"
  • Push the button.
  • Two reports will open, copy and paste them into your reply :
  • OTL.txtSave Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning. just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

Once you have the above logs, click on the Add Reply button below, copy in the contents of the two OTL logs and the RKU log. Also include any comments that you might have concerning the infection(s) and the infected computer.

simple.me 19 Jul 2011

i understand delay in reply, no problem. I am grateful for your help!

requested reports as follows:
==================================================
OTL.txt
=================================================
OTL logfile created on: 7/19/2011 4:28:06 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\user.name\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.67% Memory free
3.78 Gb Paging File | 2.97 Gb Available in Paging File | 78.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.48 Gb Total Space | 69.60 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.56 Gb Free Space | 6.49% Space Free | Partition Type: FAT32
Drive F: | 298.09 Gb Total Space | 5.88 Gb Free Space | 1.97% Space Free | Partition Type: NTFS

Computer Name: WS10 | User Name: user.name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

PRC - [2011/07/19 16:23:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user.name\Desktop\OTL.exe
PRC - [2011/07/04 07:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/05/27 08:52:30 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/05/25 17:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2011/04/15 14:56:36 | 001,038,336 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\sfzone\SafeZoneBrowser.exe
PRC - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2011/03/18 01:24:50 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2011/02/15 11:25:42 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2011/01/04 17:22:44 | 002,760,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Toolbox.exe
PRC - [2010/11/18 23:21:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/11/02 17:57:38 | 000,800,880 | ---- | M] (Tesline-Service SRL) -- C:\Program Files\Rohos\agent.exe
PRC - [2010/07/01 11:15:14 | 001,840,472 | ---- | M] (Iomega, an EMC company) -- C:\Program Files\EMC Corporation\v.Clone\vClone.exe
PRC - [2010/07/01 11:11:10 | 000,013,312 | ---- | M] () -- C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe
PRC - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnat.exe
PRC - [2009/10/22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\system32\vmnetdhcp.exe
PRC - [2009/10/22 04:43:30 | 000,064,048 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/06/04 15:34:34 | 000,193,832 | ---- | M] (Cirque Corporation) -- C:\Program Files\GlidePoint\glidesvc.exe
PRC - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/03 11:16:30 | 000,663,552 | ---- | M] (Philips) -- C:\Program Files\Philips\VOIP080\VOIP080.exe
PRC - [2006/08/01 17:14:47 | 000,036,903 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe
PRC - [2006/08/01 16:57:49 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2006/06/15 00:11:09 | 000,053,248 | ---- | M] (Alcor Micro, Corp.) -- C:\WINDOWS\system32\DrvMon.exe
PRC - [2005/08/03 02:19:16 | 000,077,312 | ---- | M] (Microsoft) -- C:\WINDOWS\arpwrmsg.exe
PRC - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) -- C:\WINDOWS\arservice.exe

MOD - [2011/07/19 16:23:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user.name\Desktop\OTL.exe
MOD - [2011/07/04 07:43:51 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2011/05/14 01:17:40 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcr80.dll
MOD - [2011/05/14 01:12:34 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\msvcp80.dll
MOD - [2011/02/15 11:25:56 | 000,640,504 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/08/01 17:14:43 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\user.name\Local Settings\Temp\IadHide5.dll

SRV - [2011/07/04 07:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/25 17:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/03/18 01:26:14 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2011/02/15 11:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/12/31 09:39:54 | 008,133,120 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010/12/31 09:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010/11/18 23:21:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/11/02 17:57:38 | 000,800,880 | ---- | M] (Tesline-Service SRL) [Auto | Running] -- C:\Program Files\Rohos\agent.exe -- (Rohos Disk)
SRV - [2010/07/01 11:11:10 | 000,013,312 | ---- | M] () [Auto | Running] -- C:\Program Files\EMC Corporation\v.Clone\QuikSync\QuikSync.exe -- (QuikSync)
SRV - [2009/10/22 04:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 04:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 04:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\system32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 03:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 14:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/06/04 15:34:34 | 000,193,832 | ---- | M] (Cirque Corporation) [Auto | Running] -- C:\Program Files\GlidePoint\glidesvc.exe -- (GlidePoint)
SRV - [2008/10/15 18:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (MSFtpsvc)
SRV - [2008/04/13 20:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2005/08/03 02:19:16 | 000,058,880 | ---- | M] (Microsoft) [Auto | Running] -- C:\WINDOWS\arservice.exe -- (ARSVC)

DRV - [2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/02/15 11:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/07/01 11:10:14 | 000,012,672 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QslFsFltr.sys -- (QslFsFltr)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/02/03 16:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/11/03 13:30:12 | 000,022,576 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Virtual Disk Development Kit\bin\vstor2-mntapi10.sys -- (vstor2-mntapi10)
DRV - [2009/10/22 04:45:06 | 000,032,688 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 04:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 04:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 04:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 04:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 03:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 00:13:32 | 000,016,560 | R--- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/16 16:06:29 | 000,065,064 | ---- | M] (Cirque Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\glideusb.sys -- (glideusb)
DRV - [2009/10/12 14:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/07/24 11:43:26 | 000,033,280 | ---- | M] (Tesline-Service SRL) [Kernel | Auto | Running] -- C:\Program Files\Rohos\rhdisk.sys -- (RHDISK)
DRV - [2008/02/27 14:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2006/06/14 14:04:12 | 004,299,264 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/03/03 18:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/03/03 18:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/12/06 14:20:50 | 000,241,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2005/12/06 14:20:40 | 000,936,448 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSX_DP.sys -- (HSX_DP)
DRV - [2005/06/29 20:03:18 | 000,175,104 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ftsata2.sys -- (ftsata2)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/03 17:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/11/05 10:45:12 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.marketplaceleaders.org/blog/
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\..\URLSearchHook: <0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064>- Reg Error: Key error. File not found
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\..\URLSearchHook: <91da5e8a-3318-4f8c-b67e-5964de3ab546>- C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260,version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug,version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug,version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin,version=: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/07/11 06:46:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011/07/17 17:53:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/24 22:21:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/27 12:53:56 | 000,000,000 | ---D | M]

[2011/03/16 08:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Extensions
[2011/03/16 08:59:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Extensions\prism@developer.mozilla.org
[2011/07/17 19:29:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions
[2011/01/23 00:18:25 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions\<02450954-cdd9-410f-b1da-db804e18c671>
[2011/07/17 19:29:25 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions\<1018e4d6-728f-4b20-ad56-37578a4de76b>
[2011/01/08 17:54:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions\<20a82645-c095-46ed-80e3-08825760534b>
[2011/07/11 06:39:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions\<68836a21-fc7d-4ea1-a065-7efabd99d414>
[2011/07/17 17:17:25 | 000,000,000 | ---D | M] (ZoneAlarm Security Community Toolbar) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions\<91da5e8a-3318-4f8c-b67e-5964de3ab546>
[2011/01/28 15:49:24 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions\
[2011/02/21 02:23:54 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\user.name\Application Data\Mozilla\Firefox\Profiles\jy3x0kxd.default\extensions\LogMeInClient@logmein.com
[2011/06/13 20:57:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/01 16:09:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\
[2011/02/01 00:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\
[2011/03/08 17:52:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\
[2011/06/13 20:57:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\<11B496EA-481A-11DC-8314-0800200C9A66>.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\<68836A21-FC7D-4EA1-A065-7EFABD99D414>.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\<75CEEE46-9B64-46F8-94BF-54012DE155F0>.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\RANKCHECKER@SEOBOOK.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\SEODOCTOR@PRELOVAC.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\SROUSSEY@ILLUMINATION-FOR-DEVELOPERS.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\user.name\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\JY3X0KXD.DEFAULT\EXTENSIONS\YSLOW@YAHOO-INC.COM.XPI
[2011/07/11 06:46:12 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/02/01 00:01:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/06/24 22:21:28 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/05/06 10:42:49 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/11/21 09:23:46 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2011/01/14 00:42:38 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - <06849E9F-C8D7-4D59-B87D-784B7D6BE0B3>- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - <074C1DC5-9320-4A9A-947D-C042949C6216>- C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (ZoneAlarm Security Engine Registrar) - <8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3>- C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - <8E5E2654-AD2D-48bf-AC2D-D17F00898D06>- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (ZoneAlarm Security Toolbar) - <91da5e8a-3318-4f8c-b67e-5964de3ab546>- C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - <47833539-D0C5-4125-9FA8-0819E2EAAC93>- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - <517BDDE4-E3A7-4570-B21E-2B52B6139FC7>- C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (avast! WebRep) - <8E5E2654-AD2D-48bf-AC2D-D17F00898D06>- C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - <91da5e8a-3318-4f8c-b67e-5964de3ab546>- C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\..\Toolbar\ShellBrowser: (no name) - - No CLSID value found.
O3 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\..\Toolbar\WebBrowser: (Adobe PDF) - <47833539-D0C5-4125-9FA8-0819E2EAAC93>- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - <91DA5E8A-3318-4F8C-B67E-5964DE3AB546>- C:\Program Files\ZoneAlarm_Security\prxtbZone.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AlwaysReady Power Message APP] C:\WINDOWS\arpwrmsg.exe (Microsoft)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [ftutil2] C:\WINDOWS\System32\ftutil2.dll (Promise Technology, Inc.)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCDrProfiler] File not found
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008..\Run: [Boxoft Tools] C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe ()
O4 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe (Alcor Micro, Corp.)
O4 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008..\Run: [Rohos] C:\Program Files\Rohos\agent.exe (Tesline-Service SRL)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk = C:\Program Files\PFU\CardMinder\CardLauncher.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk = C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\user.name\Start Menu\Programs\Startup\PinMcLnk.lnk = C:\hp\bin\cloaker.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\user.name\Start Menu\Programs\Startup\VOIP080.lnk = C:\Program Files\Philips\VOIP080\VOIP080.exe (Philips)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = FF 00 00 00 [binary data]
O7 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-536995187-1795891562-3944622506-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Internet Connection Help - - File not found
O9 - Extra 'Tools' menuitem : Internet Connection Help - - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: <02BCC737-B171-4746-94C9-0D8A0B2C0089>http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: <6E32070A-766D-4EE6-879C-DC1FA91D2FC3>http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1289597001031 (MUWebControl Class)
O16 - DPF: <83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E>http://tra.mlxtempo.com/5.1.01.9919/Control/IRCSharc.cab (GeacRevw Control)
O16 - DPF: <8AD9C840-044E-11D1-B3E9-00805F499D93>http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\belarc <6318E0AB-2E93-11D1-B8ED-00608CC9A71F>- C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\dssrequest <5513F07E-936B-4E52-9B00-067394E91CC5>- Reg Error: Key error. File not found
O18 - Protocol\Handler\sacore <5513F07E-936B-4E52-9B00-067394E91CC5>- Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/31 00:02:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 08:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 00:01:14 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\F\Shell - " = AutoRun
O33 - MountPoints2\F\Shell\AutoRun - " = Auto&Play
O33 - MountPoints2\F\Shell\AutoRun\command - " = F:\Loaderw.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\. com [@ = comfile] -- "%1" %*
O37 - HKLM\. exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 16:23:33 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user.name\Desktop\OTL.exe
[2011/07/19 16:03:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Local Settings\Application Data\vClone
[2011/07/19 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Application Data\VMware
[2011/07/19 11:20:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\v.Clone
[2011/07/19 11:19:08 | 000,059,952 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetinst.dll
[2011/07/19 11:19:08 | 000,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2011/07/19 11:19:02 | 000,334,384 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2011/07/19 11:18:58 | 000,395,824 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2011/07/19 11:18:57 | 000,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2011/07/19 11:18:53 | 000,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2011/07/19 11:18:47 | 000,760,368 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2011/07/19 11:18:32 | 000,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2011/07/19 11:18:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\VMware
[2011/07/19 11:18:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VMware
[2011/07/19 11:17:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2011/07/19 11:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2011/07/19 11:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\VMware
[2011/07/19 11:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2011/07/19 11:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\EMC Corporation
[2011/07/17 17:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\-My Documents\ForceField Shared Files
[2011/07/17 17:18:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Application Data\CheckPoint
[2011/07/17 17:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/07/17 17:17:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Local Settings\Application Data\ZoneAlarm_Security
[2011/07/17 17:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Local Settings\Application Data\Temp
[2011/07/17 17:17:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Local Settings\Application Data\Conduit
[2011/07/17 17:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2011/07/17 17:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2011/07/17 17:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/07/17 17:16:46 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/07/17 17:16:42 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/07/17 17:16:42 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/07/17 17:16:33 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/07/17 17:16:31 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/07/17 17:16:31 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/07/17 17:16:30 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/07/17 17:16:30 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/07/17 17:16:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/07/17 17:16:29 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/07/17 17:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/07/17 17:15:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/07/17 17:15:31 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/07/17 17:15:31 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/07/17 17:15:31 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/07/13 19:11:47 | 000,000,000 | ---D | C] -- C:\1-Backup DriveImage
[2011/07/13 19:09:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Runtime Software
[2011/07/13 19:09:50 | 000,000,000 | ---D | C] -- C:\Program Files\Runtime Software
[2011/07/12 16:04:01 | 000,000,000 | R--D | C] -- C:\Documents and Settings\user.name\Start Menu\Programs\Administrative Tools
[2011/07/12 16:03:33 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\user.name\Desktop\dds.scr
[2011/07/12 15:50:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Desktop\DRIVE-Image sw
[2011/07/09 22:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\A.F.5 Rename your files 1.1
[2011/07/06 20:14:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Desktop\1-Metatron
[2011/06/27 13:05:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Local Settings\Application Data\PCHealth
[2011/06/24 23:14:34 | 000,000,000 | ---D | C] -- C:\RC-Fileroom
[2011/06/24 23:13:01 | 000,000,000 | ---D | C] -- C:\1-RC-Fileroom
[2011/06/24 21:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Start Menu\Programs\NirSoft SysExporter
[2011/06/24 21:35:50 | 000,000,000 | ---D | C] -- C:\Program Files\NirSoft
[2011/06/23 21:46:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Desktop\1-RC.Fileroom.DIR b4 reorg
[2011/06/23 19:17:16 | 000,000,000 | ---D | C] -- C:\1-RC-Fileroom.1st
[2011/06/20 17:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Desktop\RCR.Scans.Temp
[2011/06/20 17:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user.name\Application Data\Fujitsu
[2011/06/20 17:00:02 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[378 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[117 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/19 16:25:13 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\RKUnhookerLE.EXE
[2011/07/19 16:23:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user.name\Desktop\OTL.exe
[2011/07/19 16:01:59 | 000,000,246 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.dat
[2011/07/19 15:57:53 | 000,043,531 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/19 15:55:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/19 11:39:31 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011/07/19 11:20:12 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\v.Clone.lnk
[2011/07/19 11:19:59 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2011/07/19 11:18:24 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011/07/19 11:18:17 | 000,546,248 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/07/19 11:18:17 | 000,106,302 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/07/19 11:18:13 | 000,001,801 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2011/07/19 10:14:03 | 000,487,416 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\d31544200-en.pdf
[2011/07/19 10:13:51 | 001,540,006 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\vclone-intro.pdf
[2011/07/17 17:18:53 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/07/17 17:16:50 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/17 17:16:49 | 000,000,776 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\ZoneAlarm Security.lnk
[2011/07/17 17:13:14 | 046,973,440 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\zaSetup_92_106_000_en.exe
[2011/07/13 19:09:53 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/07/13 19:09:53 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2011/07/13 18:20:04 | 001,624,952 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/07/13 17:27:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/07/13 15:40:33 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/07/12 16:03:35 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\user.name\Desktop\dds.scr
[2011/07/12 16:02:44 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\user.name\defogger_reenable
[2011/07/12 16:01:50 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\Defogger.exe
[2011/07/12 15:34:58 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Access 2007.lnk
[2011/07/12 15:22:50 | 000,064,064 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\cpuinfo.exe
[2011/07/11 06:51:26 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Pro Antivirus.lnk
[2011/07/11 06:51:22 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/07/11 06:45:05 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/10 00:38:38 | 000,001,720 | -H-- | M] () -- C:\Documents and Settings\user.name\-My Documents\Default.rdp
[2011/07/07 15:57:59 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\user.name\-My Documents\1Resources1.accdb
[2011/07/07 15:57:17 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\user.name\-My Documents\1Resources.accdb
[2011/07/06 20:12:35 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/07/06 20:12:35 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/06 19:42:52 | 000,002,491 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/07/05 09:37:38 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\Skype (2).lnk
[2011/07/04 07:43:53 | 000,040,112 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/07/04 07:43:51 | 000,199,304 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/07/04 07:36:43 | 000,441,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/07/04 07:36:32 | 000,309,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/07/04 07:35:23 | 000,043,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/07/04 07:35:12 | 000,102,616 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/07/04 07:35:09 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/07/04 07:32:32 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/07/04 07:32:13 | 000,030,808 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/07/04 07:32:12 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/29 05:01:48 | 000,000,837 | ---- | M] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
[2011/06/29 04:59:08 | 001,869,114 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\PPotter-RR-Prerunner-EXCEL-06-28-2011.pdf
[2011/06/25 22:10:27 | 000,330,556 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\1-RC-Fileroom.zip
[2011/06/25 22:10:27 | 000,330,556 | ---- | M] () -- C:\1-RC-Fileroom.zip
[2011/06/25 21:09:06 | 000,004,386 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\Fileroom.MD.properties.bat
[2011/06/25 17:25:30 | 000,005,588 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\RC.FileroomMD.tenants.bat
[2011/06/25 01:42:29 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/24 23:24:20 | 000,002,818 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\Fileroom.Folders.bat
[2011/06/24 22:35:48 | 000,006,499 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\RC.FileroomMD3.tenants.bat
[2011/06/24 21:34:25 | 000,107,910 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\sysexp_setup.exe
[2011/06/23 22:25:39 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\user.name\-My Documents\Excelsior.fnd
[2011/06/23 20:07:11 | 000,008,302 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\1.ppotter-webdev.pdf
[2011/06/23 20:00:10 | 000,000,114 | ---- | M] () -- C:\WINDOWS\Printdir.bat
[2011/06/23 19:59:27 | 000,662,528 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\MicrosoftFixit50548.msi
[2011/06/23 19:26:01 | 000,004,260 | ---- | M] () -- C:\Documents and Settings\user.name\Desktop\RC-2.Fileroom.MD.Tenants.bat
[378 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[117 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/19 16:25:03 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\RKUnhookerLE.EXE
[2011/07/19 11:20:12 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\v.Clone.lnk
[2011/07/19 11:19:59 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2011/07/19 11:18:24 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011/07/19 11:18:12 | 000,001,801 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VMware Player.lnk
[2011/07/19 10:14:02 | 000,487,416 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\d31544200-en.pdf
[2011/07/19 10:13:46 | 001,540,006 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\vclone-intro.pdf
[2011/07/17 17:16:50 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/07/17 17:16:49 | 000,000,776 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\ZoneAlarm Security.lnk
[2011/07/17 17:16:29 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/07/17 17:12:58 | 046,973,440 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\zaSetup_92_106_000_en.exe
[2011/07/13 19:09:53 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\user.name\Application Data\Microsoft\Internet Explorer\Quick Launch\DriveImage XML.lnk
[2011/07/13 19:09:53 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DriveImage XML.lnk
[2011/07/12 16:02:44 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\user.name\defogger_reenable
[2011/07/12 16:01:50 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\Defogger.exe
[2011/07/12 15:22:46 | 000,064,064 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\cpuinfo.exe
[2011/07/07 15:57:33 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\user.name\-My Documents\1Resources1.accdb
[2011/07/07 15:56:40 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\user.name\-My Documents\1Resources.accdb
[2011/06/29 05:01:16 | 001,869,114 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\PPotter-RR-Prerunner-EXCEL-06-28-2011.pdf
[2011/06/25 22:10:27 | 000,330,556 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\1-RC-Fileroom.zip
[2011/06/25 22:10:27 | 000,330,556 | ---- | C] () -- C:\1-RC-Fileroom.zip
[2011/06/25 21:09:06 | 000,004,386 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\Fileroom.MD.properties.bat
[2011/06/24 23:11:36 | 000,002,818 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\Fileroom.Folders.bat
[2011/06/24 22:28:27 | 000,006,499 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\RC.FileroomMD3.tenants.bat
[2011/06/24 21:34:24 | 000,107,910 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\sysexp_setup.exe
[2011/06/23 22:25:39 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\user.name\-My Documents\Excelsior.fnd
[2011/06/23 20:07:11 | 000,008,302 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\1.ppotter-webdev.pdf
[2011/06/23 20:00:10 | 000,000,114 | ---- | C] () -- C:\WINDOWS\Printdir.bat
[2011/06/23 19:59:27 | 000,662,528 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\MicrosoftFixit50548.msi
[2011/06/23 19:26:01 | 000,004,260 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\RC-2.Fileroom.MD.Tenants.bat
[2011/06/23 19:14:14 | 000,005,588 | ---- | C] () -- C:\Documents and Settings\user.name\Desktop\RC.FileroomMD.tenants.bat
[2011/06/16 18:15:07 | 000,000,161 | ---- | C] () -- C:\WINDOWS\DISPARAM.INI
[2011/05/11 11:02:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2011/05/11 11:02:07 | 000,007,909 | ---- | C] () -- C:\WINDOWS\System32\ftpctrs.ini
[2011/05/11 09:19:54 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2011/05/11 09:19:52 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2011/05/11 09:18:16 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2011/05/11 09:18:15 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2011/05/11 09:17:59 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2011/02/22 01:44:16 | 000,053,123 | ---- | C] () -- C:\Documents and Settings\user.name\Application Data\Comma Separated Values (Windows).ADR
[2011/01/01 22:51:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/12/20 20:56:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PCFriend.INI
[2010/11/26 22:33:41 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\user.name\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/24 17:39:54 | 000,009,461 | ---- | C] () -- C:\Documents and Settings\user.name\Application Data\Microsoft Excel 97-2003.EML
[2010/11/24 17:39:32 | 000,000,028 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/11/23 11:28:55 | 000,106,678 | ---- | C] () -- C:\WINDOWS\hpqins13.dat
[2010/11/23 11:26:02 | 000,103,586 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
[2010/11/21 09:23:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/18 23:36:14 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/11/14 22:19:33 | 000,157,282 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2010/11/14 22:19:33 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2010/11/14 21:13:59 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/11/12 21:47:48 | 000,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2010/11/12 16:51:44 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\user.name\Local Settings\Application Data\fusioncache.dat
[2010/11/12 09:47:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2006/11/02 10:12:52 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\missouri.dll
[2006/08/01 17:48:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/08/01 17:21:38 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2006/08/01 17:14:44 | 000,118,842 | R--- | C] () -- C:\WINDOWS\HPCPCUninstaller-6.3.2.116-5577497.exe
[2006/08/01 17:14:04 | 000,667,896 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2006/08/01 17:14:04 | 000,001,235 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2006/08/01 17:13:57 | 000,012,987 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2006/08/01 17:13:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2006/08/01 17:10:22 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/08/01 16:59:52 | 000,000,083 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/08/01 16:58:31 | 000,045,929 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.EXE
[2006/08/01 16:58:31 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/08/01 16:53:33 | 000,095,822 | ---- | C] () -- C:\WINDOWS\hpqins69.dat
[2006/08/01 16:52:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/08/01 16:48:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/08/01 16:48:47 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/08/01 16:48:47 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/08/01 16:48:47 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/08/01 16:48:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/08/01 16:48:47 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/01 16:48:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/08/01 16:48:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/08/01 16:48:47 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/08/01 16:48:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/08/01 16:48:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/08/01 16:47:18 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/08/01 16:25:53 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom22.dll
[2006/08/01 16:25:53 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\pywintypes22.dll
[2006/08/01 16:25:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2006/06/16 14:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/31 00:17:40 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/31 00:07:46 | 000,546,248 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/31 00:07:46 | 000,106,302 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/31 00:05:30 | 001,624,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/31 00:01:42 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/30 23:58:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/03 02:19:16 | 000,050,176 | ---- | C] () -- C:\WINDOWS\armcex.dll
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/07/26 10:51:38 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/08/23 11:12:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 11:11:02 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15D5AA51

=====================================================
Extras.txt
=====================================================
OTL Extras logfile created on: 7/19/2011 4:28:06 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\user.name\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.10 Gb Available Physical Memory | 56.67% Memory free
3.78 Gb Paging File | 2.97 Gb Available in Paging File | 78.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 140.48 Gb Total Space | 69.60 Gb Free Space | 49.54% Space Free | Partition Type: NTFS
Drive D: | 8.56 Gb Total Space | 0.56 Gb Free Space | 6.49% Space Free | Partition Type: FAT32
Drive F: | 298.09 Gb Total Space | 5.88 Gb Free Space | 1.97% Space Free | Partition Type: NTFS

Computer Name: WS10 | User Name: user.name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

Threat win32 malware gen

Best Antivirus News: Threat win32 malware gen



Searching the link, please, wait:
sec.
Thank you for waiting, the link:
Menu:  Best Antivirus Software  Free Antivirus Download  Best Android Antivirus  News  Free antivirus download for Windows Mobile (Microsoft Lumia)  CM (Cleanmaster) Security FREE  Download Norton Antivirus  Dr.Web Antivirus  Download ESET antivirus programs for Android  Download ZoneAlarm Free Antivirus + Firewall