Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stubborn residual SpywareGuard2008/virtumonde/smitfraud infection


  • Please log in to reply
16 replies to this topic

#1 dnoz

dnoz

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 22 March 2009 - 05:09 PM

Hello, My name is Ted! Before I ask for help, I want to thank all of the experts who post here in this community -- although I just joined today, I've been using these forums regularly as a resource for solving computer problems.

Unfortunately though, I've come across one that I can't seem to figure out. I've been trying for over a month and it has been driving my crazy. My computer originally became infected with Virtuamonde. I ran Symantec, S&D, and Malwarebytes to try to clean it (and I hope that this doesn't obfuscate the problem for you experts). However it's still running slowly, especially as I leave it on for a period of time. Explorer [Edit: explorer.exe, not iexplorer] randomly crashes (or I have to kill the process). The taskmanager shows erratic processor usage spikes (i.e. it sits around 27-33% with constant fluctuations, which I suspect is one sneaky process taking up all the CPU on one of the 4 processors in the quadcore, but which doesn't show up in task manager), and memory usage is 1.19GB (of 4GB total memory, some of which is taken up by video memory since on 32bit windows XP). I don't think that this is related to hard drive fragmentation or hardware insufficiency (the problem is of relatively acute onset). I also have the problem that windows update is disabled and I can't re-enable it no matter what I try (i.e. 'fixing' it with S&D then using the windows control panel etc.)

I suspect that there is a residual infection...

Here is a list of previous cleaned infections by S&D (all arrived after what I suspect was the virtumonde infection)
Microsoft.Windows.Explorer
Microsoft.WindowsSecurityCenter.RegistryTools
Microsoft.WindowsSecurityCenter_disabled
Win32.TDSS.rtk
PWS.LDPinchIE
RS32UPS.ru
Smitfraud-C.
Virtumonde
Virtumonde.generic
Virtumonde.prx
Virtumonde.sci
Win32.Winlagons.co
Zlob.Downloader

I enclosed a .txt file that shows the infection history according to Symantec. I've also included the names of the infections below.
SpywareGuard2008
Downloader
Hacktool.Rootkit
Packed.Generic.200
Trojan.Pandex
Backdoor.Graybird
Trojan.Zlob
Trojan Horse
Backdoor.Trojan
Trojan.Flush.K
Backdoor.IRC.Bot
Trojan.Metajuan
Trojan.Vundo
W32.Spybot.Worm


Here is my HJT log (while computer was running slowly):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:27:45 PM, on 22/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\V0510Mon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TweakWindow\TweakWin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ndroid\nDroid.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\PROGRA~1\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [V0510Mon.exe] C:\WINDOWS\V0510Mon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TweakWindow] C:\Program Files\TweakWindow\TweakWin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: nDroid.lnk = C:\Program Files\ndroid\nDroid.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {E52AB312-40DA-48CC-9E4C-A9F6EAF20273} (Montecarlo Simulation Library) - http://www.biocyb.cs.ucla.edu/montecarlo/m...arlo.components
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: crypt - C:\WINDOWS\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c8d7aba93fc0ea) (gupdate1c8d7aba93fc0ea) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\WINDOWS\system32\libusbd-nt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 15355 bytes

And here is my DDS log (*after a reboot):

DDS (Ver_09-03-16.01) - NTFSx86
Run by Teddy at 19:39:59.18 on 22/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2813.1823 [GMT -4:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\libusbd-nt.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\V0510Mon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TweakWindow\TweakWin.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ndroid\nDroid.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Teddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearch Page = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uSearch Bar = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
uDefault_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [TweakWindow] c:\program files\tweakwindow\TweakWin.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [Google Update] "c:\documents and settings\teddy\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: []
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\teddy\startm~1\programs\startup\ndroid.lnk - c:\program files\ndroid\nDroid.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.4.2\gears.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E52AB312-40DA-48CC-9E4C-A9F6EAF20273} - hxxp://www.biocyb.cs.ucla.edu/montecarlo/montecarlo.components
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Directory Opus Shell Execute Hook: {3cf9ece0-1a9f-11d2-8c73-00c06c2005de} - c:\program files\gpsoftware\directory opus\dopuslib.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\xxyxusrP

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\teddy\applic~1\mozilla\firefox\profiles\djw7oncx.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (English)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig|http://www.bleepingcomputer.com/forums/t/213149/stubborn-residual-spywareguard2008virtumondesmitfraud-infection/
FF - component: c:\documents and settings\teddy\application data\mozilla\firefox\profiles\djw7oncx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - plugin: c:\documents and settings\teddy\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\teddy\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\ace mega codecs pack\systems\realmedia\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2006\chem3d\npChem3DPlugin.dll
FF - plugin: c:\program files\cambridgesoft\chemoffice2006\chemdraw\NPCDP32.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\vlc\npvlc.dll

============= SERVICES / DRIVERS ===============

R1 Ext2fs;Ext2fs;c:\windows\system32\drivers\ext2fs.sys [2007-12-14 132736]
R1 IfsDrives;IfsDrives;c:\windows\system32\drivers\IfsDrives.sys [2007-12-14 4608]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-22 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-1-1 33792]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\naveng.sys [2009-3-20 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090320.003\navex15.sys [2009-3-20 876144]
R3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-1-30 254080]
R3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-1-30 7424]
S2 EZWRIT3;EZWRIT3;c:\windows\system32\drivers\ezwrit3.sys [2007-6-24 12672]
S2 gupdate1c8d7aba93fc0ea;Google Update Service (gupdate1c8d7aba93fc0ea);c:\program files\google\update\GoogleUpdate.exe [2008-7-16 133104]
S3 APLOADER;APLOADER;c:\windows\system32\drivers\ApLoader.SYS [2007-6-24 21376]
S3 CrystalSysInfo;CrystalSysInfo;c:\program files\mediacoder\SysInfo.sys [2007-9-25 15152]
S3 MSSQL$CAMBRIDGESOFT;MSSQL$CAMBRIDGESOFT;c:\program files\microsoft sql server\mssql$cambridgesoft\binn\sqlservr.exe -scambridgesoft --> c:\program files\microsoft sql server\mssql$cambridgesoft\binn\sqlservr.exe -sCAMBRIDGESOFT [?]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 SQLAgent$CAMBRIDGESOFT;SQLAgent$CAMBRIDGESOFT;c:\program files\microsoft sql server\mssql$cambridgesoft\binn\sqlagent.exe -i cambridgesoft --> c:\program files\microsoft sql server\mssql$cambridgesoft\binn\sqlagent.EXE -i CAMBRIDGESOFT [?]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 ZD1211BU(SMC);802.11g Wireless USB2.0 Adapter Driver(SMC);c:\windows\system32\drivers\ZD1211BU.sys [2006-8-24 477696]
S4 VKCZ;VKCZ;c:\docume~1\teddy\locals~1\temp\vkcz.exe --> c:\docume~1\teddy\locals~1\temp\VKCZ.exe [?]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-03-14 09:20 --d----- c:\docume~1\teddy\applic~1\DxO_Labs
2009-03-14 09:17 --d----- c:\docume~1\alluse~1\applic~1\DxO_Labs
2009-03-14 09:08 --d----- c:\windows\SxsCaPendDel
2009-03-05 14:44 --d----- c:\docume~1\teddy\applic~1\Broad Intelligence
2009-03-05 14:43 --d----- c:\program files\MediaCoder
2009-02-21 01:00 23,154,688 a------- c:\windows\system32\QXDQKD
2009-02-21 00:59 --d----- c:\program files\rootkit revealer

==================== Find3M ====================

2009-03-22 08:39 20 ----h--- c:\docume~1\alluse~1\applic~1\PKP_DLdw.DAT
2009-03-14 16:59 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-01 17:43 1,694 a------- c:\windows\system32\unins000.dat
2009-03-01 17:43 695,578 a------- c:\windows\system32\unins000.exe
2009-02-18 23:28 119,808 a------- C:\VundoFix.exe
2009-01-27 00:43 2,048 a------- c:\windows\system32\Tr_sttool.dat
2009-01-07 12:28 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-06 23:18 16,163 a------- c:\windows\W2BNEUnin.dat
2009-01-06 23:17 98,304 a------- c:\windows\W2BNEUnin.exe
2009-01-06 23:17 2,829 a------- c:\windows\W2BNEUnin.pif
2008-08-20 01:07 0 a------- c:\docume~1\alluse~1\applic~1\PKP_DLdy.DAT
2008-04-27 22:31 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-12-21 11:07 22,328 a------- c:\docume~1\teddy\applic~1\PnkBstrK.sys
2007-03-15 02:02 1,380 a------- c:\program files\POV-Ray 3.pov
2001-05-24 12:59 162,304 a------- c:\program files\UNWISE.EXE
2008-10-04 12:28 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100420081005\index.dat

============= FINISH: 19:40:32.67 ===============


The attach.txt is also available if necessary!

Thanks so much for your help... it is greatly appreciated! I can't imagine what it would be like if I had to reformat to clean this up...

[Edit: attached DDS log]

Attached Files


Edited by dnoz, 22 March 2009 - 06:45 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:21 AM

Posted 23 March 2009 - 10:10 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dnoz

dnoz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 March 2009 - 05:19 AM

Hello Sam!
Thank you so much for helping me. I followed your instructions as best I could.

OTListIt2 took several minutes while scanning ccEvtMgr. Also, the text in the program is huge (almost impossible to resize to see all the options), although I think that's unrelated.

Here are the settings I used:
Scan all users
Standard Output
Processes --> Use Safelist
Services --> Use Safelist
Drivers --> Use Safelist
File Scans -- File Age 30 days
Use Company Name Whitelist
File Created Within --> File Age
File Modified Within --> File Age
LOP Check NOT selected
Standard Registry --> Use Safelist

Here's the result (looks like I need to clean up my hosts file among other things...)

OTListIt logfile created on: 23/03/2009 9:20:27 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Teddy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.18% Memory free
4.00 Gb Paging File | 3.61 Gb Available in Paging File | 90.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.32 Gb Total Space | 6.16 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 577.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 151.37 Gb Total Space | 31.23 Gb Free Space | 20.63% Space Free | Partition Type: NTFS
Drive M: | 161.14 Gb Total Space | 108.25 Gb Free Space | 67.18% Space Free | Partition Type: NTFS
Drive N: | 153.25 Gb Total Space | 81.95 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
Drive R: | 1.89 Gb Total Space | 1.14 Gb Free Space | 60.23% Space Free | Partition Type: FAT
Drive V: | 46.93 Mb Total Space | 39.30 Mb Free Space | 83.75% Space Free | Partition Type: FAT

Computer Name: PHOENIX
Current User Name: Teddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/16 14:48:14 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/04/03 16:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/14 16:59:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/03/09 21:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
PRC - [2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/09/01 16:56:23 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2006/07/27 08:19:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/04/03 12:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2008/07/30 10:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/11/21 17:38:28 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/03/14 19:49:02 | 00,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/10/22 23:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/12/06 21:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0510Mon.exe
PRC - [2009/03/14 16:59:55 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/07/17 20:32:00 | 00,794,624 | ---- | M] (AbsoluteWay) -- C:\Program Files\TweakWindow\TweakWin.exe
PRC - [2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2008/10/17 07:24:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2005/08/04 03:42:00 | 00,528,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2008/05/25 03:09:42 | 00,519,300 | ---- | M] () -- C:\Program Files\ndroid\nDroid.exe
PRC - [2005/08/04 03:42:00 | 00,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2008/05/01 22:22:53 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/03/16 07:52:31 | 01,646,592 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2009/03/18 23:35:41 | 08,500,328 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2006/10/27 15:23:04 | 00,347,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
PRC - [2009/01/12 19:10:32 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2009/03/05 12:12:10 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/23 21:18:19 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Teddy\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/08 09:22:40 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/09/16 14:48:14 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/11/21 17:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/04/03 16:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/02/27 11:49:32 | 00,584,192 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server [On_Demand | Stopped])
SRV - [2008/05/01 22:22:53 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/09/01 16:56:23 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c8d7aba93fc0ea [Auto | Stopped])
SRV - [2008/04/07 19:16:26 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [On_Demand | Stopped])
SRV - [2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/14 16:59:55 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/03/09 21:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd [Auto | Running])
SRV - [2006/09/02 16:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -- (MSSQL$CAMBRIDGESOFT [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/10/23 15:19:06 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/12/21 11:07:15 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2007/02/12 17:23:10 | 00,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -- (SQLAgent$CAMBRIDGESOFT [On_Demand | Stopped])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/11/12 02:49:02 | 00,716,800 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - File not found -- -- (VKCZ [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/10/18 17:00:46 | 00,021,376 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\ApLoader.sys -- (APLOADER [On_Demand | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/02/27 03:02:06 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32 [System | Running])
DRV - [2008/07/22 10:21:06 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2006/03/09 08:25:00 | 00,143,872 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2008/09/16 14:48:14 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2007/09/25 10:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo [On_Demand | Stopped])
DRV - [2007/01/18 14:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2007/04/03 16:17:08 | 00,306,295 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/08/11 16:39:38 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/09/08 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/27 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/02/27 05:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/10/23 19:20:28 | 00,132,736 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ext2fs.sys -- (Ext2fs [System | Running])
DRV - [2006/01/12 15:00:38 | 00,012,672 | ---- | M] (USTC) -- C:\WINDOWS\System32\Drivers\ezwrit3.sys -- (EZWRIT3 [Auto | Stopped])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/07/28 08:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/09/25 01:28:08 | 00,004,608 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\IfsDrives.sys -- (IfsDrives [System | Running])
DRV - [2005/07/23 00:41:46 | 00,026,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2005/03/09 21:50:16 | 00,033,792 | ---- | M] () -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running])
DRV - [2007/06/04 12:28:30 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2005/07/23 00:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2009/03/16 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090320.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090320.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/01/15 09:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/08/03 06:40:40 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2006/08/03 06:40:46 | 00,089,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2004/08/10 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2004/08/10 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2000/03/06 12:00:00 | 00,126,882 | ---- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\omcamvid.sys -- (OVT511Plus [On_Demand | Stopped])
DRV - [2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/07 19:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2006/09/06 14:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2006/09/06 14:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/01/10 16:27:26 | 00,390,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2008/07/10 20:45:35 | 00,013,824 | ---- | M] (LoteSoft Co.) -- C:\WINDOWS\system32\DRIVERS\splitcam.sys -- (SPLITCAM [On_Demand | Running])
DRV - [2007/12/03 15:36:16 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/07/27 08:24:28 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2008/09/22 20:35:18 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/02/27 03:07:34 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2007/02/12 17:22:36 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/02/12 17:22:40 | 00,196,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2007/09/05 12:04:34 | 00,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
DRV - [2008/02/25 20:22:06 | 00,070,028 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\DRIVERS\trackca4.sys -- (trackcam4 [Auto | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/07/22 20:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/04/07 21:00:00 | 00,254,080 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0510Vid.sys -- (V0510Dev [On_Demand | Running])
DRV - [2007/03/05 06:45:04 | 00,007,424 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0510Vfx.sys -- (V0510Vfx [On_Demand | Running])
DRV - [2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2006/08/24 05:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(SMC) [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKU\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
IE - HKU\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-452987155-637209287-2244822485-1006\S-1-5-21-452987155-637209287-2244822485-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-452987155-637209287-2244822485-1006\S-1-5-21-452987155-637209287-2244822485-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (English)"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig|http://www.bleepingcomputer.com/forums/t/213149/stubborn-residual-spywareguard2008virtumondesmitfraud-infection/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.4.1.1
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.4.2
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {6DFBB324-D981-4f8c-A8D9-7E81F75F7D58}:0.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.4.3
FF - prefs.js..extensions.enabledItems: SmartMiddleClick@spiers:0.5.1.2
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.6
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2008/11/30 23:11:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/14 09:10:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/14 16:59:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/11 23:56:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/05 12:12:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0b2\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 2\COMPONENTS [2008/08/17 21:16:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0b2\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 2\PLUGINS [2009/01/22 00:10:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRA~1\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/18 23:35:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRA~1\MOZILLA THUNDERBIRD\PLUGINS [2009/01/22 00:10:40 | 00,000,000 | ---D | M]

[2009/03/05 14:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Extensions
[2009/03/05 14:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
[2008/05/23 17:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/23 00:00:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions
[2009/03/08 13:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2008/12/05 08:24:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{2c5693fc-cbf5-4310-8c58-fa879d4cc644}
[2009/02/09 00:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/07/09 13:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2008/07/12 14:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{6DFBB324-D981-4f8c-A8D9-7E81F75F7D58}
[2009/03/14 16:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/02/09 00:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/08 13:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/03/08 13:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/17 22:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/29 16:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/01/03 17:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/08/09 00:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/03/14 16:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\autopager@mozilla.org
[2008/09/15 20:17:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2008/12/26 17:45:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\SmartMiddleClick@spiers
[2008/01/16 08:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\snaplinks@snaplinks.net
[2007/05/21 18:55:02 | 00,001,068 | ---- | M] () -- C:\Documents and Settings\Teddy\Application Data\Mozilla\FireFox\Profiles\djw7oncx.default\searchplugins\wikipedia-english.xml
[2009/03/23 00:00:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/05 12:12:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/27 06:30:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/12 15:19:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/27 07:42:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/08/18 10:25:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/05/02 16:29:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/06/19 23:12:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/09/02 08:55:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/14 17:00:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/05 12:12:09 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 12:12:09 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/20 22:41:00 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (302794 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10438 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [V0510Mon.exe] C:\WINDOWS\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-452987155-637209287-2244822485-1006..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKU\S-1-5-21-452987155-637209287-2244822485-1006..\Run: [Google Update] "C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKU\S-1-5-21-452987155-637209287-2244822485-1006..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-452987155-637209287-2244822485-1006..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-452987155-637209287-2244822485-1006..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-452987155-637209287-2244822485-1006..\Run: [TweakWindow] C:\Program Files\TweakWindow\TweakWin.exe (AbsoluteWay)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Teddy\Start Menu\Programs\Startup\nDroid.lnk = C:\Program Files\ndroid\nDroid.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E52AB312-40DA-48CC-9E4C-A9F6EAF20273} http://www.biocyb.cs.ucla.edu/montecarlo/m...arlo.components (Montecarlo Simulation Library)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxusrP) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [1999/09/23 18:38:49 | 00,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/12/12 22:29:34 | 00,000,241 | ---- | M] () - V:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2006/12/12 22:29:34 | 00,000,241 | ---- | M] () - V:\AUTOEXEC.BAT -- [ FAT ]
O33 - MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\Shell\AutoRun\command - "" = tmf3w3g0.com
O33 - MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\Shell\explore\Command - "" = tmf3w3g0.com
O33 - MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\Shell\open\Command - "" = tmf3w3g0.com
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [1999/09/23 18:58:15 | 00,025,600 | R--- | M] ()
O33 - MountPoints2\{8897b99b-d2f2-11db-9844-0019b91b7ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{8897b99b-d2f2-11db-9844-0019b91b7ba0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8897b99b-d2f2-11db-9844-0019b91b7ba0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff1245bc-1433-11de-adf9-0019b91b7ba0}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/23 21:18:27 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\5v6k9q2j.exe
[2009/03/23 21:18:19 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Teddy\Desktop\OTListIt2.exe
[2009/03/22 22:01:35 | 01,920,202 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\surgery.rar
[2009/03/22 21:41:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Desktop\surgery
[2009/03/22 19:39:31 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\dds.scr
[2009/03/22 17:39:34 | 00,008,181 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\symantec risk history.csv
[2009/03/22 17:31:07 | 00,016,645 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\risk history.csv
[2009/03/17 22:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Desktop\burst laceration
[2009/03/14 09:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Application Data\DxO_Labs
[2009/03/14 09:17:25 | 00,000,953 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 5.3.2.lnk
[2009/03/14 09:17:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DxO_Labs
[2009/03/14 09:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/10 19:09:24 | 00,044,249 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\ted medicine eval.pdf
[2009/03/09 05:30:43 | 00,020,967 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\bhand.jpg
[2009/03/09 05:28:16 | 00,207,666 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\mhand.jpg
[2009/03/09 05:25:43 | 00,046,754 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\aface.gif
[2009/03/09 05:25:13 | 00,201,994 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\nface.jpg
[2009/03/06 03:13:38 | 31,214,787 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\Pixars.BURN-E.2008.HDRip.x264.mkv
[2009/03/05 14:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Local Settings\Application Data\Broad Intelligence
[2009/03/05 14:44:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Application Data\Broad Intelligence
[2009/03/05 14:43:38 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/03/01 19:05:42 | 00,040,931 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\ifiknockedyouup.jpg
[2009/03/01 19:00:55 | 00,015,468 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\bob.png
[2009/03/01 18:58:19 | 00,061,052 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\Bears on Board Logo.png
[2009/03/01 18:02:10 | 00,317,169 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\ted and panos.jpg
[2009/03/01 17:53:35 | 01,029,297 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\yale spring 05 128.jpg
[2009/02/26 20:19:10 | 00,236,064 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\walle-photo-1.jpg
[2009/02/23 19:59:11 | 69,504,239 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\Slides.zip

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/23 21:18:27 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\5v6k9q2j.exe
[2009/03/23 21:18:19 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Teddy\Desktop\OTListIt2.exe
[2009/03/22 22:16:42 | 00,134,656 | ---- | M] () -- C:\Documents and Settings\Teddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/22 22:01:37 | 01,920,202 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\surgery.rar
[2009/03/22 19:39:31 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\dds.scr
[2009/03/22 18:40:47 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/03/22 18:40:36 | 00,199,720 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/22 18:40:01 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/03/22 18:39:52 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/22 18:39:48 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/22 18:39:44 | 29,499,96544 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/22 18:24:33 | 04,245,138 | -H-- | M] () -- C:\Documents and Settings\Teddy\Local Settings\Application Data\IconCache.db
[2009/03/22 17:39:37 | 00,008,181 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\symantec risk history.csv
[2009/03/22 17:31:07 | 00,016,645 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\risk history.csv
[2009/03/22 09:57:31 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/22 08:39:21 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/03/14 09:34:02 | 01,615,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/14 09:17:25 | 00,000,953 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 5.3.2.lnk
[2009/03/14 09:01:13 | 00,533,582 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/14 09:01:13 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/14 09:01:13 | 00,080,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/14 07:22:02 | 00,302,794 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/10 19:09:24 | 00,044,249 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\ted medicine eval.pdf
[2009/03/09 05:30:44 | 00,020,967 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\bhand.jpg
[2009/03/09 05:28:16 | 00,207,666 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\mhand.jpg
[2009/03/09 05:25:43 | 00,046,754 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\aface.gif
[2009/03/09 05:25:14 | 00,201,994 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\nface.jpg
[2009/03/08 12:46:51 | 00,000,839 | ---- | M] () -- C:\WINDOWS\GMUD32.INI
[2009/03/01 19:05:43 | 00,040,931 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\ifiknockedyouup.jpg
[2009/03/01 19:00:56 | 00,015,468 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\bob.png
[2009/03/01 18:58:20 | 00,061,052 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\Bears on Board Logo.png
[2009/03/01 18:02:12 | 00,317,169 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\ted and panos.jpg
[2009/03/01 17:53:36 | 01,029,297 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\yale spring 05 128.jpg
[2009/03/01 17:43:34 | 00,001,694 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat
[2009/03/01 17:43:29 | 00,695,578 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe
[2009/02/26 20:19:12 | 00,236,064 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\walle-photo-1.jpg
[2009/02/23 20:00:35 | 69,504,239 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\Slides.zip

========== Alternate Data Streams ==========

@Alternate Data Stream - 922 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:h2mRk4ATaPzyEKqy2fXSM0HXdA
@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:359B3BDA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7DEC6B7
@Alternate Data Stream - 1081 bytes -> C:\Documents and Settings\Teddy\Local Settings\Application Data\652KAOCwCHCzJw:SZnkEqOKVFXUcOxI7t03T1rdWO
@Alternate Data Stream - 1078 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:lOPhj8AKtgTG3lkky7DeV1VO
< End of report >

And the extras.txt file:

OTListIt Extras logfile created on: 23/03/2009 9:20:27 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Teddy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.60 Gb Available Physical Memory | 80.18% Memory free
4.00 Gb Paging File | 3.61 Gb Available in Paging File | 90.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.32 Gb Total Space | 6.16 Gb Free Space | 2.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 577.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 151.37 Gb Total Space | 31.23 Gb Free Space | 20.63% Space Free | Partition Type: NTFS
Drive M: | 161.14 Gb Total Space | 108.25 Gb Free Space | 67.18% Space Free | Partition Type: NTFS
Drive N: | 153.25 Gb Total Space | 81.95 Gb Free Space | 53.48% Space Free | Partition Type: NTFS
Drive R: | 1.89 Gb Total Space | 1.14 Gb Free Space | 60.23% Space Free | Partition Type: FAT
Drive V: | 46.93 Mb Total Space | 39.30 Mb Free Space | 83.75% Space Free | Partition Type: FAT

Computer Name: PHOENIX
Current User Name: Teddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"" =
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2006/08/03 19:05:10 | 00,094,304 | ---- | M] () -- C:\Program Files\Logitech\Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[2007/11/19 13:57:06 | 05,696,568 | ---- | M] () -- C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application
[2007/11/19 13:57:20 | 00,537,944 | ---- | M] () -- C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2006/11/03 03:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
File not found -- C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
File not found -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
File not found -- C:\Program Files\Common Files\AOL\1172559711\EE\AOLServiceHost.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
File not found -- C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
[2008/04/13 20:12:28 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2007/05/19 18:30:12 | 00,216,064 | ---- | M] () -- C:\Program Files\BitTorrent_DNA\dna.exe:*:Enabled:DNA
[2007/03/01 19:11:22 | 00,043,008 | ---- | M] () -- C:\download\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
[2006/10/27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/10/27 15:37:44 | 00,338,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
[2006/10/27 15:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2007/08/30 17:43:18 | 04,670,704 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
[2007/08/30 17:43:18 | 00,091,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server
[2007/10/22 18:07:42 | 02,667,744 | ---- | M] (Crytek GmbH) -- C:\games\Crysis SP Demo\Bin32\Crysis.exe:*:Enabled:Crysis_32_sp_demo
[2008/04/13 14:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/10/25 01:11:24 | 04,674,784 | ---- | M] (Crytek GmbH) -- C:\games\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32
[2007/10/25 01:11:28 | 00,017,120 | ---- | M] (Crytek GmbH) -- C:\games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32
[2007/12/21 11:07:15 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA
[2007/12/21 11:07:20 | 00,103,736 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB
[2006/08/03 19:05:10 | 00,094,304 | ---- | M] () -- C:\Program Files\Logitech\Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[2007/11/14 23:55:46 | 00,056,320 | ---- | M] (SPSS Inc) -- C:\Program Files\SPSSInc\SPSS16\spss.exe:*:Disabled:SPSS 16.0 for Windows (1033:exe)
[2007/11/15 03:24:34 | 00,061,440 | ---- | M] (SPSS Inc.) -- C:\Program Files\SPSSInc\SPSS16\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor (1033)
[2007/11/14 23:56:36 | 00,069,632 | ---- | M] (SPSS Inc) -- C:\Program Files\SPSSInc\SPSS16\spss.com:*:Disabled:SPSS 16.0 for Windows (1033:com)
[2007/11/19 13:57:06 | 05,696,568 | ---- | M] () -- C:\Program Files\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe:*:Enabled:Rosetta Stone V3 Application
[2007/11/19 13:57:20 | 00,537,944 | ---- | M] () -- C:\Program Files\Rosetta Stone\Rosetta Stone V3\support\bin\win\RosettaStoneLtdServices.exe:*:Enabled:Rosetta Stone Ltd Services
[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/07/30 10:47:50 | 20,252,968 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
[2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
[2006/11/13 13:39:54 | 04,270,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[2009/01/12 20:17:50 | 03,782,128 | ---- | M] (Google) -- C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin
[2009/01/12 19:10:32 | 00,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin
[2009/01/16 01:53:30 | 60,167,392 | ---- | M] (EA Digital Illusions CE AB) -- C:\Program Files\EA Games\Mirror's Edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™
[2008/10/21 13:09:59 | 00,050,472 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
[2008/04/03 16:48:26 | 21,898,024 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis®
"{00718491-55BF-46C6-83EF-4B3B95AC807A}" = SplitCam
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{061CE7E5-0115-4BB6-8381-47C602B98C7D}" = ActivePerl 5.10.0 Build 1003
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{07D97136-A219-41FE-9FF9-E18C8A312A7E}" = ProCoder 3
"{084709F7-38C5-4609-B55F-2417939315EB}" = Adobe Premiere Pro
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0D801AB5-0CA0-4471-B2B6-B9F4A363EE9F}" = DxO Optics Pro Photoshop Import Plugin 2.0
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP520_series" = Canon MP520 series
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23773C74-EBEE-41FB-86ED-58B599A2B586}" = PTLens
"{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x32
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A9C3F41-DACA-37AB-84FB-2E6193C42151}" = Google Gears
"{2C294A0B-DF22-4023-B168-8C7645B10019}" = Adobe Setup
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{2E5A5B57-57FC-4C79-A239-9DB280ADEC2A}" = Microsoft RAW Image Thumbnailer and Viewer for Windows XP Version 1.0 (Build 50)
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{30433BBA-5358-4B41-817E-E694092DC178}" = Crazy Machines II
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{381EA1A3-3C6D-4927-B8ED-10CFD03CCE09}" = Epi Info
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3DE0053C-FD9A-483E-B7C9-B06E4392206E}" = iTunes
"{3E73284F-4184-4D0C-9517-FB7D01F33BCC}" = Theme Generator Smartphone
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}" = Apple Mobile Device Support
"{4B215C29-1A3E-4736-92AA-10C83FA56EB9}" = Adobe After Effects CS3 Presets
"{4EF35707-7052-4331-B8FD-549DB3922AD7}" = TMPGEnc DVD Author 3 with DivX Authoring
"{4FD05420-333C-4233-94A6-9759430D6C2A}" = Theme Generator V2
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{530AFAFF-6F0A-48BB-88D0-04F9658322D3}" = Adobe Premiere Elements 3.0 Tryout
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{556DF27F-5B74-11D5-B876-004005E12EF1}" = GPSoftware Directory Opus
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{586BE0D1-6175-4F0F-A072-951CFE0D7AF6}" = NDS GBM GBA Movie Player Converter Crystal Ver1.22
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A0D71BC-3AB0-4BC1-B241-CABE11EEE731}" = DxO Optics Pro 5.3.2
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D3C7413-67FB-4CB7-8652-97F05865075A}" = CambridgeSoft ENotebook 10.0
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{621025AE-3510-478E-BC27-1A647150976F}" = SPSS 16.0 for Windows
"{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP
"{69BA7792-853B-45A3-A29F-539C0D7A2A62}" = Myst Uru - Complete Chronicles
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6E384346-CD1C-4A00-9885-BC8E6A50ECB5}" = Need for Speed™ ProStreet Demo
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EACDDF4-4220-49A3-9204-984C86852C3D}" = Adobe Premiere Elements 3.0 Templates Tryout
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7472B5B4-3FB7-446F-BC78-6BBA506EC473}" = Opera 9.50
"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{786C5747-1437-443D-B06E-79A00FE45110}" = Adobe Stock Photos 1.0
"{7A2B077D-D7AC-4215-B0FB-5EA581E549E6}" = Windows Vista Upgrade Advisor
"{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}" = Borland Turbo C++
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87F7773C-EC9C-461A-AA7B-4AF8EF54DF49}" = EndNote X1
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8AF3FB06-BDA3-42A3-995C-308812D2F094}" = Adobe After Effects CS3
"{8C0302AB-28E3-43F4-8414-10B8E0954ED9}" = Setup
"{8D1CDFC9-792D-4345-9FFB-6D1E59ACF309}" = CambridgeSoft ChemDraw Ultra 10.0
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9064B17E-9FC9-439D-A4A0-668EC6AAFDEC}" = HDD Regenerator
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis® SP Demo
"{93CF9FA6-2A5E-4F8E-923E-F7D8741CB312}" = BabasChess
"{9757283E-3FCA-4F3D-9257-928859318E55}" = Microsoft Windows Theme Ontario
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9EDBB857-8028-49CD-B9C9-0B4D10CD1033}" = Nero 8
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EE4223-98B1-4874-BA6E-E8A574F9C0FF}" = Adobe Photoshop Lightroom 2.2
"{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}" = Hitman Blood Money
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B279F2F1-3B2F-3A96-AC11-5743CD43DCCB}" = Google Talk Plugin
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B74D4E10-0000-0000-0000-EDED00000102}" = Adobe ExtendScript Toolkit 1.0
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{B94C6815-7BCC-4124-AC39-9208A06FFFA7}" = Disney-Pixar WALL-E
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB81360F-041C-4CF7-B15E-71380D154244}" = Adobe Setup
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C39DE425-6CCF-4B12-A101-3CB5CF3AF3AD}" = Slideshow Generator Powertoy for Windows XP
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}" = Cisco Systems VPN Client 5.0.00.0340
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DE55D64B-BDDF-11D5-8470-000102EC3B09}" = ViewerLite 4.2
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (CAMBRIDGESOFT)
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F007CBCE-D714-4C0B-8CE9-9B0D78116468}" = ViewNX
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FA17A726-B229-4116-B793-A2AB1A4EAE2E}" = Adobe Premiere Pro 2.0
"{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}" = Broadcom Management Programs
"{FE96C49B-DB90-405E-A00E-09E38372F880}" = Camera Control Pro 2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFF6D5C-E2F1-4B40-BC89-8923312E89EB}}_is1" = ACE Mega CoDecS Pack
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"Adobe Premiere Pro 2.0" = Adobe Premiere Pro 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_32fdd767b4383606e8168e834af5d90" = Adobe Premiere Pro CS3
"Adobe_b7dd24a87e82dcf8af8876fd727b7cf" = Adobe After Effects CS3
"AIM_6" = AIM 6
"AoA DVD Ripper_is1" = AoA DVD Ripper
"ASIO4ALL" = ASIO4ALL
"AutoHotkey" = AutoHotkey 1.0.47.04
"Avidemux 2.4" = Avidemux 2.4
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"bb_is1" = RealDrums Bonus Set
"BitTorrent" = BitTorrent 5.0.7
"Breeze Designer" = Breeze Designer
"BulentsScreenRecorder3" = Bulent's Screen Recorder 3
"CamStudio" = CamStudio
"CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4
"CanonMyPrinter" = Canon My Printer
"CCProxy_is1" = CCProxy 6.6
"Character Set Converter 1.01" = Character Set Converter 1.01
"Cheat Engine 5.3_is1" = Cheat Engine 5.3
"CMUD" = CMUD 1.26
"DancingGorilla_is1" = DancingGorilla 1.1.4/1.06
"Descent_2_1.2_Vertigo" = Descent 2 1.2 Vertigo
"Descent3" = Descent 3
"Descent3 Mercenary" = Descent 3: Mercenary
"Digital Video Repair" = Digital Video Repair 1.0
"Drag 'n drop from Playlist Editor" = Drag 'n drop from Playlist Editor v2.0
"Dupe Checker PRO_is1" = Dupe Checker
"Duplicate File Remover" = Duplicate File Remover 1.2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"dvdSanta 4.50 - Make your own DVD movies!_is1" = dvdSanta 4.50
"Easy DVD Rip" = Easy DVD Rip
"EGL" = EGL
"eLocutor3.0" = eLocutor
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eraser" = Eraser
"ESPNMotion" = ESPNMotion
"Ext2Ifs_for_NT501" = Ext2 IFS 1.10c for Windows XP
"Faerie" = Faerie
"ffdshow_is1" = ffdshow [rev 1324] [2007-07-01]
"FileZilla" = FileZilla (remove only)
"FileZilla Server" = FileZilla Server (remove only)
"FL Studio 8" = FL Studio 8
"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.2
"Frets on Fire" = Frets On Fire
"Frets on Fire - Alarian mod 2.7" = Frets on Fire - Alarian mod 2.7
"Functional Neuroanatomy" = Functional Neuroanatomy
"g_ch_dict_001_is1" = Guitar Chord Dictionary
"Gaussian 03W" = Gaussian 03W
"GBA Media Version 1.3" = GBA Media Version 1.3
"Getleft_is1" = Getleft v1.2
"GSview 4.6" = GSview 4.6
"HijackThis" = HijackThis 2.0.2
"hp deskjet 5100 series_Driver" = hp deskjet 5100 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"IL Download Manager" = IL Download Manager
"InstallShield_{5D3C7413-67FB-4CB7-8652-97F05865075A}" = CambridgeSoft ENotebook 10.0
"InstallShield_{8D1CDFC9-792D-4345-9FFB-6D1E59ACF309}" = CambridgeSoft ChemDraw Ultra 10.0
"InstallShield_{E9AE9A91-AB45-4321-87BD-AD34855D944F}" = Chessmaster 10th Edition
"ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper
"JellyFish Light 3.5" = JellyFish Light 3.5
"JMC Mud client" = JMC Mud client
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"LOVE" = LOVE (remove only)
"LucasArts' X-Wing Alliance" = LucasArts' X-Wing Alliance
"MediaCoder" = MediaCoder 0.6.2
"MediaMonkey_is1" = MediaMonkey 2.5
"MestReC_is1" = MestReC 4.7.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.2.0
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Firefox (3.0b2)" = Mozilla Firefox (3.0b2)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"MP3 Book Helper_is1" = MP3 Book Helper version 2.3.4.24
"Mp3tag" = Mp3tag v2.38
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero 7 Lite_is1" = Nero Lite 7.8.5.0
"NI Anti Shareware" = NI Anti Shareware
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NM_is1" = NoteMatch
"NTFS Undelete_is1" = NTFS Undelete v0.93
"NVIDIA Drivers" = NVIDIA Drivers
"ObjectRescue Pro" = ObjectRescue Pro 4.5
"OpenAL" = OpenAL
"p_ch_dict_001_is1" = Piano Chord Dictionary
"PFrank_is1" = Peter's Flexible RenAmiNg Kit (PFrank) 2.19
"PG Music DirectX Plugins_is1" = PG Music DirectX Plugins 1.3.4.1
"Picasa 3" = Picasa 3
"Pixie_is1" = Pixie
"PoiZone" = PoiZone
"Poke" = Poke
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.1c
"PremElem30" = Adobe Premiere Elements 3.0 Tryout
"Privoxy" = Privoxy 3.0.6
"PS3 Media Center X" = PS3 Media Center X 0.92
"PS3 Video 9" = PS3 Video 9 2.25
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer Basic
"RealVNC_is1" = VNC Free Edition 4.1.2
"Rocketfish Live! Cam Center" = Rocketfish Live! Cam Center
"Rocketfish VF0510" = Rocketfish 2MP AF Webcam Driver (1.00.06.00)
"Rocketfish Webcam User's Guide" = Rocketfish Webcam User's Guide
"sancho" = sancho (remove only)
"Scratch" = Scratch
"SearchAssist" = SearchAssist
"SecondLife" = SecondLife (remove only)
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Sierra Utilities" = Sierra Utilities
"SoundCapture" = SoundCapture
"Spring" = Spring 0.78.2
"StepMania" = StepMania (remove only)
"Synaesthete_is1" = Synaesthete (v1.0)
"SystemRequirementsLab" = System Requirements Lab
"TmUnitedForever_is1" = TmUnitedForever
"Tor" = Tor 0.1.2.19
"TORCS - The Open Racing Car Simulator" = TORCS - The Open Racing Car Simulator 1.3.0
"Toxic Biohazard" = Toxic Biohazard
"TVersity Codec Pack" = TVersity Codec Pack 1.1
"TVersity Media Server " = TVersity Media Server 0.9.11.2a beta
"TweakWindow_is1" = TweakWindow
"uCentral" = uCentral
"Uninstall_is1" = Uninstall 1.0.0.0
"VDrift" = VDrift (remove only)
"Vidalia" = Vidalia 0.0.16
"ViewpointMediaPlayer" = Viewpoint Media Player
"vjpeg" = VJPEG Image Viewer (remove)
"VLC media player" = VLC media player 0.9.8a
"War2Combat_is1" = War2Combat 3.05
"Warcraft II BNE" = Warcraft II BNE
"Website Downloader_is1" = Website Downloader 1.17
"WIC" = Windows Imaging Component
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.41-rc1
"winpwn" = winpwn 2.0.0.4
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.0.7
"WinWolf3D" = WinWolf3D
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"X-Wing Install System" = X-Wing Install System 2.71
"Yahoo! Messenger" = Yahoo! Messenger
"You Don't Know Jack The Ride" = You Don't Know Jack The Ride
"zMUD" = zMUD 7.21.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"DNA" = DNA
"Spiderball4k" = Spiderball4k

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-452987155-637209287-2244822485-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"DNA" = DNA
"Spiderball4k" = Spiderball4k

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 23/03/2009 5:27:11 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:13 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:13 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:13 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:13 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:16 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:16 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:16 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:27:16 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

Error - 23/03/2009 5:29:05 PM | Computer Name = PHOENIX | Source = nview_info | ID = 11141121
Description =

[ OSession Events ]
Error - 17/11/2007 7:15:46 PM | Computer Name = PHOENIX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/09/2008 3:34:19 PM | Computer Name = PHOENIX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3584
seconds with 780 seconds of active time. This session ended with a crash.

Error - 11/09/2008 4:38:36 PM | Computer Name = PHOENIX | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3851
seconds with 420 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22/03/2009 6:40:25 PM | Computer Name = PHOENIX | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 22/03/2009 6:40:29 PM | Computer Name = PHOENIX | Source = Service Control Manager | ID = 7000
Description = The EZWRIT3 service failed to start due to the following error: %%1058

Error - 22/03/2009 6:40:29 PM | Computer Name = PHOENIX | Source = Service Control Manager | ID = 7000
Description = The TrackerCam Video Capture Driver 4.0 service failed to start due
to the following error: %%1058

Error - 22/03/2009 6:40:29 PM | Computer Name = PHOENIX | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 22/03/2009 6:40:44 PM | Computer Name = PHOENIX | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 22/03/2009 6:40:44 PM | Computer Name = PHOENIX | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 23/03/2009 6:40:10 PM | Computer Name = PHOENIX | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23/03/2009 6:40:10 PM | Computer Name = PHOENIX | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2

Error - 23/03/2009 6:40:46 PM | Computer Name = PHOENIX | Source = DCOM | ID = 10005
Description = DCOM got error "%2" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 23/03/2009 6:40:47 PM | Computer Name = PHOENIX | Source = Service Control Manager | ID = 7000
Description = The Background Intelligent Transfer Service service failed to start
due to the following error: %%2


< End of report >

I ran the second program, GMER. When it loaded it automatically ran this mini-scan. I clicked the >>> arrow and then "Rootkit", selected the options as you suggested, and then hit "Scan". This is taking a while (I've left it overnight and it's still not done.) I will post it when it's all done!

Thanks again!

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:21 AM

Posted 24 March 2009 - 01:53 PM

I do see some issues in your log, but we'll definitely want to get a look at that Gmer log when it's done running.

By the way, your hosts file is just fine. Those nasty sites listed there are actually blocked by your hosts file. As long as we don't see good sites listed there then it's doing it's job correctly.


Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

===============


Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKU\S-1-5-21-452987155-637209287-2244822485-1006\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [] File not found
    O20 - Winlogon\Notify\crypt: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
    O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\xxyxusrP) - File not found
    O33 - MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\Shell\AutoRun\command - "" = tmf3w3g0.com
    O33 - MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\Shell\explore\Command - "" = tmf3w3g0.com
    O33 - MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\Shell\open\Command - "" = tmf3w3g0.com
    
    :Files
    C:\Documents and Settings\Teddy\Desktop\5v6k9q2j.exe
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

================


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dnoz

dnoz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 March 2009 - 06:04 PM

Dear Sam,
Thank you for your continued support. I'm working on your new instructions -- and am still trying to complete the GMER scan. Unfortunately, when I came home today, I noticed that my computer had crashed (BSOD, KERNEL_STACK_INPAGE_ERROR STOP 0x00000077 (0x00000001, 0x00000000, 0x00000000, 0xAAA18C4C). I have the dump/sysdata available if it helps. I'm not sure if this is related to the scan or to the original problem. I suspect it might be related to the scan since I haven't had any of these crashes recently, and never one with this error code. Does GMER save its log as it goes? If so, I can recover it, else I'll have to do it again.

I will follow your new instructions, and when I have finished, I'll try doing the GMER scan again (hopefully it'll clean things up?).

Thanks!!!
Ted

#6 dnoz

dnoz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 25 March 2009 - 10:55 AM

I figured out why the text size was strange with OTListIt... it scales itself based on resolution. Since I have my desktop spanned over two monitors (effective resolution 5120x1600) it came out weird. Needed to change desktop resolution and then I could see all options.

I ran Javara then ran OTListIt with your patches.

Here is the log from the cleanup:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-452987155-637209287-2244822485-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\xxyxusrP deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315597b9-9b74-11dd-add7-0019b91b7ba0}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315597b9-9b74-11dd-add7-0019b91b7ba0}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{315597b9-9b74-11dd-add7-0019b91b7ba0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{315597b9-9b74-11dd-add7-0019b91b7ba0}\ not found.
File not found.
========== FILES ==========
C:\Documents and Settings\Teddy\Desktop\5v6k9q2j.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Teddy\Local Settings\Temp\hsperfdata_Teddy\3016 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Teddy\Local Settings\Temp\etilqs_BQycInFGslMCSa1viIPo scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Teddy\Local Settings\Temp\WCESLog.log scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\Google Gears for Firefox\localserver.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\Google Gears for Firefox\permissions.db scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.7.1 log created on 03252009_113312

Files moved on Reboot...
File C:\Documents and Settings\Teddy\Local Settings\Temp\hsperfdata_Teddy\3016 not found!
File C:\Documents and Settings\Teddy\Local Settings\Temp\etilqs_BQycInFGslMCSa1viIPo not found!
C:\Documents and Settings\Teddy\Local Settings\Temp\WCESLog.log moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_6c4.dat not found!
C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\Google Gears for Firefox\localserver.db moved successfully.
C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\Google Gears for Firefox\permissions.db moved successfully.
C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Teddy\Local Settings\Application Data\Mozilla\Firefox\Profiles\djw7oncx.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

And here is the log from the re-scan afterwards.

OTListIt logfile created on: 25/03/2009 11:41:41 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.7.1 Folder = C:\Documents and Settings\Teddy\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.98 Gb Available Physical Memory | 98.92% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 293.32 Gb Total Space | 8.03 Gb Free Space | 2.74% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 577.04 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 1.89 Gb Total Space | 1.14 Gb Free Space | 60.23% Space Free | Partition Type: FAT
Drive V: | 46.93 Mb Total Space | 39.30 Mb Free Space | 83.75% Space Free | Partition Type: FAT

Computer Name: PHOENIX
Current User Name: Teddy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/09/16 14:48:14 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/04/03 16:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2009/03/25 05:15:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2005/03/09 21:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
PRC - [2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2008/09/01 16:56:23 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2008/04/13 20:12:41 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
PRC - [2006/07/27 08:19:00 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2007/04/03 12:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 12:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/05/27 10:50:30 | 00,413,696 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2008/07/30 10:47:56 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2006/11/21 17:38:28 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/03/14 19:49:02 | 00,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/10/22 23:24:02 | 00,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/12/06 21:00:00 | 00,032,768 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0510Mon.exe
PRC - [2009/03/25 05:15:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2005/07/17 20:32:00 | 00,794,624 | ---- | M] (AbsoluteWay) -- C:\Program Files\TweakWindow\TweakWin.exe
PRC - [2007/04/03 18:29:15 | 00,165,784 | ---- | M] (DT Soft Ltd.) -- C:\Program Files\DAEMON Tools\daemon.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\wcescomm.exe
PRC - [2008/10/17 07:24:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2009/03/05 16:07:20 | 02,260,480 | -HS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2005/08/04 03:42:00 | 00,528,384 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/25 03:09:42 | 00,519,300 | ---- | M] () -- C:\Program Files\ndroid\nDroid.exe
PRC - [2005/08/04 03:42:00 | 00,028,160 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
PRC - [2008/05/01 22:22:53 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009/03/23 21:18:19 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Teddy\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/08 09:22:40 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2008/07/22 20:42:12 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/09/16 14:48:14 | 00,145,504 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe -- (bgsvcgen [Auto | Running])
SRV - [2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2006/11/21 17:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/04/03 16:18:08 | 01,516,584 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND [Auto | Running])
SRV - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2006/10/09 17:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 15:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2007/02/27 11:49:32 | 00,584,192 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server [On_Demand | Stopped])
SRV - [2008/05/01 22:22:53 | 00,658,432 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/09/01 16:56:23 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c8d7aba93fc0ea [Auto | Stopped])
SRV - [2008/04/07 19:16:26 | 00,136,120 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006/01/05 00:06:02 | 00,163,840 | ---- | M] (Alex Feinman) -- C:\Program Files\ISO Recorder\ImapiHelper.exe -- (Imapi Helper [On_Demand | Stopped])
SRV - [2008/07/30 10:47:48 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/25 05:15:07 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2005/03/09 21:50:18 | 00,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd [Auto | Running])
SRV - [2006/09/02 16:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2005/08/05 15:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2004/08/10 06:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2002/12/17 17:26:22 | 07,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlservr.exe -- (MSSQL$CAMBRIDGESOFT [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2007/09/20 09:51:46 | 00,853,288 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/10/23 15:19:06 | 00,382,248 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2009/01/15 09:19:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/12/21 11:07:15 | 00,066,872 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA [Disabled | Stopped])
SRV - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2007/02/12 17:23:10 | 00,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$CAMBRIDGESOFT\Binn\sqlagent.EXE -- (SQLAgent$CAMBRIDGESOFT [On_Demand | Stopped])
SRV - [2007/05/28 12:57:54 | 00,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE [Auto | Running])
SRV - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2007/11/12 02:49:02 | 00,716,800 | ---- | M] () -- C:\Program Files\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - File not found -- -- (VKCZ [Disabled | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:46:20 | 00,048,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\61883.sys -- (61883 [On_Demand | Stopped])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 14:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/10/18 17:00:46 | 00,021,376 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\ApLoader.sys -- (APLOADER [On_Demand | Stopped])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/02/27 03:02:06 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [1999/09/10 12:06:00 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (ASPI32 [System | Running])
DRV - [2008/07/22 10:21:06 | 00,278,984 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\atksgt.sys -- (atksgt [Auto | Running])
DRV - [2008/04/13 14:46:20 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\avc.sys -- (Avc [On_Demand | Stopped])
DRV - [2006/03/09 08:25:00 | 00,143,872 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2008/09/16 14:48:14 | 00,033,408 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv [System | Running])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2007/09/25 10:59:46 | 00,015,152 | ---- | M] () -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo [On_Demand | Stopped])
DRV - [2007/01/18 14:28:02 | 00,005,275 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\CVirtA.sys -- (CVirtA [On_Demand | Stopped])
DRV - [2007/04/03 16:17:08 | 00,306,295 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\Drivers\CVPNDRVA.sys -- (CVPNDRVA [Auto | Running])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2004/08/11 16:39:38 | 00,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\WINDOWS\System32\Drivers\DgiVecp.sys -- (DgiVecp [Auto | Stopped])
DRV - [2005/09/08 07:20:00 | 00,025,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2005/08/25 14:16:52 | 00,005,628 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2005/09/08 07:20:00 | 00,002,496 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLADResN.SYS -- (DLADResN [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,086,524 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,014,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,006,364 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2005/08/25 14:16:16 | 00,022,684 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS -- (DLARTL_N [System | Running])
DRV - [2005/09/08 07:20:00 | 00,094,332 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2005/09/08 07:20:00 | 00,087,036 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2007/01/31 13:45:06 | 00,127,376 | ---- | M] (Deterministic Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\dne2000.sys -- (DNE [On_Demand | Running])
DRV - [2005/09/12 05:30:00 | 00,089,264 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2005/08/12 07:20:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2009/02/27 05:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl [System | Running])
DRV - [2009/03/16 04:00:00 | 00,101,936 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv [On_Demand | Running])
DRV - [2006/10/23 19:20:28 | 00,132,736 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\ext2fs.sys -- (Ext2fs [System | Running])
DRV - [2006/01/12 15:00:38 | 00,012,672 | ---- | M] (USTC) -- C:\WINDOWS\System32\Drivers\ezwrit3.sys -- (EZWRIT3 [Auto | Stopped])
DRV - [2008/01/29 12:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/07/28 08:18:40 | 00,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock [Auto | Running])
DRV - [2008/04/13 12:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/09/25 01:28:08 | 00,004,608 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\IfsDrives.sys -- (IfsDrives [System | Running])
DRV - [2005/07/23 00:41:46 | 00,026,112 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LHidKE.Sys -- (LHidKe [On_Demand | Running])
DRV - [2005/03/09 21:50:16 | 00,033,792 | ---- | M] () -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0 [On_Demand | Running])
DRV - [2007/06/04 12:28:30 | 00,018,048 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Running])
DRV - [2005/07/23 00:41:42 | 00,068,864 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\DRIVERS\LMouKE.Sys -- (LMouKE [On_Demand | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2008/04/13 14:46:09 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\msdv.sys -- (MSDV [On_Demand | Stopped])
DRV - [2009/03/16 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090320.003\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/03/16 04:00:00 | 00,876,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090320.003\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2009/01/15 09:19:00 | 06,301,248 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/08/03 06:40:40 | 00,105,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2006/08/03 06:40:46 | 00,089,344 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvraid.sys -- (nvraid [Boot | Running])
DRV - [2008/04/13 14:56:06 | 00,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys -- (NwlnkIpx [Auto | Running])
DRV - [2004/08/10 07:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnknb.sys -- (NwlnkNb [Auto | Running])
DRV - [2004/08/10 07:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys -- (NwlnkSpx [Auto | Running])
DRV - [2000/03/06 12:00:00 | 00,126,882 | ---- | M] (OmniVision Technologies, Inc.) -- C:\WINDOWS\System32\Drivers\omcamvid.sys -- (OVT511Plus [On_Demand | Stopped])
DRV - [2003/08/11 10:07:46 | 00,014,604 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/10 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/04/07 19:16:45 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2006/09/06 14:41:20 | 00,337,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT [System | Running])
DRV - [2006/09/06 14:41:20 | 00,054,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL [System | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2008/04/13 14:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/01/10 16:27:26 | 00,390,744 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv [System | Running])
DRV - [2008/07/10 20:45:35 | 00,013,824 | ---- | M] (LoteSoft Co.) -- C:\WINDOWS\system32\DRIVERS\splitcam.sys -- (SPLITCAM [On_Demand | Running])
DRV - [2007/12/03 15:36:16 | 00,685,816 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2006/07/27 08:24:28 | 01,171,464 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2008/09/22 20:35:18 | 00,110,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\Drivers\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2007/02/27 03:07:34 | 00,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd [Auto | Running])
DRV - [2007/02/12 17:22:36 | 00,024,720 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2007/02/12 17:22:40 | 00,196,752 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI [System | Running])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2007/09/05 12:04:34 | 00,079,408 | ---- | M] (PACE Anti-Piracy, Inc.) -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd [Boot | Running])
DRV - [2008/02/25 20:22:06 | 00,070,028 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\DRIVERS\trackca4.sys -- (trackcam4 [Auto | Stopped])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/07/22 20:32:44 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/13 14:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2008/04/13 14:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2008/04/07 21:00:00 | 00,254,080 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0510Vid.sys -- (V0510Dev [On_Demand | Running])
DRV - [2007/03/05 06:45:04 | 00,007,424 | R--- | M] (EyePower Games Pte. Ltd.) -- C:\WINDOWS\system32\DRIVERS\V0510Vfx.sys -- (V0510Vfx [On_Demand | Running])
DRV - [2005/01/26 08:22:20 | 00,280,344 | ---- | M] (Zone Labs LLC) -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant [On_Demand | Stopped])
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys -- (wanatw [On_Demand | Stopped])
DRV - [2006/08/24 05:44:14 | 00,477,696 | ---- | M] (ZyDAS Technology Corporation) -- C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys -- (ZD1211BU(SMC) [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=3070227
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (English)"
FF - prefs.js..browser.startup.homepage: "http://www.google.ca/ig|http://www.bleepingcomputer.com/forums/t/213149/stubborn-residual-spywareguard2008virtumondesmitfraud-infection/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.1
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.4.1.1
FF - prefs.js..extensions.enabledItems: en-CA@dictionaries.addons.mozilla.org:1.1.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.0
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.4.2
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090207
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}:6.0.06
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {6DFBB324-D981-4f8c-A8D9-7E81F75F7D58}:0.6
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.1
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.4.3
FF - prefs.js..extensions.enabledItems: SmartMiddleClick@spiers:0.5.1.2
FF - prefs.js..extensions.enabledItems: {4776510a-a1f4-41f3-a3c8-35b474ecef23}:1.0.6
FF - prefs.js..extensions.enabledItems: {e0204bd5-9d31-402b-a99d-a6aa8ffebdca}:1.2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2008/11/30 23:11:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/03/14 09:10:46 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/25 05:15:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/03/11 23:56:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/03/05 12:12:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0b2\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 2\COMPONENTS [2008/08/17 21:16:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0b2\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX 3 BETA 2\PLUGINS [2009/01/22 00:10:40 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRA~1\MOZILLA THUNDERBIRD\COMPONENTS [2009/03/18 23:35:41 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRA~1\MOZILLA THUNDERBIRD\PLUGINS [2009/01/22 00:10:40 | 00,000,000 | ---D | M]

[2009/03/05 14:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Extensions
[2009/03/05 14:52:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Extensions\{ae2cff10-0d52-4066-8be9-4abcf119fa79}
[2008/05/23 17:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 05:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions
[2009/03/08 13:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2008/12/05 08:24:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{2c5693fc-cbf5-4310-8c58-fa879d4cc644}
[2009/02/09 00:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008/07/09 13:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{4776510a-a1f4-41f3-a3c8-35b474ecef23}
[2008/07/12 14:26:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{6DFBB324-D981-4f8c-A8D9-7E81F75F7D58}
[2009/03/14 16:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009/02/09 00:43:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/08 13:03:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/03/08 13:03:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/01/17 22:53:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/10/29 16:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/01/03 17:04:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2008/08/09 00:53:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}
[2009/03/14 16:51:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\autopager@mozilla.org
[2008/09/15 20:17:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\en-CA@dictionaries.addons.mozilla.org
[2008/12/26 17:45:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\SmartMiddleClick@spiers
[2008/01/16 08:07:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Teddy\Application Data\mozilla\Firefox\Profiles\djw7oncx.default\extensions\snaplinks@snaplinks.net
[2007/05/21 18:55:02 | 00,001,068 | ---- | M] () -- C:\Documents and Settings\Teddy\Application Data\Mozilla\FireFox\Profiles\djw7oncx.default\searchplugins\wikipedia-english.xml
[2009/03/25 05:45:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/05 12:12:10 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/27 06:30:17 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/12 15:19:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/27 07:42:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/08/18 10:25:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/05/02 16:29:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/06/19 23:12:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/09/02 08:55:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/25 05:15:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/03/05 12:12:09 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/05 12:12:09 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/05/29 10:24:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/05/29 10:24:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/05/29 10:24:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/20 22:41:00 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/05/29 10:24:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/05/29 10:24:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/05/29 10:24:14 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (302794 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10438 more lines...
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon (CANON INC.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install ()
O4 - HKLM..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [V0510Mon.exe] C:\WINDOWS\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.)
O4 - HKCU..\Run: [Google Update] "C:\Documents and Settings\Teddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (Google Inc.)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TweakWindow] C:\Program Files\TweakWindow\TweakWin.exe (AbsoluteWay)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\Teddy\Start Menu\Programs\Startup\nDroid.lnk = C:\Program Files\ndroid\nDroid.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [NWLink IPX/SPX/NetBIOS Compatible Transport Protocol] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/Facebo...toUploader5.cab (Facebook Photo Uploader 5)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E52AB312-40DA-48CC-9E4C-A9F6EAF20273} http://www.biocyb.cs.ucla.edu/montecarlo/m...arlo.components (Montecarlo Simulation Library)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab (DownloadManager Control)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll (GP Software)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [1999/09/23 18:38:49 | 00,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2006/12/12 22:29:34 | 00,000,241 | ---- | M] () - V:\AUTOEXEC.UP -- [ FAT ]
O32 - AutoRun File - [2006/12/12 22:29:34 | 00,000,241 | ---- | M] () - V:\AUTOEXEC.BAT -- [ FAT ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- [1999/09/23 18:58:15 | 00,025,600 | R--- | M] ()
O33 - MountPoints2\{8897b99b-d2f2-11db-9844-0019b91b7ba0}\Shell - "" = AutoRun
O33 - MountPoints2\{8897b99b-d2f2-11db-9844-0019b91b7ba0}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8897b99b-d2f2-11db-9844-0019b91b7ba0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{ff1245bc-1433-11de-adf9-0019b91b7ba0}\Shell\AutoRun\command - "" = H:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/03/25 05:46:04 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/03/25 05:08:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Desktop\javara
[2009/03/24 18:52:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Desktop\most recent crash
[2009/03/23 21:18:19 | 00,499,200 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Teddy\Desktop\OTListIt2.exe
[2009/03/22 22:01:35 | 01,920,202 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\surgery.rar
[2009/03/22 21:41:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Desktop\surgery
[2009/03/22 19:39:31 | 00,360,002 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\dds.scr
[2009/03/22 17:39:34 | 00,008,181 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\symantec risk history.csv
[2009/03/22 17:31:07 | 00,016,645 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\risk history.csv
[2009/03/17 22:01:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Desktop\burst laceration
[2009/03/14 09:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Application Data\DxO_Labs
[2009/03/14 09:17:25 | 00,000,953 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 5.3.2.lnk
[2009/03/14 09:17:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DxO_Labs
[2009/03/14 09:08:30 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/03/10 19:09:24 | 00,044,249 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\ted medicine eval.pdf
[2009/03/09 05:30:43 | 00,020,967 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\bhand.jpg
[2009/03/09 05:28:16 | 00,207,666 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\mhand.jpg
[2009/03/09 05:25:43 | 00,046,754 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\aface.gif
[2009/03/09 05:25:13 | 00,201,994 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\nface.jpg
[2009/03/06 03:13:38 | 31,214,787 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\Pixars.BURN-E.2008.HDRip.x264.mkv
[2009/03/05 14:52:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Local Settings\Application Data\Broad Intelligence
[2009/03/05 14:44:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Teddy\Application Data\Broad Intelligence
[2009/03/05 14:43:38 | 00,000,000 | ---D | C] -- C:\Program Files\MediaCoder
[2009/03/01 19:05:42 | 00,040,931 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\ifiknockedyouup.jpg
[2009/03/01 19:00:55 | 00,015,468 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\bob.png
[2009/03/01 18:58:19 | 00,061,052 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\Bears on Board Logo.png
[2009/03/01 18:02:10 | 00,317,169 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\ted and panos.jpg
[2009/03/01 17:53:35 | 01,029,297 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\yale spring 05 128.jpg
[2009/02/26 20:19:10 | 00,236,064 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\walle-photo-1.jpg
[2009/02/23 19:59:11 | 69,504,239 | ---- | C] () -- C:\Documents and Settings\Teddy\Desktop\Slides.zip

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/03/25 11:38:36 | 00,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2009/03/25 11:38:28 | 00,199,720 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/25 11:37:14 | 08,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2009/03/25 11:37:06 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/25 11:37:02 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/25 11:36:57 | 29,499,96544 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/25 10:00:51 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/03/25 10:00:50 | 00,142,336 | ---- | M] () -- C:\Documents and Settings\Teddy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/25 05:19:12 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2009/03/23 21:18:19 | 00,499,200 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Teddy\Desktop\OTListIt2.exe
[2009/03/22 22:01:37 | 01,920,202 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\surgery.rar
[2009/03/22 19:39:31 | 00,360,002 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\dds.scr
[2009/03/22 18:24:33 | 04,245,138 | -H-- | M] () -- C:\Documents and Settings\Teddy\Local Settings\Application Data\IconCache.db
[2009/03/22 17:39:37 | 00,008,181 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\symantec risk history.csv
[2009/03/22 17:31:07 | 00,016,645 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\risk history.csv
[2009/03/14 09:34:02 | 01,615,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/14 09:17:25 | 00,000,953 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DxO Optics Pro 5.3.2.lnk
[2009/03/14 09:01:13 | 00,533,582 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/14 09:01:13 | 00,463,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/14 09:01:13 | 00,080,260 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/14 07:22:02 | 00,302,794 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/03/10 19:09:24 | 00,044,249 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\ted medicine eval.pdf
[2009/03/09 05:30:44 | 00,020,967 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\bhand.jpg
[2009/03/09 05:28:16 | 00,207,666 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\mhand.jpg
[2009/03/09 05:25:43 | 00,046,754 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\aface.gif
[2009/03/09 05:25:14 | 00,201,994 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\nface.jpg
[2009/03/08 12:46:51 | 00,000,839 | ---- | M] () -- C:\WINDOWS\GMUD32.INI
[2009/03/01 19:05:43 | 00,040,931 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\ifiknockedyouup.jpg
[2009/03/01 19:00:56 | 00,015,468 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\bob.png
[2009/03/01 18:58:20 | 00,061,052 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\Bears on Board Logo.png
[2009/03/01 18:02:12 | 00,317,169 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\ted and panos.jpg
[2009/03/01 17:53:36 | 01,029,297 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\yale spring 05 128.jpg
[2009/03/01 17:43:34 | 00,001,694 | ---- | M] () -- C:\WINDOWS\System32\unins000.dat
[2009/03/01 17:43:29 | 00,695,578 | ---- | M] () -- C:\WINDOWS\System32\unins000.exe
[2009/02/26 20:19:12 | 00,236,064 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\walle-photo-1.jpg
[2009/02/23 20:00:35 | 69,504,239 | ---- | M] () -- C:\Documents and Settings\Teddy\Desktop\Slides.zip

========== Alternate Data Streams ==========

@Alternate Data Stream - 218 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:359B3BDA
@Alternate Data Stream - 1583 bytes -> C:\Documents and Settings\Teddy\Local Settings\Application Data\652KAOCwCHCzJw:SZnkEqOKVFXUcOxI7t03T1rdWO
@Alternate Data Stream - 1566 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:lOPhj8AKtgTG3lkky7DeV1VO
@Alternate Data Stream - 1511 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:h2mRk4ATaPzyEKqy2fXSM0HXdA
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C7DEC6B7
< End of report >

Running Kaspersky now, will update when it's done, then will try GMER again! :thumbup2:
Thanks,
~Ted

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:21 AM

Posted 25 March 2009 - 03:03 PM

Ok, just post those logs when you have them and let me know how things are working.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 dnoz

dnoz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 25 March 2009 - 06:58 PM

Hey Sam!
The Kaspersky scan just finished. It found a few things, but I don't think any are significant. Many are from Symantec's quarantine, some are from an old mail archive that is no longer active (from another computer), and a few are legitimate programs.
I've pasted the report and have attached the .htm summary.

File name Threat name Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\044C0000\4CDC3F55.VBN Infected: Trojan.Win32.Genome.vbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\044C0001\4CDE16BA.VBN Infected: Trojan.Win32.Genome.vbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0000\4DFF6707.VBN Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0001\4DFF6711.VBN Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0002\4DFF6777.VBN Infected: Packed.Win32.Tdss.c 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0C6C0003\4DFF790D.VBN Infected: Rootkit.Win32.TDSS.gwh 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EEC0000\4FFD790B.VBN Infected: Trojan.Win32.Small.bqt 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0EEC0001\4FFD7DAE.VBN Infected: Trojan.Win32.Genome.vbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12C4000C.VBN Infected: Trojan.Win32.Genome.vbc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12C4000D.VBN Infected: Trojan.Win32.Genome.vbc 1
C:\download\ccproxysetup.exe Infected: Trojan.Win32.Small.bqt 1
C:\download\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\download\testdisk-6.6\win\Documents and Settings\tjc32\Application Data\Thunderbird\Profiles\elhllsfh.default\Copy of Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\download\testdisk-6.6\win\Documents and Settings\tjc32\Application Data\Thunderbird\Profiles\elhllsfh.default\Copy of Mail\localhost\Inbox Infected: Trojan.JS.Redirector.b 8
C:\download\testdisk-6.6\win\Documents and Settings\tjc32\Application Data\Thunderbird\Profiles\elhllsfh.default\Copy of Mail\localhost\Trash Infected: Trojan.JS.Redirector.b 78
C:\download\testdisk-6.6\win\Documents and Settings\tjc32\My Documents\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1

I didn't delete any of these files. Let me know if you'd like me to. I'm going to do a clean reboot then try GMER again.
Thanks,
~Ted

Attached Files



#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:21 AM

Posted 25 March 2009 - 07:15 PM

Make sure that you delete this file.

C:\download\ccproxysetup.exe


All the others, as you've noted, are insignificant.


How is your computer behaving now? Any issues?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 dnoz

dnoz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 25 March 2009 - 08:14 PM

Deleted the file -- it's actually CC Proxy, from http://www.youngzsoft.net/ccproxy/ so I don't think it's malignant, but since I don't use it, might as well eliminate it.

The computer is behaving well so far -- but I haven't stressed it much since I haven't been using it much. Unfortunately, I still can't turn on windows update yet.

The GMER report will probably take at least until tomorrow morning/afternoon.

Thanks again -- I really appreciate all the effort you've put into my problem!
~Ted

Edited by dnoz, 25 March 2009 - 08:17 PM.


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:21 AM

Posted 26 March 2009 - 02:03 PM

The Gmer log is not an absolute necessity at this point if things appear to be running better. Tell me more about the problems you are having with Windows Update.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 dnoz

dnoz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 26 March 2009 - 02:05 PM

At some point my ability to turn on windows update stopped -- I think it had to do with vundo.
Trying to reactivate it results in the message:
"We're sorry. The Security Center could not change your Automatic Updates settings. To try changing these settings yourself, go to System in Control Panel. On the Automatic Updates tab, select Automatic (recommended), and then click ok."

But when I do that, it doesn't clear the red shield on the taskbar, nor does it let me update.

And to add, in the control panel's "System", it does show that windows update is activated, and automatic -- but in reality it isn't (I don't get updates; it doesn't look for them, download them, or install them).

Edited by dnoz, 26 March 2009 - 02:06 PM.


#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:21 AM

Posted 26 March 2009 - 02:47 PM

Download Dial-A-Fix.
Unzip the folder found in the archive to a place you can remember. For example: C:\DialAFix
Then follow the steps below.
  • Browse to the folder where you saved Dial-A-Fix.
  • Open Dial-a-fix.exe
  • Tick the following boxes:
    Empty temp folders
    Fix Windows Update
  • In the bottom left press the GO Button.
Note that ticking a box might tick others too. Leave them ticked!


Reboot and check to see if there's any difference.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 dnoz

dnoz
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 26 March 2009 - 02:52 PM

Thank you for the suggestion!

I ran the program as suggested, and got these errors. The rest progressed normally.

--------------------------------------------------------------------------------
Error -2147024891 was encountered while trying to unregister c:\WINDOWS\system32\wuaueng.dll. The error text is: Access is denied. Dial-a-fix currently has no suggestions for this error code. Please email dial-a-fix@DjLizard.net with a copy of the log pane and any details you can provide about this error.

An error occured during registration of the file: C:\WINDOWS\system32\wuaueng.dll (version 7.2.6001.788). The next dialog will contain an error code and possible suggestions.

Error 0x80070005: 'Access Denied'. It is suggested that you run "Repair permissions" which is found in the Tools dialog. Windows XP Home users will need secedit.exe to perform the repair - http://DjLizard.net/software/secedit-sfx.exe
--------------------------------------------------------------------------------

Unfortunately that looks like the windows update module...should I try again in safe mode?

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:21 AM

Posted 26 March 2009 - 03:02 PM

Click on the little hammer at the bottom.
Select "Repair permissions" and click Go.

Then go back and select Fix Windows Update again.

Any luck?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users