Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit/Trojan.TDSS Help


  • This topic is locked This topic is locked
13 replies to this topic

#1 Todd Nelson

Todd Nelson

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 04 July 2009 - 09:54 AM

I've taken several steps to get rid of a Trojan.TDSS on this machine. Every step has seemed to produce some improvement, but AV software is still detecting Trojan files.

Here are the steps I took:

1. Installed bad software. I know - I should have been taking the following precautions before-hand, but here I am.
2. Got the error : jqsnotify.exe - Entry Point Not Found : The procedure entry point ??_V@YAXPAX@Z could not be located in the dynamic link library msvcrt.dll when launching Firefox. Tried to launch Chrome and it would just crash.
3. Removed software and suspicious Registry entries with Crap Cleaner.
4. Reboot. Firefox now works, takes me to strange search engines when clicking on Google links. Chrome works.
5. Install and run Malwarebytes (a version that I purchased). This where I learn of the Rootkit. Reboot.
6. Tried McAffee Rootkit Detective. Renamed Rootkit files. Reboot.
7. Installed ZA Firewall. Noticed jqsnotify.exe is still trying to launch every time I launch Firefox.
8. Ran SDFix as well (followed instructions).
9. Firefox seems fine, but...
10. AV software is still detecting C:\WINDOWS\system32\kungsfyhkrnwtu.dll.VIR this morning.

Here is the DDS log and an attachment. I hope I've followed the forum process.


DDS (Ver_09-06-26.01) - NTFSx86  Run by Todd at 10:25:14.09 on Sat 07/04/2009Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3070.2210 [GMT -4:00]AV: AntiVir Desktop *On-access scanning enabled* (Updated)   {AD166499-45F9-482A-A743-FDD3350758C7}FW: ZoneAlarm Firewall *enabled*   {829BDA32-94B3-44F4-8446-F8FCFF809F8B}============== Running Processes ===============C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost -k DcomLaunchsvchost.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\Program Files\Windows SteadyState\SCTSvc.exeC:\WINDOWS\system32\svchost.exe -k WudfServiceGroupC:\WINDOWS\system32\Ati2evxx.exesvchost.exesvchost.exeC:\WINDOWS\system32\ZoneLabs\vsmon.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Avira\AntiVir Desktop\sched.exesvchost.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exesvchost.exeC:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXEC:\WINDOWS\system32\inetsrv\inetinfo.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exeC:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exeC:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\WINDOWS\system32\svchost.exe -k imgsvcC:\Program Files\VMware\VMware Workstation\vmware-authd.exeC:\WINDOWS\system32\vmnat.exec:\WINDOWS\system32\ZuneBusEnum.exeC:\WINDOWS\system32\vmnetdhcp.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exeC:\Progra~1\CrossLoop\CrossLoopConnect.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\Zone Labs\ZoneAlarm\zlclient.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\uTorrent\uTorrent.exeC:\Program Files\Google\Google Talk\googletalk.exeC:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exeC:\Program Files\Orbitdownloader\orbitdm.exeC:\Program Files\Orbitdownloader\orbitnet.exeC:\Downloads\dds.scr============== Pseudo HJT Report ===============uStart Page = hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local;<local>uURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dllmURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dllmURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dllBHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dllBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllBHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dllBHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dllBHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dllBHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllBHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dllTB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dllTB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dllTB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dllTB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\documents and settings\todd\application data\mozilla\firefox\profiles\u190l8lp.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dllEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silentuRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exeuRun: [F-Secure Online Backup] "c:\program files\f-secure online backup\f-secure online backup\fsolb-us.exe" /delayeduRun: [Google Update] "c:\documents and settings\todd\local settings\application data\google\update\GoogleUpdate.exe" /cmRun: [UnlockerAssistant] c:\program files\unlocker\UnlockerAssistant.exe -HmRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartupmRun: [nwiz] nwiz.exe /installmRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /minmRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottimemRun: [Logoff] c:\program files\windows steadystate\SCTUINotify.exemRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe"  /autorunmRun: [CrossLoop] c:\progra~1\crossloop\CrossLoopConnect.exe -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com -startup=server -minimizemRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"mRun: [SDFix] c:\sdfix\RunThis.bat /seconddRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRundRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeStartupFolder: c:\docume~1\todd\startm~1\programs\startup\dropbox.lnk - c:\program files\dropbox\Dropbox.exemPolicies-system: HideFastUserSwitching = 1 (0x1)IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204IE: &SearchIE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.htmlIE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.htmlIE: DiaryOne: Save full text - c:\program files\diaryone\script\fullcatcher.htmIE: DiaryOne: Save selected text - c:\program files\diaryone\script\catcher.htmIE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htmIE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htmIE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLLLSP: c:\program files\vmware\vmware workstation\vsocklib.dllDPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cabDPF: {4EFA317A-8569-4788-B175-5BAF9731A549} - hxxps://www.microsoft.com/resources/virtuallabs/ActiveX/VMRCActiveXClient1.cabDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cabFilter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dllNotify: AtiExtEvent - Ati2evxx.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll================= FIREFOX ===================FF - ProfilePath - c:\docume~1\todd\applic~1\mozilla\firefox\profiles\u190l8lp.default\FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:officialFF - component: c:\documents and settings\todd\application data\mozilla\firefox\profiles\u190l8lp.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dllFF - component: c:\documents and settings\todd\application data\mozilla\firefox\profiles\u190l8lp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dllFF - plugin: c:\documents and settings\todd\application data\move networks\plugins\npqmp071500000347.dllFF - plugin: c:\documents and settings\todd\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dllFF - plugin: c:\program files\google\update\1.2.183.7\npGoogleOneClick8.dllFF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dllFF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}============= SERVICES / DRIVERS ===============R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-11 11608]R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-3 353672]R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-11 108289]R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-11 185089]R2 ApacheNoguskaNolaPro;ApacheNoguskaNolaPro;c:\program files\noguska\nolapro\apache\bin\Apache.exe [2008-1-17 20541]R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-11 55640]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-7-3 195856]R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]R2 MySQLNoguskaNolaPro;MySQLNoguskaNolaPro;c:\program files\noguska\nolapro\apache\mysql\bin\mysqld-nt.exe [2008-1-14 5701632]R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2009-3-26 54960]R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]R2 Windows SteadyState;Windows SteadyState Service;c:\program files\windows steadystate\SCTSvc.exe [2008-5-30 115728]R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-7-20 84992]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-7-3 19096]S2 freenet;Freenet background service;c:\program files\freenet\bin\wrapper-windows-x86-32.exe [2009-4-24 241664]S2 gupdate1c9ebce2f859526;Google Update Service (gupdate1c9ebce2f859526);c:\program files\google\update\GoogleUpdate.exe [2009-6-12 133104]S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-6-4 8704]S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-6-4 3072]=============== Created Last 30 ================2009-07-03 21:51	<DIR>	--d-----	c:\program files\Trend Micro2009-07-03 19:39	<DIR>	--d-----	c:\windows\system32\xircom2009-07-03 19:39	<DIR>	--d-----	c:\windows\system32\wbem\snmp2009-07-03 19:39	<DIR>	--d-----	c:\windows\srchasst2009-07-03 19:39	<DIR>	--d-----	c:\program files\msn gaming zone2009-07-03 19:30	516,096	a-------	c:\windows\system32\dllcache\user32.dll2009-07-03 19:27	<DIR>	--d-----	c:\windows\ERUNT2009-07-03 19:22	<DIR>	--d-----	C:\SDFix2009-07-03 18:00	<DIR>	--d-----	c:\program files\Zone Labs2009-07-03 17:59	<DIR>	--d-----	c:\windows\Internet Logs2009-07-03 17:13	<DIR>	--d-----	c:\docume~1\todd\applic~1\Malwarebytes2009-07-03 17:13	38,160	a-------	c:\windows\system32\drivers\mbamswissarmy.sys2009-07-03 17:13	19,096	a-------	c:\windows\system32\drivers\mbam.sys2009-07-03 17:13	<DIR>	--d-----	c:\program files\Malwarebytes' Anti-Malware2009-07-03 17:13	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes2009-07-03 16:12	93	a-------	c:\windows\system32\kungsfalhraxnf.dat.REN2009-07-03 16:11	<DIR>	--d-----	c:\docume~1\todd\applic~1\LogoMaker2009-07-03 16:10	68,608	a-------	c:\windows\system32\drivers\kungsftpegvxlr.sys.REN2009-07-03 16:10	14,651	a-------	c:\windows\system32\kungsfiigvtvwv.dat.REN2009-06-30 15:18	23	a-------	c:\windows\SWFDecompiler.INI2009-06-30 15:18	<DIR>	--d-----	c:\program files\common files\SourceTec2009-06-30 15:18	<DIR>	--d-----	c:\program files\SourceTec2009-06-29 19:57	<DIR>	--d-----	c:\program files\MSECache2009-06-29 15:20	<DIR>	--d-----	c:\program files\Freenet2009-06-29 11:32	<DIR>	--d-----	c:\program files\Microangelo Toolset 62009-06-28 15:42	<DIR>	--d-----	c:\docume~1\todd\applic~1\.myibay2009-06-28 15:42	<DIR>	--d-----	c:\program files\myibay2009-06-27 17:42	<DIR>	--d-----	c:\docume~1\todd\applic~1\DVD Flick2009-06-27 17:41	36,864	a-------	c:\windows\system32\trayicon_handler.ocx2009-06-27 17:41	28,672	a-------	c:\windows\system32\mousewheel.ocx2009-06-27 17:41	<DIR>	--d-----	c:\program files\DVD Flick2009-06-27 09:20	475,136	a-------	c:\windows\lk_c4.dll2009-06-27 09:20	399,872	a-------	c:\windows\c4dstand.dll2009-06-27 09:20	50	a-------	c:\windows\app.ini2009-06-27 09:20	<DIR>	--d-----	c:\program files\LKMH2009-06-27 09:20	1,644,032	a-------	c:\windows\LKMHDemo.exe2009-06-27 09:20	3,362	a-------	c:\windows\LKMHDemo.ini2009-06-27 09:20	2,238	a-------	c:\windows\LK.ico2009-06-27 09:20	304	a-------	c:\windows\LKMH_Demo_Cfg.ini2009-06-27 09:19	<DIR>	--d-----	c:\program files\Your Company Name2009-06-27 09:19	<DIR>	--d-----	c:\program files\Total Seminars2009-06-25 16:44	11	a-------	c:\windows\EuBcd.ini2009-06-24 11:36	1,025	a-------	c:\windows\system32\sysprs7.tgz2009-06-24 11:36	1,025	a-------	c:\windows\system32\sysprs7.dll2009-06-24 11:36	1,025	a-------	c:\windows\system32\clauth2.dll2009-06-24 11:36	1,025	a-------	c:\windows\system32\clauth1.dll2009-06-24 11:36	219	a-------	c:\windows\system32\lsprst7.tgz2009-06-24 11:36	205	a-------	c:\windows\system32\lsprst7.dll2009-06-24 11:36	87	a-------	c:\windows\system32\ssprs.tgz2009-06-24 11:36	73	a-------	c:\windows\system32\ssprs.dll2009-06-24 11:36	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Minnetonka Audio Software2009-06-24 10:35	<DIR>	--d-----	c:\program files\Pinnacle2009-06-24 10:35	<DIR>	--d-----	c:\program files\common files\Yahoo!2009-06-24 10:35	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Pinnacle VideoSpin2009-06-23 23:19	24	---shr--	c:\windows\3B3AC3B1.D772009-06-23 22:33	24	---shr--	c:\windows\BF3255BE.83A2009-06-23 22:33	24	---shr--	c:\windows\305BA05B.AFD2009-06-23 22:32	209,608	a-------	c:\windows\system32\TABCTL32.OCX2009-06-23 22:32	32,768	a-------	c:\windows\system32\FatListCtl.ocx2009-06-23 22:32	802,816	a-------	c:\windows\system32\CLXCLI27.dll2009-06-23 22:32	<DIR>	--d-----	c:\program files\CertBlaster2009-06-23 21:19	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\F-Secure Online Backup2009-06-23 21:19	<DIR>	--d-----	c:\program files\F-Secure Online Backup2009-06-19 10:16	125,952	a-------	c:\windows\system32\biucntxt.dll2009-06-19 10:16	<DIR>	--d-----	c:\program files\Back it up!2009-06-19 10:16	796,672	a-------	c:\windows\GPInstall.exe2009-06-18 17:18	<DIR>	--d-----	c:\program files\common files\Merge Modules2009-06-17 17:47	<DIR>	--d-----	c:\program files\Microsoft Small Business2009-06-17 17:43	<DIR>	--d-----	c:\program files\MSXML 6.02009-06-17 17:40	<DIR>	--d-----	c:\program files\Microsoft SQL Server2009-06-14 19:51	<DIR>	--d-----	c:\docume~1\todd\applic~1\KeePass2009-06-14 19:48	<DIR>	--d-----	c:\program files\KeePass Password Safe2009-06-13 15:39	<DIR>	--d-----	c:\program files\Noguska2009-06-12 18:33	55,856	a----r--	c:\windows\system32\vnetinst.dll2009-06-12 18:33	16,560	a----r--	c:\windows\system32\drivers\vmnetadapter.sys2009-06-12 18:33	326,192	a-------	c:\windows\system32\vmnetdhcp.exe2009-06-12 18:33	399,920	a-------	c:\windows\system32\vmnat.exe2009-06-12 18:33	26,288	a-------	c:\windows\system32\drivers\vmnetuserif.sys2009-06-12 18:33	50,736	a----r--	c:\windows\system32\vmnetbridge.dll2009-06-12 18:33	31,280	a----r--	c:\windows\system32\drivers\vmnetbridge.sys2009-06-12 18:33	18,736	a----r--	c:\windows\system32\drivers\vmnet.sys2009-06-12 18:33	723,504	a-------	c:\windows\system32\vnetlib.dll2009-06-12 18:33	23,216	a-------	c:\windows\system32\drivers\VMkbd.sys2009-06-12 18:31	<DIR>	--d-----	c:\program files\VMware2009-06-11 21:36	246,272	--------	c:\windows\system32\dllcache\ieproxy.dll2009-06-11 21:36	12,800	--------	c:\windows\system32\dllcache\xpshims.dll2009-06-11 14:34	585,216	--------	c:\windows\system32\dllcache\rpcrt4.dll2009-06-11 12:59	346,112	--------	c:\windows\system32\dllcache\localspl.dll2009-06-11 11:48	268,288	--------	c:\windows\system32\dllcache\httpext.dll2009-06-10 19:46	1,024	a-------	C:\.rnd2009-06-09 23:37	8,192	a--shr--	C:\BOOTSECT.BAK2009-06-09 23:37	383,200	a--shr--	C:\bootmgr2009-06-09 23:37	<DIR>	--dsh---	C:\Boot2009-06-09 19:48	<DIR>	--dsh---	C:\$RECYCLE.BIN2009-06-09 14:39	<DIR>	--d-----	c:\docume~1\todd\applic~1\SpamBayes2009-06-09 14:38	<DIR>	--d-----	c:\program files\SpamBayes2009-06-07 14:11	<DIR>	--d-----	c:\program files\UltraVNC2009-06-07 13:46	<DIR>	--d-----	c:\program files\PFPortChecker2009-06-06 18:01	<DIR>	--d-----	c:\windows\system32\NtmsData2009-06-06 16:34	<DIR>	--d-----	c:\program files\No-IP2009-06-06 16:21	<DIR>	--d-----	c:\program files\FreeDNS Update2009-06-06 12:23	<DIR>	--dsh---	c:\documents and settings\todd\IECompatCache2009-06-06 12:22	<DIR>	--dsh---	c:\documents and settings\todd\PrivacIE2009-06-06 12:19	8,192	a-------	c:\windows\system32\staxmem.dll2009-06-06 09:04	<DIR>	--d-----	C:\Inetpub2009-06-04 18:11	<DIR>	--d-----	C:\ProgramData2009-06-04 18:11	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Electronic Arts2009-06-04 18:10	447,752	a----r--	c:\windows\system32\vp6vfw.dll2009-06-04 18:10	<DIR>	--d-----	c:\program files\Microsoft WSE2009-06-04 17:46	0	a-------	c:\windows\ativpsrm.bin2009-06-04 17:43	593,920	--------	c:\windows\system32\ati2sgag.exe2009-06-04 17:43	<DIR>	--d-----	c:\program files\ATI Technologies2009-06-04 17:43	<DIR>	--d-----	C:\ATI==================== Find3M  ====================2009-07-03 18:00	4,212	a---h---	c:\windows\system32\zllictbl.dat2009-06-01 20:14	403	a-------	c:\program files\INSTALL.LOG2009-05-30 14:04	0	a---h---	c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf2009-05-30 14:04	0	a---h---	c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf2009-05-30 14:04	0	a---h---	c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf2009-05-30 13:56	0	a---h---	c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf2009-05-30 13:56	0	a---h---	c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf2009-05-27 18:30	409,600	a-------	c:\windows\system32\wrap_oal.dll2009-05-27 18:30	114,688	a-------	c:\windows\system32\OpenAL32.dll2009-05-13 01:15	5,936,128	a-------	c:\windows\system32\dllcache\mshtml.dll2009-05-13 01:15	915,456	a-------	c:\windows\system32\wininet.dll2009-05-13 01:15	915,456	a-------	c:\windows\system32\dllcache\wininet.dll2009-05-12 01:11	102,912	--------	c:\windows\system32\dllcache\iecompat.dll2009-05-07 11:14	346,112	a-------	c:\windows\system32\localspl.dll2009-04-30 17:22	1,985,024	a-------	c:\windows\system32\dllcache\iertutil.dll2009-04-30 17:22	11,064,832	a-------	c:\windows\system32\dllcache\ieframe.dll2009-04-30 17:22	1,207,808	a-------	c:\windows\system32\dllcache\urlmon.dll2009-04-30 17:22	25,600	a-------	c:\windows\system32\dllcache\jsproxy.dll2009-04-30 17:22	385,536	a-------	c:\windows\system32\dllcache\iedkcs32.dll2009-04-30 07:21	173,056	a-------	c:\windows\system32\dllcache\ie4uinit.exe2009-04-28 22:18	442,368	a-------	c:\windows\system32\ATIDEMGX.dll2009-04-28 22:17	335,872	a-------	c:\windows\system32\ati2dvag.dll2009-04-28 22:07	204,800	a-------	c:\windows\system32\atipdlxx.dll2009-04-28 22:06	155,648	a-------	c:\windows\system32\Oemdspif.dll2009-04-28 22:06	26,112	a-------	c:\windows\system32\Ati2mdxx.exe2009-04-28 22:06	43,520	a-------	c:\windows\system32\ati2edxx.dll2009-04-28 22:06	155,648	a-------	c:\windows\system32\ati2evxx.dll2009-04-28 22:04	602,112	a-------	c:\windows\system32\ati2evxx.exe2009-04-28 22:03	53,248	a-------	c:\windows\system32\ATIDDC.DLL2009-04-28 22:00	311,296	a-------	c:\windows\system32\atiiiexx.dll2009-04-28 21:56	2,997,536	a-------	c:\windows\system32\ati3duag.dll2009-04-28 21:45	11,603,968	a-------	c:\windows\system32\atioglxx.dll2009-04-28 21:42	2,687,872	a-------	c:\windows\system32\ativvaxx.dll2009-04-28 21:42	3,107,788	a-------	c:\windows\system32\ativva5x.dat2009-04-28 21:42	887,724	a-------	c:\windows\system32\ativva6x.dat2009-04-28 21:26	49,664	a-------	c:\windows\system32\atimpc32.dll2009-04-28 21:26	49,664	a-------	c:\windows\system32\amdpcom32.dll2009-04-28 21:22	479,232	a-------	c:\windows\system32\atikvmag.dll2009-04-28 21:20	45,056	a-------	c:\windows\system32\aticalrt.dll2009-04-28 21:20	45,056	a-------	c:\windows\system32\aticalcl.dll2009-04-28 21:20	135,168	a-------	c:\windows\system32\atiadlxx.dll2009-04-28 21:19	17,408	a-------	c:\windows\system32\atitvo32.dll2009-04-28 21:18	3,280,896	a-------	c:\windows\system32\aticaldd.dll2009-04-28 21:17	303,104	a-------	c:\windows\system32\atiok3x2.dll2009-04-28 21:13	630,784	a-------	c:\windows\system32\ati2cqag.dll2009-04-17 16:20	1,847,808	a-------	c:\windows\system32\win32k.sys2009-04-17 16:20	1,847,808	--------	c:\windows\system32\dllcache\win32k.sys2009-04-15 10:51	585,216	a-------	c:\windows\system32\rpcrt4.dll2009-02-17 22:08	32,768	a--sh---	c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009021720090218\index.dat============= FINISH: 10:25:50.17 ===============


BC AdBot (Login to Remove)

 


#2 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 05 July 2009 - 03:53 PM

Hi and welcome to the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum,

I am Posted Image and I am here to help you!

I ask that you refrain from running tools other than those we suggest to you while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Please perform all steps in the order received and do not proceed if you need clarification.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

As I am in the final stages of training an Expert Coach will also oversee your fix. Your benefit will be "four eyes and two brains" but responses may be somewhat delayed so please be patient!!!!

I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!

============

I need a more detailed look at your computer.
Please do this...........

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
==========

With your next post please provide:

* OTL.txt
* OTL Extra.txt

My fix will be based on the current state of your computer. Please do not run any other tools (eg. Combofix) unless I specifically direct you to do so.

I will review your logs and post instructions forthcoming.
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#3 Todd Nelson

Todd Nelson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 05 July 2009 - 07:25 PM

Here are the latest reports:

Attached File  OTL.Txt   186.81KB   18 downloads
Attached File  Extras.Txt   63.03KB   13 downloads


Thanks :thumbup2:

#4 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 05 July 2009 - 08:14 PM

Hello again,
Thanks for the logs.
Please copy and paste the logs directly into your post unless directed otherwise. :thumbup2:
Now I will review your logs and create a fix.
Please be patient!!
Instructions will be forthcoming.
Kind regards,
t

OTL logfile created on: 7/5/2009 8:14:26 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Todd\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 139.63 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.81 Gb Total Space | 26.50 Gb Free Space | 23.70% Space Free | Partition Type: NTFS

Computer Name: DESKTOP
Current User Name: Todd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/04/28 22:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/05/30 14:41:28 | 00,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe
PRC - [2009/04/28 22:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/06/09 06:39:58 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/01/23 15:28:10 | 02,262,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/09 06:39:58 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/06/17 11:27:52 | 00,195,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exe
PRC - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/01/14 12:17:49 | 05,701,632 | ---- | M] () -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2009/03/26 23:04:16 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/03/26 23:04:22 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
PRC - [2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe
PRC - [2009/03/26 23:04:42 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
PRC - [2008/05/02 01:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/06/06 17:55:51 | 00,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/02/23 13:46:22 | 01,110,016 | ---- | M] (CrossLoop) -- C:\Program Files\CrossLoop\CrossLoopConnect.exe
PRC - [2009/06/17 11:27:50 | 00,414,992 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/06/06 17:55:52 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/03/06 17:21:39 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/05/10 23:46:20 | 00,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroTray.exe
PRC - [2008/12/12 12:41:18 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe
PRC - [2008/12/12 12:41:08 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe
PRC - [2009/04/29 13:55:24 | 03,338,240 | ---- | M] (Electronic Arts) -- C:\Program Files\Electronic Arts\EADM\Core.exe
PRC - [2007/03/20 19:06:52 | 16,087,224 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
PRC - [2009/01/27 02:27:48 | 00,648,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/05/19 15:46:14 | 01,719,496 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe
PRC - [2009/05/18 10:48:52 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe
PRC - [2009/06/18 21:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/06/18 21:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/06/18 21:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/06/18 21:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/06/18 21:39:20 | 00,759,280 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2009/07/05 20:13:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\My Documents\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/20 17:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
SRV - [2009/06/09 06:39:58 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/06/09 06:39:58 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exe -- (ApacheNoguskaNolaPro [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/04/28 22:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/04/28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
SRV - [2009/03/06 17:21:39 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/24 19:16:53 | 00,241,664 | ---- | M] (Tanuki Software, Ltd.) -- C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe -- (freenet [Auto | Stopped])
SRV - [2009/06/12 22:25:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ebce2f859526 [Auto | Stopped])
SRV - [2009/06/06 17:55:49 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 07:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/06/17 11:27:52 | 00,195,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Running])
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/01/14 12:17:49 | 05,701,632 | ---- | M] () -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe -- (MySQLNoguskaNolaPro [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/09 14:18:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2008/12/01 11:49:02 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])
SRV - [2009/03/26 23:04:16 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Auto | Running])
SRV - [2009/03/26 23:04:42 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])
SRV - [2009/03/26 23:04:22 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2008/05/30 14:41:28 | 00,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe -- (Windows SteadyState [Auto | Running])
SRV - [2009/02/01 18:07:01 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/12/12 12:41:18 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Running])
SRV - [2008/12/12 12:41:08 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Running])

========== Driver Services (SafeList) ==========

DRV - [2007/04/16 07:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running])
DRV - [2009/04/02 06:13:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/04/28 23:30:44 | 03,643,904 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/07/20 18:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2009/02/25 20:22:12 | 00,008,704 | ---- | M] () -- C:\WINDOWS\System32\epmntdrv.sys -- (epmntdrv [On_Demand | Stopped])
DRV - [2009/02/25 20:22:12 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\EuGdiDrv.sys -- (EuGdiDrv [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/26 23:05:34 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\hcmon.sys -- (hcmon [Auto | Running])
DRV - [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/11/01 17:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2009/02/09 14:18:00 | 06,307,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2009/02/01 18:41:16 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2006/07/11 14:38:28 | 00,057,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/07/11 14:38:30 | 00,020,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/11/02 04:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/06/09 06:39:58 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2009/03/26 23:05:36 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\vmci.sys -- (vmci [Auto | Running])
DRV - [2009/03/26 23:05:36 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])
DRV - [2008/02/12 03:42:38 | 00,232,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\vmm.sys -- (vmm [System | Running])
DRV - [2009/03/26 17:31:12 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])
DRV - [2009/03/26 17:31:12 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running])
DRV - [2009/03/26 23:05:32 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])
DRV - [2009/03/26 23:05:34 | 00,857,520 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\vmx86.sys -- (vmx86 [Auto | Running])
DRV - [2008/02/05 01:50:44 | 00,059,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys -- (VPCNetS2 [On_Demand | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2008/12/01 11:47:08 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2008/11/10 12:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\S-1-5-21-1214440339-1647877149-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\S-1-5-21-1214440339-1647877149-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.3.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.77
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.1
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/02/17 22:02:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/17 22:05:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/12 00:22:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/12 00:22:09 | 00,000,000 | ---D | M]

[2009/05/26 17:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Extensions
[2009/05/26 17:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/02/17 23:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/04 21:42:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions
[2009/06/19 09:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/06/03 21:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/19 09:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/06/28 10:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/06/30 15:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/06/19 09:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/19 09:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\firebug@software.joehewitt.com
[2009/06/29 15:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\firefox1@myibay.com
[2009/06/18 18:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\personas@christopher.beard
[2009/06/29 20:07:12 | 00,002,164 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\bing.xml
[2009/07/03 08:55:20 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\dictionarycom.xml
[2009/07/03 08:55:20 | 00,005,600 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\pizzatorrent.xml
[2009/07/03 08:55:20 | 00,001,150 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\referencecom---encyclopedia.xml
[2009/07/03 08:55:20 | 00,001,084 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\thesauruscom.xml
[2009/07/04 21:42:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 00:22:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/17 22:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/16 03:27:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 00:22:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 00:22:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/12 00:22:07 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 23:52:33 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/14 05:40:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/14 05:40:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/02 04:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 04:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 04:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 04:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 04:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 04:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 04:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CrossLoop] C:\Program Files\CrossLoop\CrossLoopConnect.exe (CrossLoop)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SDFix] File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\.DEFAULT..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\S-1-5-18..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [F-Secure Online Backup] C:\Program Files\F-Secure Online Backup\F-Secure Online Backup\fsolb-us.exe (Agematis)
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [Google Update] C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm ()
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtual...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/17 22:00:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/04/29 22:57:16 | 00,054,544 | R--- | M] (Electronic Arts) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008/10/21 18:22:16 | 00,000,045 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{83a67f42-fd2f-11dd-85cf-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{83a67f42-fd2f-11dd-85cf-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{83a67f42-fd2f-11dd-85cf-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2009/04/29 22:57:16 | 00,054,544 | R--- | M] (Electronic Arts)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/05 17:28:49 | 00,000,044 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\index.html
[2009/07/05 10:06:55 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\keywords.csv
[2009/07/05 09:14:09 | 00,011,608 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\sitemap.xml
[2009/07/05 08:20:23 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\DeepBurner.lnk
[2009/07/05 08:20:23 | 00,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2009/07/04 22:37:54 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\mod_praiseurl_1.0.0_v11.zip
[2009/07/04 22:26:22 | 00,293,858 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\IonicIsapiRewriter-1.2.15-src.zip
[2009/07/04 16:13:18 | 00,016,944 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\sitemap.xml
[2009/07/04 15:58:44 | 00,101,103 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_xmap-1.0.4.zip
[2009/07/04 15:32:48 | 00,124,871 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Convoy Containers - Storage...pdf
[2009/07/04 15:14:41 | 01,908,598 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Pages from convoycatalog.png
[2009/07/04 14:56:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\FireShot
[2009/07/04 14:30:18 | 00,001,552 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\httpd.ini
[2009/07/04 14:26:43 | 00,000,000 | ---D | C] -- C:\Program Files\Helicon
[2009/07/04 14:25:20 | 01,298,432 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\isapi_rwl_x86_0073.msi
[2009/07/04 14:09:29 | 00,704,804 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-2.3.2.zip
[2009/07/04 14:05:34 | 00,370,954 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-3.3.1.zip
[2009/07/04 13:45:19 | 00,436,647 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_sh404SEF_1.3.9_build_357.joomla1.0.x.zip
[2009/07/04 11:42:48 | 00,061,857 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\squirrel(2).mp3
[2009/07/04 11:33:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\bitpim
[2009/07/04 11:33:33 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/07/04 11:32:39 | 11,754,153 | ---- | C] (Joe Pham <djpham@bitpim.org> ) -- C:\Documents and Settings\Todd\Desktop\bitpim-1.0.6-setup.exe
[2009/07/04 11:23:04 | 00,048,901 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\squirrel.mp3
[2009/07/04 10:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\computer logs
[2009/07/03 22:02:30 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2009/07/03 21:51:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\HijackThis.lnk
[2009/07/03 21:51:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/03 21:51:09 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Todd\Desktop\HJTInstall.exe
[2009/07/03 19:39:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/07/03 19:39:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/07/03 19:39:34 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/07/03 19:39:33 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/07/03 19:39:33 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/07/03 19:30:21 | 00,516,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/07/03 19:27:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/07/03 19:22:37 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/07/03 19:20:46 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\SDFix.exe
[2009/07/03 18:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\AntiRootkit
[2009/07/03 18:55:55 | 00,311,591 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\AntiRootkit.zip
[2009/07/03 18:00:38 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/03 18:00:34 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/07/03 18:00:33 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/07/03 18:00:33 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/07/03 18:00:30 | 00,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/07/03 18:00:29 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/07/03 18:00:29 | 00,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/07/03 18:00:29 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/07/03 18:00:29 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/07/03 18:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/07/03 18:00:29 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/07/03 18:00:28 | 00,353,672 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/07/03 18:00:28 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/07/03 18:00:00 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/07/03 18:00:00 | 00,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/07/03 18:00:00 | 00,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/07/03 17:59:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/07/03 17:58:23 | 00,267,152 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\zaSetup_en.exe
[2009/07/03 17:16:32 | 00,000,488 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Todd.job
[2009/07/03 17:16:28 | 00,000,474 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Todd.job
[2009/07/03 17:13:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Malwarebytes
[2009/07/03 17:13:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 17:13:39 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/03 17:13:38 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/03 17:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/03 17:13:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/03 16:12:14 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\kungsfalhraxnf.dat.REN
[2009/07/03 16:11:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\LogoMaker
[2009/07/03 16:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\LogoMaker
[2009/07/03 16:10:40 | 00,068,608 | ---- | C] () -- C:\WINDOWS\System32\drivers\kungsftpegvxlr.sys.REN
[2009/07/03 16:10:40 | 00,014,651 | ---- | C] () -- C:\WINDOWS\System32\kungsfiigvtvwv.dat.REN
[2009/07/03 09:30:57 | 00,015,016 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Receipt - PayPal.pdf
[2009/07/03 09:17:33 | 00,033,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Cash Sale.pdf
[2009/07/03 09:07:27 | 00,012,485 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Received Payment List.pdf
[2009/07/03 09:03:32 | 00,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Credit Card Processing - Web Edition 2009.lnk
[2009/07/03 09:03:32 | 00,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Accounting 2009.lnk
[2009/07/02 08:07:25 | 00,046,561 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\1146449058_2.zip
[2009/06/30 21:28:49 | 00,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004UA.job
[2009/06/30 21:28:49 | 00,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004Core.job
[2009/06/30 20:02:07 | 00,050,089 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\CompTIA_A_220-602.sflb.pdf
[2009/06/30 20:01:40 | 00,069,838 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Comptia_A_Essentials.sflb.pdf
[2009/06/30 15:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\SourceTec
[2009/06/30 15:18:32 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/30 15:18:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2009/06/30 15:18:24 | 00,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2009/06/30 15:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\convoycontainers
[2009/06/30 00:32:11 | 00,006,626 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\mod_content_links_v1-5.zip
[2009/06/30 00:25:15 | 00,004,812 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\mod_catarticles-100.zip
[2009/06/29 20:53:04 | 00,039,365 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.pdf
[2009/06/29 20:51:06 | 00,022,548 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.docx
[2009/06/29 20:43:36 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/29 20:43:35 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/29 19:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/06/29 19:57:27 | 00,956,344 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\SaveAsPDFandXPS.exe
[2009/06/29 15:20:35 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freenet.lnk
[2009/06/29 15:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Freenet
[2009/06/29 15:19:41 | 09,197,472 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\FreenetInstaller-1222.exe
[2009/06/29 11:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Icons and Cursors
[2009/06/29 11:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Microangelo Toolset 6
[2009/06/29 11:32:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microangelo Toolset 6
[2009/06/29 11:31:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\fo-ma6
[2009/06/29 11:21:47 | 08,435,390 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\fo-ma6.zip
[2009/06/29 11:00:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\icon-plugin
[2009/06/29 11:00:47 | 00,651,660 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\icon-plugin.zip
[2009/06/29 10:17:20 | 00,119,183 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\corrcont.pdf
[2009/06/28 15:42:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\.myibay
[2009/06/28 15:42:29 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\myibay eBay bid sniper.lnk
[2009/06/28 15:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\myibay
[2009/06/28 09:14:48 | 01,343,844 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\FileZilla_3.2.5_win32-setup.exe
[2009/06/27 17:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\dvd
[2009/06/27 17:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\DVD Flick
[2009/06/27 17:41:50 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2009/06/27 17:41:50 | 00,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2009/06/27 17:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2009/06/27 16:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\ebook
[2009/06/27 09:20:08 | 00,475,136 | ---- | C] (Sequiter Software Inc.) -- C:\WINDOWS\lk_c4.dll
[2009/06/27 09:20:08 | 00,399,872 | ---- | C] () -- C:\WINDOWS\c4dstand.dll
[2009/06/27 09:20:08 | 00,000,050 | ---- | C] () -- C:\WINDOWS\app.ini
[2009/06/27 09:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\LKMH
[2009/06/27 09:20:02 | 01,644,032 | ---- | C] (LearnKey, Inc.) -- C:\WINDOWS\LKMHDemo.exe
[2009/06/27 09:20:02 | 00,003,362 | ---- | C] () -- C:\WINDOWS\LKMHDemo.ini
[2009/06/27 09:20:02 | 00,002,238 | ---- | C] () -- C:\WINDOWS\LK.ico
[2009/06/27 09:20:02 | 00,000,304 | ---- | C] () -- C:\WINDOWS\LKMH_Demo_Cfg.ini
[2009/06/27 09:19:40 | 00,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Total Tester A+ 2006 Demo.lnk
[2009/06/27 09:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Your Company Name
[2009/06/27 09:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\Total Seminars
[2009/06/27 01:42:46 | 00,190,569 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\0627090121.mp3
[2009/06/26 19:16:09 | 22,300,579 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\fo-9p3c.zip
[2009/06/25 16:44:50 | 00,000,011 | ---- | C] () -- C:\WINDOWS\EuBcd.ini
[2009/06/24 18:21:39 | 00,002,199 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Todd.lnk
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/06/24 11:36:52 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/06/24 11:36:52 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/06/24 11:36:52 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/06/24 11:36:52 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/06/24 11:36:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/06/24 10:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Adobe
[2009/06/24 10:37:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\DivX
[2009/06/24 10:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Pinnacle VideoSpin
[2009/06/24 10:35:52 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle VideoSpin.lnk
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pinnacle
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2009/06/24 10:34:47 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/06/24 10:34:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/06/24 10:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Downloaded Installations
[2009/06/24 10:12:22 | 17,020,3312 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\VideoSpin_2_0_Setup.exe
[2009/06/23 23:19:02 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\3B3AC3B1.D77
[2009/06/23 22:33:18 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\BF3255BE.83A
[2009/06/23 22:33:18 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\305BA05B.AFD
[2009/06/23 22:32:12 | 00,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2009/06/23 22:32:12 | 00,032,768 | ---- | C] (Celexis, Inc.) -- C:\WINDOWS\System32\FatListCtl.ocx
[2009/06/23 22:32:11 | 00,802,816 | ---- | C] (dti Publishing, Corp.) -- C:\WINDOWS\System32\CLXCLI27.dll
[2009/06/23 22:32:11 | 00,000,000 | ---D | C] -- C:\Program Files\CertBlaster
[2009/06/23 21:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\F-Secure Online Backup
[2009/06/23 21:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure Online Backup
[2009/06/23 21:19:04 | 00,000,987 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\F-Secure Online Backup.lnk
[2009/06/23 21:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\F-Secure Online Backup
[2009/06/23 13:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Work
[2009/06/20 12:20:02 | 00,013,627 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\ISA.docx
[2009/06/19 15:43:02 | 10,528,839 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\SysinternalsSuite.zip
[2009/06/19 10:16:40 | 00,125,952 | ---- | C] () -- C:\WINDOWS\System32\biucntxt.dll
[2009/06/19 10:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\Back it up!
[2009/06/19 10:16:31 | 00,796,672 | ---- | C] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2009/06/19 08:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft Corporation
[2009/06/18 17:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Visual Studio 2008
[2009/06/18 17:18:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/06/18 17:18:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/06/18 17:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/06/18 17:12:06 | 02,728,440 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\vcsetup.exe
[2009/06/17 17:48:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Small Business Accounting
[2009/06/17 17:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2009/06/17 17:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/06/17 17:40:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/06/16 13:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/06/14 19:51:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\KeePass
[2009/06/14 19:48:34 | 00,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe
[2009/06/14 19:45:10 | 16,926,7288 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\MOA2009USExp.exe
[2009/06/13 15:40:20 | 00,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NolaPro by Noguska.lnk
[2009/06/13 15:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\Noguska
[2009/06/12 22:40:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\crystal
[2009/06/12 22:40:44 | 00,015,184 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\crystal.zip
[2009/06/12 22:25:22 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\toddpetersonpro.com Calendar.lnk
[2009/06/12 21:37:59 | 41,955,070 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\4483.zip
[2009/06/12 19:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Mac OS X Leopard
[2009/06/12 18:53:13 | 53,970,722 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\NOLAPRO-AMP.exe
[2009/06/12 18:33:33 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/06/12 18:33:33 | 00,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2009/06/12 18:33:31 | 00,326,192 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2009/06/12 18:33:30 | 00,399,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2009/06/12 18:33:29 | 00,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2009/06/12 18:33:27 | 00,050,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetbridge.dll
[2009/06/12 18:33:27 | 00,031,280 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetbridge.sys
[2009/06/12 18:33:27 | 00,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2009/06/12 18:33:26 | 00,723,504 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2009/06/12 18:33:14 | 00,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2009/06/12 18:33:09 | 00,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VMware Workstation.lnk
[2009/06/12 18:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\VMware
[2009/06/12 17:14:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\VMware
[2009/06/11 22:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\RcIncidents
[2009/06/11 21:36:57 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 21:36:57 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/11 14:34:56 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/06/11 12:59:05 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/06/11 11:48:49 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/06/10 19:46:16 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/06/10 19:46:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2009/06/10 18:41:40 | 00,002,367 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Massillon_ Ohio (44646) Conditions & Forecast _ Weather Undergro.lnk
[2009/06/10 18:21:58 | 00,000,845 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Shortcut to CompTIA A+ (A Plus) TestOut Training for Tests 220-601 & 220-602.lnk
[2009/06/10 14:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\rt_synapse
[2009/06/10 08:44:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\ajaxcontact
[2009/06/10 08:28:32 | 00,045,844 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\ajaxcontact.zip
[2009/06/10 08:16:38 | 00,011,024 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_contactsafe 1_0_6.zip
[2009/06/10 07:38:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\JoomlaPatches1.0.15-v1.0.0 for securityimages 4.x only
[2009/06/10 07:38:08 | 00,066,418 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\JoomlaPatches1.0.15-v1.0.0 for securityimages 4.x only.zip
[2009/06/10 07:30:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\com_securityimages4.3.3
[2009/06/10 07:18:55 | 01,656,940 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_securityimages4.3.3.zip
[2009/06/10 04:16:34 | 09,212,846 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\convoycatalogedit.pdf
[2009/06/09 23:37:52 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/06/09 23:37:51 | 00,000,211 | -H-- | C] () -- C:\Boot.BAK
[2009/06/09 23:37:50 | 00,383,200 | RHS- | C] () -- C:\bootmgr
[2009/06/09 23:37:50 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/06/09 19:48:08 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/06/09 14:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\SpamBayes
[2009/06/09 14:38:33 | 00,000,000 | ---D | C] -- C:\Program Files\SpamBayes
[2009/06/09 14:38:11 | 03,025,816 | ---- | C] ( ) -- C:\Documents and Settings\Todd\Desktop\spambayes-1.0.4.exe
[2009/06/09 13:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\New Folder
[2009/06/07 14:11:56 | 00,000,000 | ---D | C] -- C:\Program Files\UltraVNC
[2009/06/07 13:46:50 | 00,000,000 | ---D | C] -- C:\Program Files\PFPortChecker
[2009/06/06 18:01:51 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/06/06 17:59:15 | 25,309,75744 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\7100.0.090421-1700_x86fre_client_en-us_retail_ultimate-grc1culfrer_en_dvd.iso
[2009/06/06 17:59:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Download Manager
[2009/06/06 17:55:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Google
[2009/06/06 17:55:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/06/06 16:34:49 | 00,000,000 | ---D | C] -- C:\Program Files\No-IP
[2009/06/06 16:21:07 | 00,000,000 | ---D | C] -- C:\Program Files\FreeDNS Update
[2009/06/06 12:23:03 | 00,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72F75279-E9D7-48BC-83BE-137C264A8E10}.job
[2009/06/06 12:20:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\IIS Temporary Compressed Files
[2009/06/06 12:20:32 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Cache
[2009/06/06 12:20:26 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fcachdll.dll
[2009/06/06 12:20:26 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\regtrace.exe
[2009/06/06 12:20:26 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/06/06 12:20:26 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpctrs.dll
[2009/06/06 12:20:26 | 00,008,002 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.h
[2009/06/06 12:20:26 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\snprfdll.dll
[2009/06/06 12:20:26 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiisex.dll
[2009/06/06 12:20:26 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/06/06 12:20:26 | 00,000,773 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.h
[2009/06/06 12:20:10 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/06/06 12:20:10 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3svapi.dll
[2009/06/06 12:20:10 | 00,005,379 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.h
[2009/06/06 12:20:10 | 00,004,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\w3ctrs.dll
[2009/06/06 12:20:09 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisreset.exe
[2009/06/06 12:20:09 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\aspperf.dll
[2009/06/06 12:20:09 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/06/06 12:20:09 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ftpsapi2.dll
[2009/06/06 12:20:09 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisrstap.dll
[2009/06/06 12:20:09 | 00,002,024 | ---- | C] () -- C:\WINDOWS\System32\axctrnm.h
[2009/06/06 12:20:08 | 00,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\convlog.exe
[2009/06/06 12:20:08 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsloc.dll
[2009/06/06 12:20:08 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/06/06 12:20:08 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoctrs.dll
[2009/06/06 12:20:08 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wamregps.dll
[2009/06/06 12:20:08 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admxprox.dll
[2009/06/06 12:20:08 | 00,003,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismui.dll
[2009/06/06 12:20:08 | 00,003,276 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.h
[2009/06/06 12:20:04 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\smtpapi.dll
[2009/06/06 12:20:04 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\rwnh.dll
[2009/06/06 12:20:03 | 00,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\adsiis.dll
[2009/06/06 12:20:03 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisext.dll
[2009/06/06 12:20:03 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iismap.dll
[2009/06/06 12:20:03 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\exstrace.dll
[2009/06/06 12:20:03 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\infoadmn.dll
[2009/06/06 12:20:02 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\iisRtl.dll
[2009/06/06 12:20:02 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\admwprox.dll
[2009/06/06 12:19:58 | 00,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\staxmem.dll
[2009/06/06 09:04:59 | 00,000,000 | ---D | C] -- C:\Inetpub
[2009/06/04 00:57:48 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/04 00:57:48 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/06/04 00:57:48 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/03/06 17:31:38 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/02/27 02:21:24 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/27 02:21:23 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/27 02:21:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/02/27 02:21:22 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/27 02:21:21 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/17 22:07:14 | 00,000,080 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/02/09 14:18:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/09 14:18:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/09 14:18:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/09 14:18:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/02/01 17:59:02 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/14 07:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2008/04/14 07:00:00 | 00,000,693 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/01/26 01:04:12 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/23 13:48:40 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\EfTidy.dll
[2005/12/21 12:52:12 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2005/06/07 03:05:43 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/05 19:48:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/05 19:33:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004UA.job
[2009/07/05 17:28:49 | 00,000,044 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\index.html
[2009/07/05 15:59:18 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72F75279-E9D7-48BC-83BE-137C264A8E10}.job
[2009/07/05 10:06:55 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\keywords.csv
[2009/07/05 09:14:09 | 00,011,608 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\sitemap.xml
[2009/07/05 08:24:44 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 08:20:23 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\DeepBurner.lnk
[2009/07/05 02:09:21 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Todd.job
[2009/07/05 02:00:25 | 00,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Todd.job
[2009/07/04 22:37:54 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\mod_praiseurl_1.0.0_v11.zip
[2009/07/04 22:26:22 | 00,293,858 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\IonicIsapiRewriter-1.2.15-src.zip
[2009/07/04 21:33:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004Core.job
[2009/07/04 20:48:00 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/04 16:13:18 | 00,016,944 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\sitemap.xml
[2009/07/04 15:58:44 | 00,101,103 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_xmap-1.0.4.zip
[2009/07/04 15:32:48 | 00,124,871 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Convoy Containers - Storage...pdf
[2009/07/04 15:14:42 | 01,908,598 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Pages from convoycatalog.png
[2009/07/04 14:30:18 | 00,001,552 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\httpd.ini
[2009/07/04 14:25:26 | 01,298,432 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\isapi_rwl_x86_0073.msi
[2009/07/04 14:18:54 | 00,704,804 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-2.3.2.zip
[2009/07/04 14:05:34 | 00,370,954 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-3.3.1.zip
[2009/07/04 13:45:20 | 00,436,647 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_sh404SEF_1.3.9_build_357.joomla1.0.x.zip
[2009/07/04 11:42:48 | 00,061,857 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\squirrel(2).mp3
[2009/07/04 11:33:19 | 11,754,153 | ---- | M] (Joe Pham <djpham@bitpim.org> ) -- C:\Documents and Settings\Todd\Desktop\bitpim-1.0.6-setup.exe
[2009/07/04 11:30:59 | 00,663,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/04 11:30:59 | 00,544,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/04 11:30:59 | 00,108,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/04 11:23:04 | 00,048,901 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\squirrel.mp3
[2009/07/03 22:02:30 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2009/07/03 21:51:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\HijackThis.lnk
[2009/07/03 21:51:17 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Todd\Desktop\HJTInstall.exe
[2009/07/03 19:53:56 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/07/03 19:41:43 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/07/03 19:39:51 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/03 19:39:46 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/03 19:39:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/03 19:39:29 | 00,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/07/03 19:31:40 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/07/03 19:30:21 | 00,516,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/07/03 19:21:18 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\SDFix.exe
[2009/07/03 19:10:06 | 00,000,693 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/03 18:55:55 | 00,311,591 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\AntiRootkit.zip
[2009/07/03 18:38:52 | 00,014,651 | ---- | M] () -- C:\WINDOWS\System32\kungsfiigvtvwv.dat.REN
[2009/07/03 18:00:38 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/03 17:58:23 | 00,267,152 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\zaSetup_en.exe
[2009/07/03 17:54:13 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\kungsfalhraxnf.dat.REN
[2009/07/03 17:13:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 16:10:40 | 00,068,608 | ---- | M] () -- C:\WINDOWS\System32\drivers\kungsftpegvxlr.sys.REN
[2009/07/03 09:30:57 | 00,015,016 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Receipt - PayPal.pdf
[2009/07/03 09:21:22 | 00,033,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Cash Sale.pdf
[2009/07/03 09:07:27 | 00,012,485 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Received Payment List.pdf
[2009/07/03 09:00:53 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Credit Card Processing - Web Edition 2009.lnk
[2009/07/03 09:00:53 | 00,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Accounting 2009.lnk
[2009/07/02 08:07:26 | 00,046,561 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\1146449058_2.zip
[2009/06/30 20:02:07 | 00,050,089 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\CompTIA_A_220-602.sflb.pdf
[2009/06/30 20:01:40 | 00,069,838 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Comptia_A_Essentials.sflb.pdf
[2009/06/30 15:18:32 | 00,000,023 | ---- | M] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/30 00:32:11 | 00,006,626 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\mod_content_links_v1-5.zip
[2009/06/30 00:25:16 | 00,004,812 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\mod_catarticles-100.zip
[2009/06/29 20:53:16 | 00,039,365 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.pdf
[2009/06/29 20:51:06 | 00,022,548 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.docx
[2009/06/29 19:57:28 | 00,956,344 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\SaveAsPDFandXPS.exe
[2009/06/29 15:20:35 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freenet.lnk
[2009/06/29 15:20:00 | 09,197,472 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\FreenetInstaller-1222.exe
[2009/06/29 11:22:48 | 08,435,390 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\fo-ma6.zip
[2009/06/29 11:00:47 | 00,651,660 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\icon-plugin.zip
[2009/06/29 10:17:20 | 00,119,183 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\corrcont.pdf
[2009/06/28 15:42:29 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\myibay eBay bid sniper.lnk
[2009/06/28 09:14:51 | 01,343,844 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\FileZilla_3.2.5_win32-setup.exe
[2009/06/28 09:06:44 | 00,083,176 | ---- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/27 15:29:35 | 01,593,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/27 09:20:08 | 00,000,304 | ---- | M] () -- C:\WINDOWS\LKMH_Demo_Cfg.ini
[2009/06/27 09:19:40 | 00,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Total Tester A+ 2006 Demo.lnk
[2009/06/27 01:42:50 | 00,190,569 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\0627090121.mp3
[2009/06/26 19:19:10 | 22,300,579 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\fo-9p3c.zip
[2009/06/26 16:51:50 | 02,795,868 | -H-- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\IconCache.db
[2009/06/26 10:28:08 | 00,001,728 | -H-- | M] () -- C:\Documents and Settings\Todd\My Documents\Default.rdp
[2009/06/25 16:48:48 | 00,000,841 | RH-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2009/06/25 16:44:50 | 00,000,011 | ---- | M] () -- C:\WINDOWS\EuBcd.ini
[2009/06/24 18:21:39 | 00,002,199 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Todd.lnk
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2009/06/24 11:36:52 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/06/24 11:36:52 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/06/24 11:36:52 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/06/24 11:36:52 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2009/06/24 10:58:26 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/06/24 10:35:52 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle VideoSpin.lnk
[2009/06/24 10:33:34 | 17,020,3312 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\VideoSpin_2_0_Setup.exe
[2009/06/23 23:19:02 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\3B3AC3B1.D77
[2009/06/23 22:33:18 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\BF3255BE.83A
[2009/06/23 22:33:18 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\305BA05B.AFD
[2009/06/23 21:19:04 | 00,000,987 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-Secure Online Backup.lnk
[2009/06/20 12:20:02 | 00,013,627 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\ISA.docx
[2009/06/19 15:49:33 | 10,528,839 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\SysinternalsSuite.zip
[2009/06/19 10:16:32 | 00,796,672 | ---- | M] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2009/06/18 17:12:09 | 02,728,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\vcsetup.exe
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/14 19:54:58 | 16,926,7288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\MOA2009USExp.exe
[2009/06/13 15:40:20 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NolaPro by Noguska.lnk
[2009/06/12 22:40:44 | 00,015,184 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\crystal.zip
[2009/06/12 22:25:22 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\toddpetersonpro.com Calendar.lnk
[2009/06/12 21:45:23 | 41,955,070 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\4483.zip
[2009/06/12 19:18:48 | 53,970,722 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\NOLAPRO-AMP.exe
[2009/06/12 18:33:12 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/06/12 18:33:09 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VMware Workstation.lnk
[2009/06/12 03:04:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/10 18:41:40 | 00,002,367 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Massillon_ Ohio (44646) Conditions & Forecast _ Weather Undergro.lnk
[2009/06/10 18:21:58 | 00,000,845 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Shortcut to CompTIA A+ (A Plus) TestOut Training for Tests 220-601 & 220-602.lnk
[2009/06/10 08:28:32 | 00,045,844 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\ajaxcontact.zip
[2009/06/10 08:16:39 | 00,011,024 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_contactsafe 1_0_6.zip
[2009/06/10 07:38:09 | 00,066,418 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\JoomlaPatches1.0.15-v1.0.0 for securityimages 4.x only.zip
[2009/06/10 07:19:30 | 01,656,940 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_securityimages4.3.3.zip
[2009/06/10 04:49:32 | 09,431,145 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\convoycatalog.pdf
[2009/06/10 04:42:54 | 09,212,846 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\convoycatalogedit.pdf
[2009/06/09 23:37:52 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/09 23:37:51 | 00,000,355 | -HS- | M] () -- C:\boot.ini
[2009/06/09 19:22:32 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/06/09 19:22:32 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/06/09 14:38:17 | 03,025,816 | ---- | M] ( ) -- C:\Documents and Settings\Todd\Desktop\spambayes-1.0.4.exe
[2009/06/09 06:39:58 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/06/06 18:56:39 | 25,309,75744 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\7100.0.090421-1700_x86fre_client_en-us_retail_ultimate-grc1culfrer_en_dvd.iso
[2009/06/06 12:34:14 | 00,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EA Download Manager.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE039443
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21F11E8D
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48CF36A1
< End of report >

OTL Extras logfile created on: 7/5/2009 8:14:27 PM - Run 1
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Todd\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 139.63 Gb Free Space | 46.84% Space Free | Partition Type: NTFS
Drive D: | 5.54 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.81 Gb Total Space | 26.50 Gb Free Space | 23.70% Space Free | Partition Type: NTFS

Computer Name: DESKTOP
Current User Name: Todd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2009/02/01 18:28:38 | 00,685,056 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2007/06/05 14:56:48 | 01,123,920 | ---- | M] (TestOut Corporation) -- C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009/02/01 18:28:38 | 00,685,056 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007/01/01 17:22:02 | 03,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk
[2009/05/19 15:46:14 | 01,719,496 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
[2009/05/18 10:48:52 | 00,557,056 | ---- | M] (Orbitdownloader.com) -- C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
[2009/01/27 02:27:48 | 00,648,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2009/03/03 19:02:35 | 00,434,176 | ---- | M] () -- C:\Program Files\TwonkyMedia\twonkymediaserver.exe:*:Enabled:TwonkyMediaServer
[2008/02/12 06:44:08 | 00,106,496 | ---- | M] (PacketVideo) -- C:\Program Files\TwonkyMedia\twonkymedia.exe:*:Enabled:TwonkyMedia
[2009/02/06 19:23:32 | 01,170,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync
[2007/03/20 17:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server
[2009/04/17 03:30:12 | 12,438,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2006/06/30 13:26:48 | 02,961,408 | ---- | M] (CMCEI) -- C:\Program Files\NewsBin\nbpro.exe:*:Enabled:Newsbin
[2009/04/18 01:13:34 | 08,700,704 | ---- | M] (SmartSoft Ltd.) -- C:\Program Files\SmartFTP Client\SmartFTP.exe:*:Enabled:SmartFTP Client 3.0
[2007/06/05 14:56:48 | 01,123,920 | ---- | M] (TestOut Corporation) -- C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator
[2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2009/04/03 19:07:56 | 01,446,344 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe
[2009/03/26 23:04:16 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd
[2009/02/06 00:43:22 | 00,079,120 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager
[2009/02/06 00:43:24 | 00,087,312 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi
[2009/02/06 00:30:34 | 05,432,592 | ---- | M] (Pinnacle Systems) -- C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1A30583C-50E2-486D-9E95-335B994D327A}" = A+ 2006 Demo
"{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.19.0.42
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{232E984E-F02D-4DAE-80F4-97884EC52F16}" = MindMapper 2008
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 13
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{2FD9998F-B3F3-10D6-A31E-8E021337EC0B}" = CCC Help English
"{32BBD344-47DB-7027-7E1D-13DB78415784}" = ccc-core-preinstall
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37CC7CD5-849B-4481-ABDE-DEDD164CF0A0}_is1" = F-Secure Online Backup v2.0.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3F3733A5-8322-454D-A638-3B74E1C83752}" = Gadget Installer
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5007E629-8769-44BB-BD51-A20B6DCC5CC9}" = Microsoft Office Accounting 2009
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53276F5A-85AB-4BEF-BAA2-2490975DC006}" = Microsoft Office Accounting 2009 Fixed Asset Manager
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5A098C87-FA43-E81C-B206-4E0ADF7287B5}" = ccc-utility
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}" = iTunes
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6F23C1A3-9F62-470C-BD12-B83F04E67865}" = SmartFTP Client
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71414EC2-0684-4A15-A85A-E0E259D117AF}" = Microangelo Toolset 6
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 SP1 Redistributable
"{78E232B0-C337-4695-BBF0-C1033156CE7B}" = ArtRage 2
"{796CE7A8-37DD-54B3-75CF-E188739B918F}" = TweetDeck
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-008A-0409-0000-0000000FF1CE}" = Microsoft Office 2007 Recent Documents Gadget
"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{93164803-7682-4E09-9C6C-94099544E3A1}" = Google Apps
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AD483998-2E9A-4405-83FF-6E503AF49CBB}" = Microsoft Virtual PC 2007 SP1
"{AFA20D47-69C3-4030-8DF8-D37466E70F13}" = Apple Mobile Device Support
"{B0889CBC-F889-A895-4EE9-8E0260C7D63F}" = Catalyst Control Center HydraVision Full
"{B10A4ACC-118A-8E9D-2CF3-A19BBC73B9C2}" = Catalyst Control Center Graphics Full Existing
"{B31CBE94-F497-9273-5766-DD4E11AA2D55}" = Catalyst Control Center Graphics Full New
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA60C8FC-6712-5116-231C-6C5E05060866}" = Catalyst Control Center Graphics Light
"{BB05D173-9681-4812-A7FA-BD4042A3DA00}" = Alky for Applications (Windows XP)
"{BCDB856C-D247-4DEE-9132-89C02F4D6B8C}_is1" = Sothink SWF Decompiler
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6C148EC-55FB-4FDF-AD4F-ECEA579D040D}" = Microsoft Office Accounting 2009 Equifax Addin
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C9B26742-06BE-3B75-B1DE-7B91B5956A04}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30304
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 0.77
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB30938E-2BCE-4837-9FEB-EB5DAB000235}" = LucisArt 3 ED/SE
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CB654885-263B-E696-5690-3B341C22EC17}" = Catalyst Control Center Core Implementation
"{CD8622F8-58FB-4EBB-BD0B-5F463A2975E1}" = ISAPI_Rewrite Lite
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3880A64-6112-47b7-8BFE-70EEA07B43E0}" = Windows SteadyState
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9AE6BE1-5847-4962-86B0-2A290B7E6C43}" = Microsoft Office Accounting 2009 Tax Integration Add-in
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC0C35E4-CD3D-4F12-95BB-7C74D9467BD7}" = Microsoft Office Accounting 2009 PayPal Addin
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E0520079-4024-8B23-738F-EC0792AA3502}" = ccc-core-static
"{E0CBBB2C-57FE-40BF-8816-44E3AC6BD2D6}" = ResumeMaker Professional
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EE4ACABF-531E-419A-9225-B8E0FA4955AF}" = Zune Language Pack (ES)
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FB62FD97-DAA9-BEE9-1A31-3A47E33F4E24}" = Catalyst Control Center Graphics Previews Common
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"{FF70513F-E3A7-402F-84FB-B7810A064BE2}" = Zune
"3D6F095EF616C719D1E72E6EA2681F3CFA0AE7B8" = Windows Driver Package - NVIDIA Corporation (nvstor32) HDC (07/02/2007 5.10.2600.0995)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"All ATI Software" = ATI - Software Uninstall Utility
"Allok Video Joiner_is1" = Allok Video Joiner 2.2.0
"Any Video Converter_is1" = Any Video Converter 2.7.1
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Back it up!" = Back it up!
"CCleaner" = CCleaner (remove only)
"CertBlaster" = CertBlaster
"CrossLoop_is1" = CrossLoop 2.44
"DamnNFOViewer" = DAMN NFO Viewer v2.10.0032.RC3 (Remove Only)
"DiaryOne_is1" = DiaryOne 6.65
"Dropbox" = Dropbox
"DVD Flick_is1" = DVD Flick 1.3.0.7
"EADM" = EA Download Manager
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 3.5 Home Edition
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.2.4.1
"FreeDNS Update" = FreeDNS Update 1.8.4
"Freenet" = Freenet
"gBurner" = gBurner
"GMX-PhotoPainter_is1" = GMX-PhotoPainter 1.0.0.0636
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KeePass Password Safe_is1" = KeePass Password Safe 1.16
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.6.2 (Full)
"Kristanix Right Click Image Converter" = Right Click Image Converter
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2009" = Microsoft Office Accounting 2009
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"myibay eBay bid sniper_is1" = myibay eBay bid sniper 1.0.40
"NewsBin5" = NewsBin Pro V5
"NoguskaNolaProApacheMySQLphp" = NolaPro By Noguska
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"PFPortChecker" = PFPortChecker 1.0.28
"PhotoRescue Advanced PC_is1" = PhotoRescue Advanced PC 2.1.697
"PIMOne_is1" = PIMOne 5.38
"PowerISO" = PowerISO
"PROPLUS" = Microsoft Office Professional Plus 2007
"Puzzle Quest1.01" = Puzzle Quest
"Ruby-186-27" = Ruby-186-27
"SmartFTP Client 3.0 Setup Files" = SmartFTP Client 3.0 Setup Files (remove only)
"SpamBayes_is1" = SpamBayes 1.0.4
"SystemRequirementsLab" = System Requirements Lab
"TestOut Product Navigator (SA)" = TestOut Navigator (Stand-Alone Version)
"TopStyle (Version 3)" = TopStyle (Version 3)
"TSLite3_is1" = TopStyle Lite (Version 3)
"TwonkyvisionUPnPTwonkyMedia" = TwonkyMedia
"Ultravnc2_is1" = UltraVNC 1.0.5.6
"VDrive" = Vista Drive Indicator!
"VistaGames" = Windows Vista Games All In One
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Sidebar" = Windows Sidebar
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5
"ZoneAlarm" = ZoneAlarm
"Zune" = Zune

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/29/2009 11:09:59 AM | Computer Name = DESKTOP | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
already closed Trace: (null)

Error - 6/29/2009 11:09:59 AM | Computer Name = DESKTOP | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
already closed Trace: (null)

Error - 6/29/2009 11:09:59 AM | Computer Name = DESKTOP | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
already closed Trace: (null)

Error - 6/29/2009 11:09:59 AM | Computer Name = DESKTOP | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
already closed Trace: (null)

Error - 6/29/2009 11:09:59 AM | Computer Name = DESKTOP | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
already closed Trace: (null)

Error - 6/29/2009 11:09:59 AM | Computer Name = DESKTOP | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: class vcfoundation::base::VCIllegalState: IVCPipeServer
already closed Trace: (null)

Error - 6/30/2009 11:12:58 AM | Computer Name = DESKTOP | Source = Adobe Version Cue CS3 | ID = 3
Description = AssetServicesCS3: BIBError: invalid encoding

Error - 7/3/2009 8:55:46 AM | Computer Name = DESKTOP | Source = MsiInstaller | ID = 11706
Description =

Error - 7/3/2009 8:56:36 AM | Computer Name = DESKTOP | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 wizard.exe, P2 4.0.1930.0, P3 48913bc8, P4 mscorlib,
P5 2.0.0.0, P6 492b834a, P7 1c1d, P8 d, P9 system.io.filenotfoundexception, P10
NIL.

Error - 7/3/2009 4:59:24 PM | Computer Name = DESKTOP | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Apache.exe:
Could not determine the server's fully qualified domain name, using 192.168.10.101
for ServerName .

[ System Events ]
Error - 6/12/2009 4:54:31 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Windows SteadyState service.

Error - 6/12/2009 6:29:08 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Windows SteadyState service.

Error - 6/12/2009 6:36:46 PM | Computer Name = DESKTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.10.101 for the Network Card with network
address 001E901D8ED6 has been denied by the DHCP server 192.168.10.1 (The DHCP Server
sent a DHCPNACK message).

Error - 6/12/2009 6:37:25 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Windows SteadyState service.

Error - 6/13/2009 9:10:52 PM | Computer Name = DESKTOP | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 6/13/2009 9:11:00 PM | Computer Name = DESKTOP | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 6/13/2009 9:11:09 PM | Computer Name = DESKTOP | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 6/13/2009 9:11:22 PM | Computer Name = DESKTOP | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 6/13/2009 9:11:28 PM | Computer Name = DESKTOP | Source = TermDD | ID = 655410
Description = The RDP protocol component X.224 detected an error in the protocol
stream and has disconnected the client.

Error - 6/16/2009 1:50:52 PM | Computer Name = DESKTOP | Source = System Error | ID = 1003
Description = Error code 1000000a, parameter1 ffffffe0, parameter2 00000002, parameter3
00000000, parameter4 805373e2.


< End of report >
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#5 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 06 July 2009 - 01:06 PM

Let's begin. :thumbup2:
Please note...........

:) P2P Warning :)

Your log indicates that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

- They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.

- Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.

- The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Note: It is pretty much certain that if you continue to use P2P programs, then you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel>> Add / Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

==========

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

==========

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
==========

Please run OTL again and produce another log for my review.

==========

With your next post please provide:

* MBAM log
* ESET log
* OTL.txt

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#6 Todd Nelson

Todd Nelson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 07 July 2009 - 03:03 PM

Thanks for the thorough instructions and quick response.

I'm also going to post an Avira event because it keeps going off when I reboot:
Virus or unwanted program 'TR/Patched.GY [trojan]'
detected in file 'C:\Program Files\Windows Sidebar\sidebar.exe.
Action performed: Delete file


This happens every time I reboot. A file just keeps renaming itself - it always in the form of kungsftpegvxlr.sys. I delete it, rename it, quarantine it - it just keeps showing up.

Eset Log
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=c76e623b1bde1f4bab7776f0db2a497a
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-07 02:25:46
# local_time=2009-07-06 10:25:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 21 100 100 2075290312500
# scanned=18293
# found=0
# cleaned=0
# scan_time=3265
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=c76e623b1bde1f4bab7776f0db2a497a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-07 10:06:02
# local_time=2009-07-07 06:06:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 21 100 100 2351443125000
# scanned=285696
# found=1
# cleaned=1
# scan_time=22765
C:\WINDOWS\system32\drivers\kungsftpegvxlr.sys.REN probably a variant of Win32/Kryptik.TW trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


MalwareBytes Log
Malwarebytes' Anti-Malware 1.38
Database version: 2378
Windows 5.1.2600 Service Pack 3

7/6/2009 9:23:00 PM
mbam-log-2009-07-06 (21-23-00).txt

Scan type: Quick Scan
Objects scanned: 117975
Time elapsed: 4 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


OTL Log
OTL logfile created on: 7/7/2009 3:43:01 PM - Run 2
OTL by OldTimer - Version 3.0.6.5 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 138.85 Gb Free Space | 46.58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive L: | 111.81 Gb Total Space | 26.50 Gb Free Space | 23.70% Space Free | Partition Type: NTFS

Computer Name: DESKTOP
Current User Name: Todd
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/04/28 22:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2008/05/30 14:41:28 | 00,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe
PRC - [2009/04/28 22:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/06/09 06:39:58 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/06/09 06:39:58 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exe
PRC - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/01/23 15:28:10 | 02,262,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exe
PRC - [2009/06/17 11:27:52 | 00,195,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/05/02 01:15:46 | 00,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/01/14 12:17:49 | 05,701,632 | ---- | M] () -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/06/06 17:55:51 | 00,068,592 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/06/17 11:27:50 | 00,414,992 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/06/06 17:55:52 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2009/03/30 18:26:52 | 08,721,800 | ---- | M] (Agematis) -- C:\Program Files\F-Secure Online Backup\F-Secure Online Backup\fsolb-us.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2009/03/26 23:04:16 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
PRC - [2009/03/26 23:04:22 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
PRC - [2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe
PRC - [2009/03/26 23:04:42 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
PRC - [2009/03/30 18:27:02 | 06,993,288 | ---- | M] () -- C:\Program Files\F-Secure Online Backup\F-Secure Online Backup\AGMailAgent.exe
PRC - [2009/02/06 06:15:13 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/07/05 20:13:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2009/03/08 04:31:54 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedssync.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/03/20 17:41:24 | 00,153,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3 [On_Demand | Stopped])
SRV - [2009/06/09 06:39:58 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/06/09 06:39:58 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/01/17 22:58:36 | 00,020,541 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Noguska\NolaPro\Apache\bin\Apache.exe -- (ApacheNoguskaNolaPro [Auto | Running])
SRV - [2009/03/26 15:31:20 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/04/28 22:04:44 | 00,602,112 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/04/28 21:05:00 | 00,593,920 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/01/11 05:02:00 | 00,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01 [Auto | Running])
SRV - [2009/03/06 17:21:39 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/04/24 19:16:53 | 00,241,664 | ---- | M] (Tanuki Software, Ltd.) -- C:\Program Files\Freenet\bin\wrapper-windows-x86-32.exe -- (freenet [Auto | Stopped])
SRV - [2009/06/12 22:25:11 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9ebce2f859526 [Auto | Stopped])
SRV - [2009/06/06 17:55:49 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/14 07:00:00 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/06/17 11:27:52 | 00,195,856 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Running])
SRV - [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ [Auto | Running])
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2008/01/14 12:17:49 | 05,701,632 | ---- | M] () -- C:\Program Files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe -- (MySQLNoguskaNolaPro [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/02/09 14:18:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2008/12/01 11:49:02 | 00,191,024 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60 [On_Demand | Stopped])
SRV - [2009/03/26 23:04:16 | 00,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService [Auto | Running])
SRV - [2009/03/26 23:04:42 | 00,326,192 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])
SRV - [2009/03/26 23:04:22 | 00,399,920 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/04/14 07:00:00 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [Auto | Running])
SRV - [2008/05/30 14:41:28 | 00,115,728 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows SteadyState\SCTSvc.exe -- (Windows SteadyState [Auto | Running])
SRV - [2009/02/01 18:07:01 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 12:41:02 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneBusEnum.exe -- (ZuneBusEnum [Auto | Running])
SRV - [2008/12/12 12:41:18 | 05,117,568 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 12:41:08 | 00,243,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/04/16 07:46:34 | 00,033,792 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\System32\DRIVERS\AmdPPM.sys -- (AmdPPM [System | Running])
DRV - [2009/04/02 06:13:20 | 00,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32 [Auto | Running])
DRV - [2009/04/28 23:30:44 | 03,643,904 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2007/07/20 18:40:10 | 00,084,992 | ---- | M] (ATI Research Inc.) -- C:\WINDOWS\System32\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/03/24 16:08:22 | 00,055,640 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2009/02/25 20:22:12 | 00,008,704 | ---- | M] () -- C:\WINDOWS\System32\epmntdrv.sys -- (epmntdrv [On_Demand | Stopped])
DRV - [2009/02/25 20:22:12 | 00,003,072 | ---- | M] () -- C:\WINDOWS\System32\EuGdiDrv.sys -- (EuGdiDrv [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/03/26 23:05:34 | 00,032,304 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\hcmon.sys -- (hcmon [Auto | Running])
DRV - [2008/04/14 07:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/11/01 17:38:56 | 04,620,288 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector [On_Demand | Running])
DRV - [2009/02/09 14:18:00 | 06,307,328 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2009/02/01 18:41:16 | 00,100,736 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\drivers\nvatabus.sys -- (nvatabus [Boot | Running])
DRV - [2006/07/11 14:38:28 | 00,057,856 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/07/11 14:38:30 | 00,020,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2008/04/14 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2008/11/02 04:44:10 | 00,056,572 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2008/04/14 07:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/11/17 02:24:00 | 00,051,688 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan [Boot | Running])
DRV - [2009/06/09 06:39:58 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2009/03/26 23:05:36 | 00,054,960 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\vmci.sys -- (vmci [Auto | Running])
DRV - [2009/03/26 23:05:36 | 00,023,216 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys -- (vmkbd [On_Demand | Running])
DRV - [2008/02/12 03:42:38 | 00,232,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\vmm.sys -- (vmm [System | Running])
DRV - [2009/03/26 17:31:12 | 00,016,560 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\System32\DRIVERS\vmnetadapter.sys -- (VMnetAdapter [On_Demand | Running])
DRV - [2009/03/26 17:31:12 | 00,031,280 | R--- | M] (VMware, Inc.) -- C:\WINDOWS\System32\DRIVERS\vmnetbridge.sys -- (VMnetBridge [Auto | Running])
DRV - [2009/03/26 23:05:32 | 00,026,288 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys -- (VMnetuserif [Auto | Running])
DRV - [2009/03/26 23:05:34 | 00,857,520 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\Drivers\vmx86.sys -- (vmx86 [Auto | Running])
DRV - [2008/02/05 01:50:44 | 00,059,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\VMNetSrv.sys -- (VPCNetS2 [On_Demand | Running])
DRV - [2009/02/16 00:10:26 | 00,353,672 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys -- (vsdatant [System | Running])
DRV - [2008/12/01 11:47:08 | 00,022,448 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60 [Auto | Running])
DRV - [2006/11/02 07:00:08 | 00,039,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\WinUSB.sys -- (WinUSB [On_Demand | Stopped])
DRV - [2008/11/10 12:09:32 | 00,040,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\zumbus.sys -- (zumbus [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\S-1-5-21-1214440339-1647877149-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\S-1-5-21-1214440339-1647877149-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.3.3
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.4
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.77
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.1
FF - prefs.js..extensions.enabledItems: orbit_ffext@orbitdownloader:2.02
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.2.1
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.29
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/02/17 22:02:54 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/17 22:05:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/12 00:22:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/12 00:22:09 | 00,000,000 | ---D | M]

[2009/05/26 17:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Extensions
[2009/05/26 17:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009/02/17 23:15:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/07 03:13:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions
[2009/06/19 09:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2009/06/03 21:07:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/06/19 09:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009/06/28 10:42:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2009/06/30 15:23:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009/06/19 09:26:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/06/19 09:26:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\firebug@software.joehewitt.com
[2009/06/29 15:04:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\firefox1@myibay.com
[2009/06/18 18:16:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\mozilla\Firefox\Profiles\u190l8lp.default\extensions\personas@christopher.beard
[2009/06/29 20:07:12 | 00,002,164 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\bing.xml
[2009/07/03 08:55:20 | 00,001,137 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\dictionarycom.xml
[2009/07/03 08:55:20 | 00,005,600 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\pizzatorrent.xml
[2009/07/03 08:55:20 | 00,001,150 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\referencecom---encyclopedia.xml
[2009/07/03 08:55:20 | 00,001,084 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Mozilla\FireFox\Profiles\u190l8lp.default\searchplugins\thesauruscom.xml
[2009/07/07 03:13:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 00:22:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/17 22:05:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/04/16 03:27:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/12 00:22:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 00:22:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/09 05:19:09 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/06/12 00:22:07 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 21:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2007/05/10 23:52:33 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/05/14 05:40:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/05/14 05:40:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/05/14 05:40:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/12/02 04:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 04:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 04:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 04:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 04:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 04:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 04:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS3\contributeieplugin.dll (Adobe Systems Incorporated.)
O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.77.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CrossLoop] C:\Program Files\CrossLoop\CrossLoopConnect.exe (CrossLoop)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Logoff] C:\Program Files\Windows SteadyState\SCTUINotify.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SDFix] File not found
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\.DEFAULT..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe File not found
O4 - HKU\S-1-5-18..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\S-1-5-18..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe File not found
O4 - HKU\S-1-5-20..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe File not found
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [F-Secure Online Backup] C:\Program Files\F-Secure Online Backup\F-Secure Online Backup\fsolb-us.exe (Agematis)
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [Google Update] C:\Documents and Settings\Todd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_3] C:\WINDOWS\System32\advpack.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\Dropbox.lnk = C:\Program Files\Dropbox\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-1214440339-1647877149-682003330-1004_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: DiaryOne: Save full text - C:\Program Files\DiaryOne\Script\fullcatcher.htm ()
O8 - Extra context menu item: DiaryOne: Save selected text - C:\Program Files\DiaryOne\Script\catcher.htm ()
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.8.cab (DLM Control)
O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} https://www.microsoft.com/resources/virtual...iveXClient1.cab (Microsoft Virtual Server VMRC Advanced Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/17 22:00:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/07 15:42:52 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2009/07/06 21:24:07 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/07/06 21:23:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\logs
[2009/07/06 06:45:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\DeepBurner
[2009/07/05 20:44:19 | 00,453,632 | ---- | C] (Borland International) -- C:\WINDOWS\System32\stdvcl40.dll
[2009/07/05 20:44:18 | 00,000,000 | ---D | C] -- C:\Program Files\Web CEO
[2009/07/05 17:28:49 | 00,000,044 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\index.html
[2009/07/05 10:06:55 | 00,001,588 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\keywords.csv
[2009/07/05 09:14:09 | 00,011,608 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\sitemap.xml
[2009/07/05 08:20:23 | 00,000,746 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\DeepBurner.lnk
[2009/07/05 08:20:23 | 00,000,000 | ---D | C] -- C:\Program Files\Astonsoft
[2009/07/04 22:37:54 | 00,001,555 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\mod_praiseurl_1.0.0_v11.zip
[2009/07/04 22:26:22 | 00,293,858 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\IonicIsapiRewriter-1.2.15-src.zip
[2009/07/04 16:13:18 | 00,016,944 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\sitemap.xml
[2009/07/04 15:58:44 | 00,101,103 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_xmap-1.0.4.zip
[2009/07/04 15:32:48 | 00,124,871 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Convoy Containers - Storage...pdf
[2009/07/04 15:14:41 | 01,908,598 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Pages from convoycatalog.png
[2009/07/04 14:56:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\FireShot
[2009/07/04 14:30:18 | 00,001,552 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\httpd.ini
[2009/07/04 14:26:43 | 00,000,000 | ---D | C] -- C:\Program Files\Helicon
[2009/07/04 14:25:20 | 01,298,432 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\isapi_rwl_x86_0073.msi
[2009/07/04 14:09:29 | 00,704,804 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-2.3.2.zip
[2009/07/04 14:05:34 | 00,370,954 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-3.3.1.zip
[2009/07/04 13:45:19 | 00,436,647 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_sh404SEF_1.3.9_build_357.joomla1.0.x.zip
[2009/07/04 11:42:48 | 00,061,857 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\squirrel(2).mp3
[2009/07/04 11:33:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\bitpim
[2009/07/04 11:33:33 | 00,000,000 | ---D | C] -- C:\Program Files\BitPim
[2009/07/04 11:32:39 | 11,754,153 | ---- | C] (Joe Pham <djpham@bitpim.org> ) -- C:\Documents and Settings\Todd\Desktop\bitpim-1.0.6-setup.exe
[2009/07/04 11:23:04 | 00,048,901 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\squirrel.mp3
[2009/07/04 10:26:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\computer logs
[2009/07/03 22:02:30 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2009/07/03 21:51:24 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\HijackThis.lnk
[2009/07/03 21:51:24 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/07/03 21:51:09 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Todd\Desktop\HJTInstall.exe
[2009/07/03 19:39:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2009/07/03 19:39:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2009/07/03 19:39:34 | 00,000,000 | ---D | C] -- C:\Program Files\xerox
[2009/07/03 19:39:33 | 00,000,000 | ---D | C] -- C:\Program Files\msn gaming zone
[2009/07/03 19:39:33 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/07/03 19:30:21 | 00,516,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/07/03 19:27:08 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/07/03 19:22:37 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/07/03 19:20:46 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\SDFix.exe
[2009/07/03 18:56:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\AntiRootkit
[2009/07/03 18:55:55 | 00,311,591 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\AntiRootkit.zip
[2009/07/03 18:00:38 | 00,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/03 18:00:34 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2009/07/03 18:00:33 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2009/07/03 18:00:33 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2009/07/03 18:00:30 | 00,035,208 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2009/07/03 18:00:29 | 01,221,512 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2009/07/03 18:00:29 | 00,309,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2009/07/03 18:00:29 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2009/07/03 18:00:29 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2009/07/03 18:00:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2009/07/03 18:00:29 | 00,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2009/07/03 18:00:28 | 00,353,672 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2009/07/03 18:00:28 | 00,350,192 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/07/03 18:00:00 | 00,482,184 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2009/07/03 18:00:00 | 00,229,256 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2009/07/03 18:00:00 | 00,110,472 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2009/07/03 17:59:56 | 00,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2009/07/03 17:58:23 | 00,267,152 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\zaSetup_en.exe
[2009/07/03 17:16:32 | 00,000,488 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Todd.job
[2009/07/03 17:16:28 | 00,000,474 | ---- | C] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Todd.job
[2009/07/03 17:13:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\Malwarebytes
[2009/07/03 17:13:42 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 17:13:39 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/07/03 17:13:38 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/07/03 17:13:38 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/03 17:13:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/07/03 16:12:14 | 00,000,093 | ---- | C] () -- C:\WINDOWS\System32\kungsfalhraxnf.dat.REN
[2009/07/03 16:11:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\LogoMaker
[2009/07/03 16:11:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\LogoMaker
[2009/07/03 16:10:40 | 00,014,651 | ---- | C] () -- C:\WINDOWS\System32\kungsfiigvtvwv.dat.REN
[2009/07/03 09:30:57 | 00,015,016 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Receipt - PayPal.pdf
[2009/07/03 09:17:33 | 00,033,058 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Cash Sale.pdf
[2009/07/03 09:07:27 | 00,012,485 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Received Payment List.pdf
[2009/07/03 09:03:32 | 00,002,055 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Credit Card Processing - Web Edition 2009.lnk
[2009/07/03 09:03:32 | 00,001,164 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Accounting 2009.lnk
[2009/07/02 08:07:25 | 00,046,561 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\1146449058_2.zip
[2009/06/30 21:28:49 | 00,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004UA.job
[2009/06/30 21:28:49 | 00,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004Core.job
[2009/06/30 20:02:07 | 00,050,089 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\CompTIA_A_220-602.sflb.pdf
[2009/06/30 20:01:40 | 00,069,838 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\Comptia_A_Essentials.sflb.pdf
[2009/06/30 15:18:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\SourceTec
[2009/06/30 15:18:32 | 00,000,023 | ---- | C] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/30 15:18:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SourceTec
[2009/06/30 15:18:24 | 00,000,000 | ---D | C] -- C:\Program Files\SourceTec
[2009/06/30 15:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\convoycontainers
[2009/06/30 00:32:11 | 00,006,626 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\mod_content_links_v1-5.zip
[2009/06/30 00:25:15 | 00,004,812 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\mod_catarticles-100.zip
[2009/06/29 20:53:04 | 00,039,365 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.pdf
[2009/06/29 20:51:06 | 00,022,548 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.docx
[2009/06/29 20:43:36 | 00,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/06/29 20:43:35 | 00,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/29 19:57:38 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/06/29 19:57:27 | 00,956,344 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\SaveAsPDFandXPS.exe
[2009/06/29 15:20:35 | 00,001,620 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Freenet.lnk
[2009/06/29 15:20:16 | 00,000,000 | ---D | C] -- C:\Program Files\Freenet
[2009/06/29 15:19:41 | 09,197,472 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\FreenetInstaller-1222.exe
[2009/06/29 11:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Icons and Cursors
[2009/06/29 11:32:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Microangelo Toolset 6
[2009/06/29 11:32:03 | 00,000,000 | ---D | C] -- C:\Program Files\Microangelo Toolset 6
[2009/06/29 11:31:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\fo-ma6
[2009/06/29 11:21:47 | 08,435,390 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\fo-ma6.zip
[2009/06/29 11:00:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\icon-plugin
[2009/06/29 11:00:47 | 00,651,660 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\icon-plugin.zip
[2009/06/29 10:17:20 | 00,119,183 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\corrcont.pdf
[2009/06/28 15:42:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\.myibay
[2009/06/28 15:42:29 | 00,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\myibay eBay bid sniper.lnk
[2009/06/28 15:42:27 | 00,000,000 | ---D | C] -- C:\Program Files\myibay
[2009/06/28 09:14:48 | 01,343,844 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\FileZilla_3.2.5_win32-setup.exe
[2009/06/27 17:47:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\dvd
[2009/06/27 17:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\DVD Flick
[2009/06/27 17:41:50 | 00,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2009/06/27 17:41:50 | 00,028,672 | ---- | C] (-) -- C:\WINDOWS\System32\mousewheel.ocx
[2009/06/27 17:41:49 | 00,000,000 | ---D | C] -- C:\Program Files\DVD Flick
[2009/06/27 16:34:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\ebook
[2009/06/27 09:20:08 | 00,475,136 | ---- | C] (Sequiter Software Inc.) -- C:\WINDOWS\lk_c4.dll
[2009/06/27 09:20:08 | 00,399,872 | ---- | C] () -- C:\WINDOWS\c4dstand.dll
[2009/06/27 09:20:08 | 00,000,050 | ---- | C] () -- C:\WINDOWS\app.ini
[2009/06/27 09:20:03 | 00,000,000 | ---D | C] -- C:\Program Files\LKMH
[2009/06/27 09:20:02 | 01,644,032 | ---- | C] (LearnKey, Inc.) -- C:\WINDOWS\LKMHDemo.exe
[2009/06/27 09:20:02 | 00,003,362 | ---- | C] () -- C:\WINDOWS\LKMHDemo.ini
[2009/06/27 09:20:02 | 00,002,238 | ---- | C] () -- C:\WINDOWS\LK.ico
[2009/06/27 09:20:02 | 00,000,304 | ---- | C] () -- C:\WINDOWS\LKMH_Demo_Cfg.ini
[2009/06/27 09:19:40 | 00,001,956 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Total Tester A+ 2006 Demo.lnk
[2009/06/27 09:19:37 | 00,000,000 | ---D | C] -- C:\Program Files\Your Company Name
[2009/06/27 09:19:36 | 00,000,000 | ---D | C] -- C:\Program Files\Total Seminars
[2009/06/27 01:42:46 | 00,190,569 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\0627090121.mp3
[2009/06/26 19:16:09 | 22,300,579 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\fo-9p3c.zip
[2009/06/25 16:44:50 | 00,000,011 | ---- | C] () -- C:\WINDOWS\EuBcd.ini
[2009/06/24 18:21:39 | 00,002,199 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Todd.lnk
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.tgz
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2009/06/24 11:36:52 | 00,000,219 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/06/24 11:36:52 | 00,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/06/24 11:36:52 | 00,000,087 | ---- | C] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/06/24 11:36:52 | 00,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2009/06/24 11:36:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
[2009/06/24 10:57:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Adobe
[2009/06/24 10:37:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\DivX
[2009/06/24 10:37:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Pinnacle VideoSpin
[2009/06/24 10:35:52 | 00,000,822 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle VideoSpin.lnk
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Yahoo!
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Pinnacle
[2009/06/24 10:35:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle VideoSpin
[2009/06/24 10:34:47 | 00,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/06/24 10:34:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/06/24 10:34:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Downloaded Installations
[2009/06/24 10:12:22 | 17,020,3312 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\VideoSpin_2_0_Setup.exe
[2009/06/23 23:19:02 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\3B3AC3B1.D77
[2009/06/23 22:33:18 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\BF3255BE.83A
[2009/06/23 22:33:18 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\305BA05B.AFD
[2009/06/23 22:32:12 | 00,209,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TABCTL32.OCX
[2009/06/23 22:32:12 | 00,032,768 | ---- | C] (Celexis, Inc.) -- C:\WINDOWS\System32\FatListCtl.ocx
[2009/06/23 22:32:11 | 00,802,816 | ---- | C] (dti Publishing, Corp.) -- C:\WINDOWS\System32\CLXCLI27.dll
[2009/06/23 22:32:11 | 00,000,000 | ---D | C] -- C:\Program Files\CertBlaster
[2009/06/23 21:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\F-Secure Online Backup
[2009/06/23 21:19:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure Online Backup
[2009/06/23 21:19:04 | 00,000,987 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\F-Secure Online Backup.lnk
[2009/06/23 21:19:02 | 00,000,000 | ---D | C] -- C:\Program Files\F-Secure Online Backup
[2009/06/23 13:12:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Work
[2009/06/20 12:20:02 | 00,013,627 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\ISA.docx
[2009/06/19 15:43:02 | 10,528,839 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\SysinternalsSuite.zip
[2009/06/19 10:16:40 | 00,125,952 | ---- | C] () -- C:\WINDOWS\System32\biucntxt.dll
[2009/06/19 10:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\Back it up!
[2009/06/19 10:16:31 | 00,796,672 | ---- | C] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2009/06/19 08:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\Microsoft Corporation
[2009/06/18 17:20:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Visual Studio 2008
[2009/06/18 17:18:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 9.0
[2009/06/18 17:18:11 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Merge Modules
[2009/06/18 17:17:24 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2009/06/18 17:12:06 | 02,728,440 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\vcsetup.exe
[2009/06/17 17:48:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Small Business Accounting
[2009/06/17 17:47:11 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Small Business
[2009/06/17 17:43:03 | 00,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2009/06/17 17:40:37 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2009/06/16 13:45:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009/06/14 19:51:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\KeePass
[2009/06/14 19:48:34 | 00,000,000 | ---D | C] -- C:\Program Files\KeePass Password Safe
[2009/06/14 19:45:10 | 16,926,7288 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\MOA2009USExp.exe
[2009/06/13 15:40:20 | 00,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\NolaPro by Noguska.lnk
[2009/06/13 15:39:38 | 00,000,000 | ---D | C] -- C:\Program Files\Noguska
[2009/06/12 22:40:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\crystal
[2009/06/12 22:40:44 | 00,015,184 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\crystal.zip
[2009/06/12 22:25:22 | 00,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\toddpetersonpro.com Calendar.lnk
[2009/06/12 21:37:59 | 41,955,070 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\4483.zip
[2009/06/12 19:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\My Documents\Mac OS X Leopard
[2009/06/12 18:53:13 | 53,970,722 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\NOLAPRO-AMP.exe
[2009/06/12 18:33:33 | 00,055,856 | R--- | C] () -- C:\WINDOWS\System32\vnetinst.dll
[2009/06/12 18:33:33 | 00,016,560 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetadapter.sys
[2009/06/12 18:33:31 | 00,326,192 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
[2009/06/12 18:33:30 | 00,399,920 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
[2009/06/12 18:33:29 | 00,026,288 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetuserif.sys
[2009/06/12 18:33:27 | 00,050,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetbridge.dll
[2009/06/12 18:33:27 | 00,031,280 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnetbridge.sys
[2009/06/12 18:33:27 | 00,018,736 | R--- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\vmnet.sys
[2009/06/12 18:33:26 | 00,723,504 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\vnetlib.dll
[2009/06/12 18:33:14 | 00,023,216 | ---- | C] (VMware, Inc.) -- C:\WINDOWS\System32\drivers\VMkbd.sys
[2009/06/12 18:33:09 | 00,001,679 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VMware Workstation.lnk
[2009/06/12 18:31:38 | 00,000,000 | ---D | C] -- C:\Program Files\VMware
[2009/06/12 17:14:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\VMware
[2009/06/11 22:13:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Local Settings\Application Data\RcIncidents
[2009/06/11 21:36:57 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/06/11 21:36:57 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/06/11 14:34:56 | 00,585,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[2009/06/11 12:59:05 | 00,346,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\localspl.dll
[2009/06/11 11:48:49 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2009/06/10 19:46:16 | 00,001,024 | ---- | C] () -- C:\.rnd
[2009/06/10 19:46:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VMware
[2009/06/10 18:41:40 | 00,002,367 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Massillon_ Ohio (44646) Conditions & Forecast _ Weather Undergro.lnk
[2009/06/10 18:21:58 | 00,000,845 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\Shortcut to CompTIA A+ (A Plus) TestOut Training for Tests 220-601 & 220-602.lnk
[2009/06/10 14:22:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\rt_synapse
[2009/06/10 08:44:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\ajaxcontact
[2009/06/10 08:28:32 | 00,045,844 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\ajaxcontact.zip
[2009/06/10 08:16:38 | 00,011,024 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_contactsafe 1_0_6.zip
[2009/06/10 07:38:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\JoomlaPatches1.0.15-v1.0.0 for securityimages 4.x only
[2009/06/10 07:38:08 | 00,066,418 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\JoomlaPatches1.0.15-v1.0.0 for securityimages 4.x only.zip
[2009/06/10 07:30:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\com_securityimages4.3.3
[2009/06/10 07:18:55 | 01,656,940 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\com_securityimages4.3.3.zip
[2009/06/10 04:16:34 | 09,212,846 | ---- | C] () -- C:\Documents and Settings\Todd\My Documents\convoycatalogedit.pdf
[2009/06/09 23:37:52 | 00,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2009/06/09 23:37:51 | 00,000,211 | -H-- | C] () -- C:\Boot.BAK
[2009/06/09 23:37:50 | 00,383,200 | RHS- | C] () -- C:\bootmgr
[2009/06/09 23:37:50 | 00,000,000 | -HSD | C] -- C:\Boot
[2009/06/09 19:48:08 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/06/09 14:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Application Data\SpamBayes
[2009/06/09 14:38:33 | 00,000,000 | ---D | C] -- C:\Program Files\SpamBayes
[2009/06/09 14:38:11 | 03,025,816 | ---- | C] ( ) -- C:\Documents and Settings\Todd\Desktop\spambayes-1.0.4.exe
[2009/06/09 13:22:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\New Folder
[2009/06/06 12:20:26 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2009/06/06 12:20:26 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2009/06/06 12:20:10 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2009/06/06 12:20:09 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2009/06/06 12:20:08 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2009/06/04 00:57:48 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2009/06/04 00:57:48 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2009/06/04 00:57:48 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2009/03/06 17:31:38 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2009/02/27 02:21:24 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/02/27 02:21:23 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/02/27 02:21:22 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/02/27 02:21:22 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/02/27 02:21:21 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/02/17 22:07:14 | 00,000,080 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/02/09 14:18:00 | 01,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/02/09 14:18:00 | 01,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/02/09 14:18:00 | 01,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/02/09 14:18:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/02/01 17:59:02 | 00,394,240 | ---- | C] () -- C:\WINDOWS\System32\HMTCD.dll
[2008/09/12 16:21:02 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/14 07:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\CopyToSendTo.dll
[2008/04/14 07:00:00 | 00,000,693 | ---- | C] () -- C:\WINDOWS\win.ini
[2008/04/14 07:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/01/26 01:04:12 | 00,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007/01/26 01:04:12 | 00,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006/08/23 13:48:40 | 00,319,488 | ---- | C] () -- C:\WINDOWS\System32\EfTidy.dll
[2005/12/21 12:52:12 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\vbzlib1.dll
[2005/06/07 03:05:43 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/07 15:43:20 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{72F75279-E9D7-48BC-83BE-137C264A8E10}.job
[2009/07/07 15:41:34 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/07/07 15:40:30 | 00,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2009/07/07 15:39:50 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/07 15:39:44 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/07 15:39:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/07 15:39:07 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/07 15:39:04 | 00,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2009/07/07 14:48:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/07 14:33:00 | 00,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004UA.job
[2009/07/07 02:10:49 | 00,000,488 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for Todd.job
[2009/07/07 02:00:14 | 00,000,474 | ---- | M] () -- C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Todd.job
[2009/07/06 21:33:00 | 00,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004Core.job
[2009/07/06 06:44:54 | 00,663,318 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/07/06 06:44:54 | 00,544,142 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/07/06 06:44:54 | 00,108,382 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/07/05 20:13:50 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2009/07/05 17:28:49 | 00,000,044 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\index.html
[2009/07/05 10:06:55 | 00,001,588 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\keywords.csv
[2009/07/05 09:14:09 | 00,011,608 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\sitemap.xml
[2009/07/05 08:24:44 | 00,026,624 | ---- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 08:20:23 | 00,000,746 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\DeepBurner.lnk
[2009/07/04 22:37:54 | 00,001,555 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\mod_praiseurl_1.0.0_v11.zip
[2009/07/04 22:26:22 | 00,293,858 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\IonicIsapiRewriter-1.2.15-src.zip
[2009/07/04 16:13:18 | 00,016,944 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\sitemap.xml
[2009/07/04 15:58:44 | 00,101,103 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_xmap-1.0.4.zip
[2009/07/04 15:32:48 | 00,124,871 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Convoy Containers - Storage...pdf
[2009/07/04 15:14:42 | 01,908,598 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Pages from convoycatalog.png
[2009/07/04 14:30:18 | 00,001,552 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\httpd.ini
[2009/07/04 14:25:26 | 01,298,432 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\isapi_rwl_x86_0073.msi
[2009/07/04 14:18:54 | 00,704,804 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-2.3.2.zip
[2009/07/04 14:05:34 | 00,370,954 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_joomsef-3.3.1.zip
[2009/07/04 13:45:20 | 00,436,647 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_sh404SEF_1.3.9_build_357.joomla1.0.x.zip
[2009/07/04 11:42:48 | 00,061,857 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\squirrel(2).mp3
[2009/07/04 11:33:19 | 11,754,153 | ---- | M] (Joe Pham <djpham@bitpim.org> ) -- C:\Documents and Settings\Todd\Desktop\bitpim-1.0.6-setup.exe
[2009/07/04 11:23:04 | 00,048,901 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\squirrel.mp3
[2009/07/03 22:02:30 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\dds.scr
[2009/07/03 21:51:24 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\HijackThis.lnk
[2009/07/03 21:51:17 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Todd\Desktop\HJTInstall.exe
[2009/07/03 19:31:40 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/07/03 19:30:21 | 00,516,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/07/03 19:21:18 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\SDFix.exe
[2009/07/03 19:10:06 | 00,000,693 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/03 18:55:55 | 00,311,591 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\AntiRootkit.zip
[2009/07/03 18:38:52 | 00,014,651 | ---- | M] () -- C:\WINDOWS\System32\kungsfiigvtvwv.dat.REN
[2009/07/03 18:00:38 | 00,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2009/07/03 17:58:23 | 00,267,152 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\zaSetup_en.exe
[2009/07/03 17:54:13 | 00,000,093 | ---- | M] () -- C:\WINDOWS\System32\kungsfalhraxnf.dat.REN
[2009/07/03 17:13:42 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/07/03 09:30:57 | 00,015,016 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Receipt - PayPal.pdf
[2009/07/03 09:21:22 | 00,033,058 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Cash Sale.pdf
[2009/07/03 09:07:27 | 00,012,485 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Received Payment List.pdf
[2009/07/03 09:00:53 | 00,002,055 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Credit Card Processing - Web Edition 2009.lnk
[2009/07/03 09:00:53 | 00,001,164 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Accounting 2009.lnk
[2009/07/02 08:07:26 | 00,046,561 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\1146449058_2.zip
[2009/06/30 20:02:07 | 00,050,089 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\CompTIA_A_220-602.sflb.pdf
[2009/06/30 20:01:40 | 00,069,838 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\Comptia_A_Essentials.sflb.pdf
[2009/06/30 15:18:32 | 00,000,023 | ---- | M] () -- C:\WINDOWS\SWFDecompiler.INI
[2009/06/30 00:32:11 | 00,006,626 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\mod_content_links_v1-5.zip
[2009/06/30 00:25:16 | 00,004,812 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\mod_catarticles-100.zip
[2009/06/29 20:53:16 | 00,039,365 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.pdf
[2009/06/29 20:51:06 | 00,022,548 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\INVOICE.docx
[2009/06/29 19:57:28 | 00,956,344 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\SaveAsPDFandXPS.exe
[2009/06/29 15:20:35 | 00,001,620 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Freenet.lnk
[2009/06/29 15:20:00 | 09,197,472 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\FreenetInstaller-1222.exe
[2009/06/29 11:22:48 | 08,435,390 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\fo-ma6.zip
[2009/06/29 11:00:47 | 00,651,660 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\icon-plugin.zip
[2009/06/29 10:17:20 | 00,119,183 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\corrcont.pdf
[2009/06/28 15:42:29 | 00,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\myibay eBay bid sniper.lnk
[2009/06/28 09:14:51 | 01,343,844 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\FileZilla_3.2.5_win32-setup.exe
[2009/06/28 09:06:44 | 00,083,176 | ---- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/06/27 15:29:35 | 01,593,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/27 09:20:08 | 00,000,304 | ---- | M] () -- C:\WINDOWS\LKMH_Demo_Cfg.ini
[2009/06/27 09:19:40 | 00,001,956 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Total Tester A+ 2006 Demo.lnk
[2009/06/27 01:42:50 | 00,190,569 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\0627090121.mp3
[2009/06/26 19:19:10 | 22,300,579 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\fo-9p3c.zip
[2009/06/26 16:51:50 | 02,795,868 | -H-- | M] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\IconCache.db
[2009/06/26 10:28:08 | 00,001,728 | -H-- | M] () -- C:\Documents and Settings\Todd\My Documents\Default.rdp
[2009/06/25 16:48:48 | 00,000,841 | RH-- | M] () -- C:\WINDOWS\EPMBatch.ept
[2009/06/25 16:44:50 | 00,000,011 | ---- | M] () -- C:\WINDOWS\EuBcd.ini
[2009/06/24 18:21:39 | 00,002,199 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Todd.lnk
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.tgz
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth2.dll
[2009/06/24 11:36:52 | 00,001,025 | ---- | M] () -- C:\WINDOWS\System32\clauth1.dll
[2009/06/24 11:36:52 | 00,000,219 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.tgz
[2009/06/24 11:36:52 | 00,000,205 | ---- | M] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/06/24 11:36:52 | 00,000,087 | ---- | M] () -- C:\WINDOWS\System32\ssprs.tgz
[2009/06/24 11:36:52 | 00,000,073 | ---- | M] () -- C:\WINDOWS\System32\ssprs.dll
[2009/06/24 10:58:26 | 00,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\PCLECHAL.INI
[2009/06/24 10:35:52 | 00,000,822 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Pinnacle VideoSpin.lnk
[2009/06/24 10:33:34 | 17,020,3312 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\VideoSpin_2_0_Setup.exe
[2009/06/23 23:19:02 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\3B3AC3B1.D77
[2009/06/23 22:33:18 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\BF3255BE.83A
[2009/06/23 22:33:18 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\305BA05B.AFD
[2009/06/23 21:19:04 | 00,000,987 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\F-Secure Online Backup.lnk
[2009/06/20 12:20:02 | 00,013,627 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\ISA.docx
[2009/06/19 15:49:33 | 10,528,839 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\SysinternalsSuite.zip
[2009/06/19 10:16:32 | 00,796,672 | ---- | M] (Qsc) -- C:\WINDOWS\GPInstall.exe
[2009/06/18 17:12:09 | 02,728,440 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\vcsetup.exe
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/14 19:54:58 | 16,926,7288 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Todd\Desktop\MOA2009USExp.exe
[2009/06/13 15:40:20 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\NolaPro by Noguska.lnk
[2009/06/12 22:40:44 | 00,015,184 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\crystal.zip
[2009/06/12 22:25:22 | 00,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\toddpetersonpro.com Calendar.lnk
[2009/06/12 21:45:23 | 41,955,070 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\4483.zip
[2009/06/12 19:18:48 | 53,970,722 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\NOLAPRO-AMP.exe
[2009/06/12 18:33:12 | 00,001,024 | ---- | M] () -- C:\.rnd
[2009/06/12 18:33:09 | 00,001,679 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VMware Workstation.lnk
[2009/06/12 03:04:07 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/10 18:41:40 | 00,002,367 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Massillon_ Ohio (44646) Conditions & Forecast _ Weather Undergro.lnk
[2009/06/10 18:21:58 | 00,000,845 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Shortcut to CompTIA A+ (A Plus) TestOut Training for Tests 220-601 & 220-602.lnk
[2009/06/10 08:28:32 | 00,045,844 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\ajaxcontact.zip
[2009/06/10 08:16:39 | 00,011,024 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_contactsafe 1_0_6.zip
[2009/06/10 07:38:09 | 00,066,418 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\JoomlaPatches1.0.15-v1.0.0 for securityimages 4.x only.zip
[2009/06/10 07:19:30 | 01,656,940 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\com_securityimages4.3.3.zip
[2009/06/10 04:49:32 | 09,431,145 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\convoycatalog.pdf
[2009/06/10 04:42:54 | 09,212,846 | ---- | M] () -- C:\Documents and Settings\Todd\My Documents\convoycatalogedit.pdf
[2009/06/09 23:37:52 | 00,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009/06/09 23:37:51 | 00,000,355 | -HS- | M] () -- C:\boot.ini
[2009/06/09 19:22:32 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2009/06/09 19:22:32 | 00,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2009/06/09 14:38:17 | 03,025,816 | ---- | M] ( ) -- C:\Documents and Settings\Todd\Desktop\spambayes-1.0.4.exe
[2009/06/09 06:39:58 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 190 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DE039443
@Alternate Data Stream - 189 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:408F95E5
@Alternate Data Stream - 177 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:21F11E8D
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:48CF36A1
< End of report >

#7 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 07 July 2009 - 07:04 PM

Well done.
Thanks for the detailed info.
Let's proceed.
Please do this.............

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
==========

Download and Run ComboFix (by sUBs)

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


==========

With your next post please provide:

* Combofix.txt
* How is your computer running now?

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#8 Todd Nelson

Todd Nelson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 08 July 2009 - 07:12 AM

As far as system performance, it's normal. I know a good clean install would be wonderful, but that's what I'm trying to work around here.

Once again, I'll include the last scan from Avira AV because it is still detecting what it thinks is malicious. MalwareBytes is detecting nothing - Even after several reboots.

Here are the latest logs:

Combo Fix Log:

ComboFix 09-07-07.A2 - Todd 07/07/2009 23:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2328 [GMT -4:00]
Running from: c:\documents and settings\Todd\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\INSTALL.LOG
c:\windows\system32\ATIODCLI.exe
c:\windows\system32\ATIODE.exe
c:\windows\system32\kungsfalhraxnf.dat.REN
c:\windows\system32\kungsfiigvtvwv.dat.REN
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll
c:\windows\system32\vbzlib1.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kungsflfgoypdn


((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-07 01:24 . 2009-07-07 01:24 -------- d-----w- c:\program files\ESET
2009-07-06 10:45 . 2009-07-06 10:46 -------- d-----w- c:\documents and settings\Todd\Application Data\DeepBurner
2009-07-06 00:44 . 2000-01-24 10:01 453632 ----a-w- c:\windows\system32\stdvcl40.dll
2009-07-06 00:44 . 2009-07-06 00:44 -------- d-----w- c:\program files\Web CEO
2009-07-05 19:57 . 2009-07-05 19:57 1915520 ----a-w- c:\documents and settings\Todd\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-05 12:20 . 2009-07-05 12:20 -------- d-----w- c:\program files\Astonsoft
2009-07-04 18:56 . 2009-07-04 18:56 -------- d-----w- c:\documents and settings\Todd\Application Data\FireShot
2009-07-04 18:26 . 2009-07-04 18:26 26624 ----a-r- c:\documents and settings\Todd\Application Data\Microsoft\Installer\{CD8622F8-58FB-4EBB-BD0B-5F463A2975E1}\IconFD2FD2AF.exe
2009-07-04 18:26 . 2009-07-04 18:26 -------- d-----w- c:\program files\Helicon
2009-07-04 15:33 . 2009-07-04 15:33 -------- d-----w- c:\program files\BitPim
2009-07-04 01:51 . 2009-07-04 01:51 -------- d-----w- c:\program files\Trend Micro
2009-07-03 23:39 . 2009-07-03 23:39 -------- d-----w- c:\windows\system32\xircom
2009-07-03 23:39 . 2009-07-03 23:39 -------- d-----w- c:\windows\system32\wbem\snmp
2009-07-03 23:39 . 2009-07-03 23:39 -------- d-----w- c:\windows\srchasst
2009-07-03 23:39 . 2009-07-03 23:39 -------- d-----w- c:\program files\microsoft frontpage
2009-07-03 23:30 . 2009-07-03 23:30 516096 ----a-w- c:\windows\system32\dllcache\user32.dll
2009-07-03 23:27 . 2009-07-03 23:27 -------- d-----w- c:\windows\ERUNT
2009-07-03 23:22 . 2009-07-03 23:48 -------- d-----w- C:\SDFix
2009-07-03 21:59 . 2009-07-07 22:43 -------- d-----w- c:\windows\Internet Logs
2009-07-03 21:13 . 2009-07-03 21:13 -------- d-----w- c:\documents and settings\Todd\Application Data\Malwarebytes
2009-07-03 21:13 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-03 21:13 . 2009-07-03 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-03 21:13 . 2009-07-03 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-03 21:13 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-03 20:31 . 2009-07-03 20:31 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-07-03 20:11 . 2009-07-03 20:11 -------- d-----w- c:\documents and settings\Todd\Application Data\LogoMaker
2009-06-30 19:18 . 2009-06-30 19:18 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\SourceTec
2009-06-30 19:18 . 2009-06-30 19:18 -------- d-----w- c:\program files\Common Files\SourceTec
2009-06-30 19:18 . 2009-06-30 19:18 -------- d-----w- c:\program files\SourceTec
2009-06-30 00:43 . 2009-06-30 00:43 -------- d-----w- c:\documents and settings\Freenet\Local Settings\Application Data\Google
2009-06-29 23:57 . 2009-06-29 23:57 -------- d-----w- c:\program files\MSECache
2009-06-29 15:32 . 2009-06-29 15:32 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Microangelo Toolset 6
2009-06-29 15:32 . 2009-06-29 15:32 -------- d-----w- c:\program files\Microangelo Toolset 6
2009-06-28 19:42 . 2009-06-28 19:42 -------- d-----w- c:\documents and settings\Todd\Application Data\.myibay
2009-06-28 19:42 . 2009-06-28 19:42 -------- d-----w- c:\program files\myibay
2009-06-27 21:42 . 2009-07-01 05:34 -------- d-----w- c:\documents and settings\Todd\Application Data\DVD Flick
2009-06-27 21:41 . 2009-06-27 21:41 -------- d-----w- c:\program files\DVD Flick
2009-06-27 13:20 . 2005-05-26 06:00 475136 ----a-w- c:\windows\lk_c4.dll
2009-06-27 13:20 . 2005-05-26 06:00 399872 ----a-w- c:\windows\c4dstand.dll
2009-06-27 13:20 . 2009-06-27 13:20 -------- d-----w- c:\program files\LKMH
2009-06-27 13:20 . 2006-06-07 21:19 1644032 ----a-w- c:\windows\LKMHDemo.exe
2009-06-27 13:19 . 2009-06-27 13:19 -------- d-----w- c:\program files\Your Company Name
2009-06-27 13:19 . 2009-06-27 13:19 -------- d-----w- c:\program files\Total Seminars
2009-06-25 20:51 . 2009-07-08 03:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2009-06-25 20:50 . 2009-06-25 20:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-06-25 10:29 . 2009-06-25 10:29 -------- d-----w- c:\documents and settings\Test\Local Settings\Application Data\ATI
2009-06-25 10:29 . 2009-06-25 10:29 -------- d-----w- c:\documents and settings\Test\Application Data\ATI
2009-06-25 10:28 . 2009-06-25 10:28 -------- d-sh--w- c:\documents and settings\Test\IETldCache
2009-06-24 15:36 . 2009-06-24 15:36 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-06-24 15:36 . 2009-06-24 15:36 1025 ----a-w- c:\windows\system32\clauth2.dll
2009-06-24 15:36 . 2009-06-24 15:36 1025 ----a-w- c:\windows\system32\clauth1.dll
2009-06-24 15:36 . 2009-06-24 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Minnetonka Audio Software
2009-06-24 14:37 . 2009-06-24 14:37 -------- d-----w- c:\documents and settings\Todd\Application Data\DivX
2009-06-24 14:35 . 2009-06-24 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle VideoSpin
2009-06-24 14:35 . 2009-06-24 14:35 -------- d-----w- c:\program files\Pinnacle
2009-06-24 14:35 . 2009-06-24 14:35 -------- d-----w- c:\program files\Common Files\Yahoo!
2009-06-24 14:34 . 2009-06-24 14:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle
2009-06-24 14:34 . 2009-06-24 14:34 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Downloaded Installations
2009-06-24 02:32 . 2009-06-24 03:35 -------- d-----w- c:\program files\CertBlaster
2009-06-24 02:32 . 2005-11-29 13:53 802816 ----a-w- c:\windows\system32\CLXCLI27.dll
2009-06-24 01:19 . 2009-06-24 01:19 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\F-Secure Online Backup
2009-06-24 01:19 . 2009-06-24 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure Online Backup
2009-06-24 01:19 . 2009-06-24 01:19 -------- d-----w- c:\program files\F-Secure Online Backup
2009-06-19 14:16 . 2001-06-28 15:34 125952 ----a-w- c:\windows\system32\biucntxt.dll
2009-06-19 14:16 . 2009-06-19 14:19 -------- d-----w- c:\program files\Back it up!
2009-06-19 14:16 . 2009-06-19 14:16 796672 ----a-w- c:\windows\GPInstall.exe
2009-06-19 13:27 . 2009-06-02 02:36 3184128 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS-0.77.dll
2009-06-19 13:27 . 2009-03-20 03:46 102400 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin-0.77.dll
2009-06-19 13:26 . 2009-06-02 02:36 3184128 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
2009-06-19 13:26 . 2009-04-23 16:47 28672 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
2009-06-19 13:26 . 2009-03-20 03:57 40960 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
2009-06-19 13:26 . 2009-03-20 03:46 102400 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
2009-06-19 13:26 . 2008-02-17 21:16 90112 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-06-19 13:26 . 2007-12-28 15:15 172032 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-06-19 13:26 . 2007-10-08 05:57 307200 ------w- c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-06-19 12:42 . 2009-06-19 12:42 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Microsoft Corporation
2009-06-18 21:21 . 2009-06-18 21:21 112640 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2009-06-18 21:20 . 2009-06-18 21:20 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2009-06-18 21:18 . 2009-06-18 21:19 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-06-18 21:18 . 2009-06-18 21:18 -------- d-----w- c:\program files\Common Files\Merge Modules
2009-06-18 21:17 . 2009-06-18 21:17 -------- d-----w- c:\program files\Microsoft SDKs
2009-06-17 21:47 . 2009-07-03 13:01 -------- d-----w- c:\program files\Microsoft Small Business
2009-06-17 21:43 . 2009-06-17 21:43 -------- d-----w- c:\program files\MSXML 6.0
2009-06-17 21:40 . 2009-06-19 07:08 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-14 23:51 . 2009-06-14 23:51 -------- d-----w- c:\documents and settings\Todd\Application Data\KeePass
2009-06-14 23:48 . 2009-06-14 23:48 -------- d-----w- c:\program files\KeePass Password Safe
2009-06-13 19:39 . 2009-06-13 19:39 -------- d-----w- c:\program files\Noguska
2009-06-13 02:25 . 2009-06-13 02:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-12 22:33 . 2009-03-26 21:31 55856 ----a-r- c:\windows\system32\vnetinst.dll
2009-06-12 22:33 . 2009-03-26 21:31 16560 ----a-r- c:\windows\system32\drivers\vmnetadapter.sys
2009-06-12 22:33 . 2009-03-27 03:04 326192 ----a-w- c:\windows\system32\vmnetdhcp.exe
2009-06-12 22:33 . 2009-03-27 03:04 399920 ----a-w- c:\windows\system32\vmnat.exe
2009-06-12 22:33 . 2009-03-27 03:05 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2009-06-12 22:33 . 2009-03-26 21:31 50736 ----a-r- c:\windows\system32\vmnetbridge.dll
2009-06-12 22:33 . 2009-03-26 21:31 31280 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2009-06-12 22:33 . 2009-03-26 21:31 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2009-06-12 22:33 . 2009-03-27 03:04 723504 ----a-w- c:\windows\system32\vnetlib.dll
2009-06-12 22:33 . 2009-03-27 03:05 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2009-06-12 22:31 . 2009-06-12 22:31 -------- d-----w- c:\program files\VMware
2009-06-12 21:14 . 2009-07-06 23:34 -------- d-----w- c:\documents and settings\Todd\Application Data\VMware
2009-06-12 10:38 . 2009-06-12 10:38 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-06-12 02:13 . 2009-07-06 23:41 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\RcIncidents
2009-06-12 01:36 . 2009-04-30 21:22 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-06-12 01:36 . 2009-04-30 21:22 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 18:34 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll
2009-06-11 16:59 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll
2009-06-11 15:48 . 2009-05-21 18:46 268288 ------w- c:\windows\system32\dllcache\httpext.dll
2009-06-10 23:47 . 2009-06-16 17:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2009-06-10 23:46 . 2009-07-08 03:35 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-06-10 03:37 . 2009-06-10 03:37 -------- d-sh--w- C:\Boot
2009-06-09 18:39 . 2009-06-09 18:39 -------- d-----w- c:\documents and settings\Todd\Application Data\SpamBayes
2009-06-09 18:38 . 2009-06-09 18:38 -------- d-----w- c:\program files\SpamBayes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-08 03:35 . 2009-05-11 09:55 -------- d-----w- c:\documents and settings\Todd\Application Data\Dropbox
2009-07-08 03:34 . 2009-06-01 17:36 -------- d-----w- c:\program files\CrossLoop
2009-07-08 03:30 . 2009-02-27 05:52 -------- d-----w- c:\documents and settings\Todd\Application Data\Orbit
2009-07-07 22:46 . 2009-02-18 02:35 -------- d-----w- c:\documents and settings\Todd\Application Data\uTorrent
2009-07-07 19:41 . 2009-02-18 01:56 -------- d-----w- c:\program files\Windows Sidebar
2009-07-07 19:28 . 2009-06-29 19:20 -------- d-----w- c:\program files\Freenet
2009-07-07 19:23 . 2009-07-07 19:24 1454080 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2009-07-07 03:15 . 2009-07-07 03:16 1446912 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-07-07 03:15 . 2009-07-07 03:16 3019776 ----a-w- c:\windows\Internet Logs\xDB4.tmp
2009-07-06 10:39 . 2009-07-06 10:39 708004 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-07-06 07:02 . 2009-07-06 10:39 1471488 ----a-w- c:\windows\Internet Logs\xDB3.tmp
2009-07-06 07:02 . 2009-07-06 10:39 2990080 ----a-w- c:\windows\Internet Logs\xDB2.tmp
2009-07-06 00:12 . 2009-04-17 19:03 -------- d-----w- c:\documents and settings\Todd\Application Data\FileZilla
2009-07-05 12:22 . 2009-04-04 10:28 -------- d-----w- c:\documents and settings\Todd\Application Data\Newsbin
2009-07-05 11:34 . 2009-04-06 03:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-03 23:38 . 2009-07-03 23:39 548864 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2009-07-03 22:00 . 2009-07-03 22:00 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-07-03 22:00 . 2009-07-03 22:00 -------- d-----w- c:\program files\Zone Labs
2009-07-01 02:13 . 2009-04-25 12:16 -------- d-----w- c:\program files\TESTOUT
2009-06-30 00:51 . 2009-03-08 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-28 13:06 . 2009-02-18 02:36 83176 ----a-w- c:\documents and settings\Todd\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-27 20:36 . 2009-05-11 09:55 -------- d-----w- c:\program files\Dropbox
2009-06-25 20:55 . 2009-02-18 01:55 -------- d-----w- c:\program files\LClock
2009-06-25 20:55 . 2009-05-16 00:49 -------- d-----w- c:\program files\PokerStars.NET
2009-06-25 20:54 . 2009-02-18 01:56 -------- d-----w- c:\program files\Styler
2009-06-25 10:29 . 2009-06-02 20:21 82568 ----a-w- c:\documents and settings\Test\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-24 14:40 . 2009-03-06 21:30 -------- d-----w- c:\documents and settings\Todd\Application Data\Any Video Converter
2009-06-18 21:21 . 2009-03-07 20:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-17 21:45 . 2009-03-07 20:07 -------- d-----w- c:\program files\Microsoft.NET
2009-06-13 02:25 . 2009-02-27 03:48 -------- d-----w- c:\program files\Google
2009-06-07 18:18 . 2009-06-07 18:11 -------- d-----w- c:\program files\UltraVNC
2009-06-07 17:46 . 2009-06-07 17:46 -------- d-----w- c:\program files\PFPortChecker
2009-06-07 02:52 . 2009-06-06 21:59 -------- d-----w- c:\documents and settings\Todd\Application Data\Download Manager
2009-06-06 20:34 . 2009-06-06 20:34 -------- d-----w- c:\program files\No-IP
2009-06-06 20:21 . 2009-06-06 20:21 -------- d-----w- c:\program files\FreeDNS Update
2009-06-06 16:23 . 2009-02-27 05:52 -------- d-----w- c:\program files\Orbitdownloader
2009-06-04 22:11 . 2009-06-04 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2009-06-04 22:10 . 2009-06-04 21:57 -------- d-----w- c:\program files\Electronic Arts
2009-06-04 22:10 . 2009-06-04 22:10 10134 ------r- c:\documents and settings\Todd\Application Data\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
2009-06-04 22:10 . 2009-06-04 22:10 -------- d-----w- c:\program files\Microsoft WSE
2009-06-04 21:57 . 2009-02-26 22:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-04 21:48 . 2009-06-04 21:48 -------- d-----w- c:\documents and settings\Todd\Application Data\ATI
2009-06-04 21:48 . 2009-06-04 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-06-04 21:46 . 2009-06-04 21:46 0 ----a-w- c:\windows\ativpsrm.bin
2009-06-04 21:44 . 2009-06-04 21:43 -------- d-----w- c:\program files\ATI Technologies
2009-06-04 21:43 . 2009-02-26 22:15 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-04 04:57 . 2009-06-04 04:57 -------- d-----w- c:\program files\EASEUS
2009-06-04 04:51 . 2009-02-26 22:08 -------- d-----w- c:\program files\Gateway
2009-06-04 04:47 . 2009-05-26 00:55 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-06-04 04:45 . 2009-04-05 21:34 -------- d-----w- c:\documents and settings\Todd\Application Data\Writer's Cafe
2009-06-04 04:45 . 2009-02-18 01:56 -------- d-----w- c:\program files\RocketDock
2009-06-03 11:32 . 2009-02-18 01:55 -------- d-----w- c:\program files\Unlocker
2009-06-02 22:56 . 2009-06-02 22:56 -------- d-----w- c:\documents and settings\Todd\Application Data\Video DVD Maker FREE
2009-06-02 22:56 . 2009-06-02 22:56 -------- d-----w- c:\program files\Video DVD Maker
2009-06-02 22:54 . 2009-04-24 15:37 -------- d-----w- c:\documents and settings\Todd\Application Data\dvdcss
2009-06-02 21:58 . 2009-06-02 21:58 364560 ------r- c:\documents and settings\Todd\Application Data\Microsoft\Installer\{D3880A64-6112-47b7-8BFE-70EEA07B43E0}\SCTUI.exe
2009-06-02 21:58 . 2009-06-02 21:58 -------- d-----w- c:\program files\Windows SteadyState
2009-06-02 17:50 . 2009-06-02 17:50 75904 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 18:04 . 2009-05-30 18:04 0 ---ha-w- c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-30 18:04 . 2009-05-30 18:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-30 18:04 . 2009-05-30 18:04 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-30 17:56 . 2009-05-30 17:55 -------- d-----w- c:\program files\Zune
2009-05-30 17:56 . 2009-05-30 17:56 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-30 17:56 . 2009-05-30 17:56 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-28 20:50 . 2009-05-28 20:50 -------- d-----w- c:\documents and settings\Todd\Application Data\smkits
2009-05-28 18:48 . 2009-05-28 18:48 -------- d-----w- c:\program files\IBM
2009-05-27 22:30 . 2009-05-27 22:30 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-05-27 22:30 . 2009-05-27 22:30 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-27 22:30 . 2009-05-27 22:30 -------- d-----w- c:\program files\OpenAL
2009-05-27 22:30 . 2009-05-27 22:30 -------- d-----w- c:\program files\Puzzle Quest
2009-05-27 20:19 . 2009-04-17 18:58 -------- d-----w- c:\program files\FileZilla FTP Client
2009-05-27 20:12 . 2009-05-27 20:12 -------- d-----w- c:\program files\IrfanView
2009-05-26 21:31 . 2009-03-04 02:23 -------- d-----w- c:\program files\Windows Live
2009-05-26 21:07 . 2009-05-26 21:07 -------- d-----w- c:\documents and settings\Todd\Application Data\Thunderbird
2009-05-24 18:14 . 2009-05-11 23:01 -------- d-----w- c:\program files\ResumeMaker
2009-05-19 23:12 . 2009-05-11 23:02 -------- d-----w- c:\documents and settings\Todd\Application Data\Individual Software
2009-05-16 08:11 . 2009-05-16 08:10 -------- d-----w- c:\program files\Allok Video Joiner
2009-05-16 07:54 . 2009-05-16 07:54 -------- d-----w- c:\documents and settings\Todd\Application Data\AVS4YOU
2009-05-16 07:54 . 2009-05-16 07:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-16 07:54 . 2009-05-16 07:52 -------- d-----w- c:\program files\AVS4YOU
2009-05-16 07:54 . 2009-05-16 07:53 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-15 04:08 . 2009-05-15 03:28 -------- d-----w- c:\documents and settings\Todd\Application Data\Move Networks
2009-05-15 03:28 . 2009-05-15 03:28 127877 ------w- c:\documents and settings\Todd\Application Data\Move Networks\uninstall.exe
2009-05-15 03:28 . 2009-05-01 06:30 4183416 ------w- c:\documents and settings\Todd\Application Data\Move Networks\plugins\npqmp071500000347.dll
2009-05-14 09:41 . 2009-05-14 09:41 -------- d-----w- c:\documents and settings\Todd\Application Data\Apple Computer
2009-05-14 09:41 . 2009-05-14 09:41 -------- d-----w- c:\program files\iTunes
2009-05-14 09:41 . 2009-05-14 09:41 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-14 09:41 . 2009-05-14 09:41 -------- d-----w- c:\program files\iPod
2009-05-14 09:41 . 2009-05-14 09:39 -------- d-----w- c:\program files\Common Files\Apple
2009-05-14 09:41 . 2009-05-13 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-14 09:41 . 2009-03-06 21:25 -------- d-----w- c:\program files\Bonjour
2009-05-14 09:40 . 2009-04-24 15:35 -------- d-----w- c:\program files\QuickTime
2009-05-14 09:40 . 2009-05-14 09:40 -------- d-----w- c:\program files\Apple Software Update
2009-05-14 09:39 . 2009-05-14 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-13 05:15 . 2009-02-01 22:27 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-11 23:01 . 2009-05-11 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Individual Software
2009-05-11 10:37 . 2009-05-11 10:37 -------- d-----w- c:\program files\Avira
2009-05-11 10:37 . 2009-05-11 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-05-07 15:14 . 2009-02-01 22:00 346112 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 06:30 . 2009-05-01 06:30 97144 ------w- c:\documents and settings\Todd\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe
.

------- Sigcheck -------

[-] 2009-02-01 22:27 516096 6FBE974874389B7D5F11870747B8622C c:\windows\system32\user32.dll
[-] 2009-07-03 23:30 516096 6FBE974874389B7D5F11870747B8622C c:\windows\system32\dllcache\user32.dll

[-] 2009-02-01 22:08 361600 038CA45522FE9B756EFB90DBFA9141EA c:\windows\system32\drivers\tcpip.sys

[-] 2009-02-01 22:27 568832 3D1ABDC3009D6B7CA7F9E66769C126CA c:\windows\system32\winlogon.exe

[-] 2009-01-23 19:28 2262528 AF9607D704473EEB1B76126CB1EADA81 c:\windows\explorer.exe

[-] 2009-02-01 22:22 37376 CBF5945651C96E471B3A004BBDC36864 c:\windows\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-04-01 08:14 1163264 ----a-w- c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-01 37376]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-06 39408]
"Google Update"="c:\documents and settings\Todd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-06-06 68592]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2009-02-01 191488]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-09 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-01 37376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Windows SteadyState]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Todd^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Todd\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\TwonkyMedia\\twonkymediaserver.exe"=
"c:\\Program Files\\TwonkyMedia\\twonkymedia.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\NewsBin\\nbpro.exe"=
"c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
"c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [5/11/2009 6:38 AM 108289]
R2 ApacheNoguskaNolaPro;ApacheNoguskaNolaPro;c:\program files\Noguska\NolaPro\Apache\bin\Apache.exe [1/17/2008 10:58 PM 20541]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/3/2009 5:13 PM 195856]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R2 MySQLNoguskaNolaPro;MySQLNoguskaNolaPro;c:\program files\Noguska\NolaPro\Apache\mysql\bin\mysqld-nt.exe [1/14/2008 12:17 PM 5701632]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [3/26/2009 11:05 PM 54960]
R2 Windows SteadyState;Windows SteadyState Service;c:\program files\Windows SteadyState\SCTSvc.exe [5/30/2008 2:41 PM 115728]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [7/20/2007 6:40 PM 84992]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/3/2009 5:13 PM 19096]
S2 freenet;Freenet background service;c:\program files\Freenet\bin\wrapper-windows-x86-32.exe [4/24/2009 7:16 PM 241664]
S2 gupdate1c9ebce2f859526;Google Update Service (gupdate1c9ebce2f859526);c:\program files\Google\Update\GoogleUpdate.exe [6/12/2009 10:25 PM 133104]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [6/4/2009 12:57 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [6/4/2009 12:57 AM 3072]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contents of the 'Scheduled Tasks' folder

2009-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 02:25]

2009-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 02:25]

2009-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004Core.job
- c:\documents and settings\Todd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-27 06:10]

2009-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-1647877149-682003330-1004UA.job
- c:\documents and settings\Todd\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-27 06:10]

2009-07-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Todd.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-03 15:27]

2009-07-07 c:\windows\Tasks\Malwarebytes' Scheduled Update for Todd.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-07-03 15:27]

2009-07-07 c:\windows\Tasks\User_Feed_Synchronization-{72F75279-E9D7-48BC-83BE-137C264A8E10}.job
- c:\windows\system32\msfeedssync.exe [2009-02-18 08:31]

2009-07-08 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-CrossLoop - c:\progra~1\CrossLoop\CrossLoopConnect.exe -ap=crossloop -port=5910 -udp=www.CrossLoop.com -webserver=server.crossloop.com -webservice=www.crossloop.com
HKU-Default-Run-RocketDock - c:\program files\RocketDock\RocketDock.exe
HKU-Default-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local;<local>
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Search
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: DiaryOne: Save full text - c:\program files\DiaryOne\Script\fullcatcher.htm
IE: DiaryOne: Save selected text - c:\program files\DiaryOne\Script\catcher.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\u190l8lp.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\documents and settings\Todd\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Todd\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 23:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d0,ac,b0,b5,09,
20,d8,94,2e,e8,e1,00,eb,16,2b,de,90,30,8e,18,03,19,bc,d3,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,f2,d9,c0,50,66,
c9,48,d1,46,47,15,b0,92,4b,c7,ef,25,7f,bb,26,21,9c,06,94,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,03,35,ca,6a,d2,
5b,0d,f7,7a,45,05,fd,91,e8,6f,31,82,f8,3a,6a,36,aa,70,ce,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,79,98,29,1b,c8,
10,58,72,6b,65,49,6a,7e,99,74,f7,9f,bf,38,68,58,5e,34,b8,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,f8,c8,92,ff,78,
f4,05,43,e9,02,6c,fa,fb,1d,47,57,c7,26,c9,1a,ba,31,3a,17,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,c6,8d,33,1a,02,
a2,5b,56,50,93,e5,ab,ec,6a,4e,ab,08,6e,06,c3,aa,fe,75,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,1f,56,ef,28,2d,
f9,ea,a8,97,20,4e,9a,c7,f1,35,ee,7c,d9,76,1b,b4,d9,3f,7f,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:0e,99,14,3b,95,92,01,48,a0,71,9d,75,ba,d2,17,e9,43,ca,2d,17,f4,
58,6f,93,f4,66,af,aa,64,a2,28,28,9a,b4,2c,08,77,df,22,64,56,22,d4,c5,73,aa,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,fc,4b,5d,ac,0b,
2d,d5,73,aa,52,c6,00,84,3c,26,64,31,2f,d6,80,e4,00,37,62,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,99,7c,9a,2e,04,
40,ba,88,b2,46,9a,e2,1b,fe,1b,94,0d,39,c7,44,ee,83,be,ae,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,38,68,48,56,f1,
cc,10,f3,37,a4,aa,c3,a6,15,56,0a,55,9a,68,d0,fa,2d,da,47,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,4a,95,7e,47,7f,
f8,52,3f,f8,31,0f,a9,5f,a0,ec,fb,6c,e9,56,e5,5f,49,26,0f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,f8,7c,85,ad,68,
7d,da,67,05,73,21,dd,54,d8,4a,c5,e2,e7,89,f3,f2,54,a5,94,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:0e,99,14,3b,95,92,01,48,a0,71,9d,75,ba,d2,17,e9,43,ca,2d,17,f4,
58,6f,93,f4,66,af,aa,64,a2,28,28,9a,b4,2c,08,77,df,22,64,56,22,d4,c5,73,aa,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1272)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1328)
c:\windows\system32\setupapi.dll

- - - - - - - > 'explorer.exe'(176)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\windows\system32\msctfime.ime
c:\windows\system32\COMRes.dll
c:\program files\Dropbox\DropboxExt.dll
c:\windows\System32\cscui.dll
c:\program files\Google\Quick Search Box\bin\1.2.1137.3514\qsb.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\progra~1\CrossLoop\XLIdlTrk.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\MSVCP60.dll
.
Completion time: 2009-07-08 23:48
ComboFix-quarantined-files.txt 2009-07-08 03:48

Pre-Run: 154,021,097,472 bytes free
Post-Run: 153,997,180,928 bytes free

509 --- E O F --- 2009-06-19 07:09


Avira Log:


Avira AntiVir Personal
Report file date: Wednesday, July 08, 2009 03:00

Scanning for 1465838 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DESKTOP

Version information:
BUILD.DAT : 9.0.0.403 17961 Bytes 6/3/2009 17:05:00
AVSCAN.EXE : 9.0.3.6 466689 Bytes 6/9/2009 10:39:58
AVSCAN.DLL : 9.0.3.0 40705 Bytes 2/27/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 2/20/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 2/27/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 6/24/2009 12:10:34
ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 7/2/2009 10:42:18
ANTIVIR3.VDF : 7.1.4.192 294400 Bytes 7/7/2009 10:41:50
Engineversion : 8.2.0.204
AEVDF.DLL : 8.1.1.1 106868 Bytes 5/12/2009 10:39:08
AESCRIPT.DLL : 8.1.2.13 426362 Bytes 7/3/2009 10:45:48
AESCN.DLL : 8.1.2.3 127347 Bytes 5/16/2009 10:38:41
AERDL.DLL : 8.1.2.2 438642 Bytes 7/3/2009 10:44:48
AEPACK.DLL : 8.1.3.18 401783 Bytes 5/28/2009 10:38:47
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 6/18/2009 10:39:11
AEHEUR.DLL : 8.1.0.137 1823095 Bytes 6/27/2009 10:41:24
AEHELP.DLL : 8.1.3.6 205174 Bytes 6/12/2009 10:39:04
AEGEN.DLL : 8.1.1.48 348532 Bytes 7/3/2009 10:43:23
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/9/2008 19:32:40
AECORE.DLL : 8.1.6.12 180599 Bytes 5/28/2009 10:38:45
AEBB.DLL : 8.1.0.3 53618 Bytes 10/9/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 12/5/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 1/20/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 12/5/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 3/24/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 1/30/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 1/28/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 2/2/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 12/5/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 6/9/2009 10:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 4/17/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: low

Start of the scan: Wednesday, July 08, 2009 03:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'mbam.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'googletalk.exe' - '1' Module(s) have been scanned
Scan process 'java.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned
Scan process 'ZuneBusEnum.exe' - '1' Module(s) have been scanned
Scan process 'vmnat.exe' - '1' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sqlwriter.exe' - '1' Module(s) have been scanned
Scan process 'sqlbrowser.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'mysqld-nt.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'zlclient.exe' - '0' Module(s) have been scanned
Scan process 'mbamgui.exe' - '1' Module(s) have been scanned
Scan process 'GoogleQuickSearchBox.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'sqlservr.exe' - '1' Module(s) have been scanned
Scan process 'mbamservice.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'inetinfo.exe' - '1' Module(s) have been scanned
Scan process 'wrapper-windows-x86-32.exe' - '1' Module(s) have been scanned
Scan process 'E_S40RP7.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'vsmon.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SCTSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '57' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Documents\My Music\PIMOne.Software.PIMOne.v5.38.Incl.KeyMaker-DVT\dr492pi2.zip
[0] Archive type: ZIP
--> d-000pi.r00
[1] Archive type: RAR
--> I_LOVE_DVT.RAR
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Todd\My Documents\FileZilla_3.2.5_win32-setup.exe
[0] Archive type: NSIS
--> u
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Todd\My Documents\Downloads\PIMOne.Software.PIMOne.v5.38.Incl.KeyMaker-DVT\dr492pi2.zip
[0] Archive type: ZIP
--> d-000pi.r00
[1] Archive type: RAR
--> I_LOVE_DVT.RAR
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003343.exe
[0] Archive type: RAR SFX (self extracting)
--> 32788R22FWJFW\n.pif
[DETECTION] The file contains an executable program that is disguised by a harmless file extension (HIDDENEXT/Crypted)
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003344.exe
[DETECTION] Is the TR/Vapsup.uvj Trojan
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003345.exe
[DETECTION] Is the TR/Vapsup.uvj Trojan
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003346.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan

Beginning disinfection:
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003343.exe
[NOTE] The file was moved to '4a84857e.qua'!
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003344.exe
[DETECTION] Is the TR/Vapsup.uvj Trojan
[NOTE] The file was moved to '4981d387.qua'!
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003345.exe
[DETECTION] Is the TR/Vapsup.uvj Trojan
[NOTE] The file was moved to '4bf2fb07.qua'!
C:\System Volume Information\_restore{7DF40E02-62C0-483C-A3A4-8F521413918F}\RP1\A0003346.dll
[DETECTION] Is the TR/Patched.GY.12 Trojan
[NOTE] The file was moved to '4be14ab7.qua'!


End of the scan: Wednesday, July 08, 2009 07:38
Used time: 1:14:55 Hour(s)

The scan has been done completely.

28240 Scanned directories
1008761 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
4 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
1008756 Files not concerned
43523 Archives were scanned
7 Warnings
5 Notes

#9 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 08 July 2009 - 10:55 PM

Hi there.
Nice work. :thumbup2:
Looking good.

The detections you note with Avira are in System Restore and pose no threat unless you restore to an earlier point in time. I will instruct you as to cleanup there when we are done.

==========

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 14.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version.
-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

==========

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.
==========

With your next post please provide:

* Bitdefender log

Kind regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#10 Todd Nelson

Todd Nelson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 11 July 2009 - 02:02 PM

BitDefender found a KeyGen that I was aware of. That was the only thing it detected.

Everything is running good. It looks like I'm done!

I need to stay away from the untrusted software and keep my security software running proper.

Thanks for all your help.

I will be connecting with Bleeping Computer (hopefully not for machine) in the future :thumbup2:

Edited by Todd Nelson, 11 July 2009 - 02:04 PM.


#11 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 11 July 2009 - 02:14 PM

Hi,
We are not done. A few more critical steps to perform to avoid reinfection from the items we "cleaned".
Might I please see that BitDefender log. After I review the log I will post final instructions.
Thanks,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#12 Todd Nelson

Todd Nelson
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:12:25 PM

Posted 11 July 2009 - 11:34 PM

BitDefender Report

BitDefender Online Scanner - Real Time Virus Report

Generated at: Sun, Jul 12, 2009 - 00:29:45


Scan Info

Scanned Files


1633509

Infected Files


1


Virus Detected



Trojan.Generic.723002


1


This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

#13 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:25 AM

Posted 12 July 2009 - 11:08 AM

Well done. :thumbup2:

Congratulations! You now appear clean! :)

**********

Please pay particularly close attention to the instructions that follow. Especially resetting a new restore point. To neglect these steps risk needless reinfection!!

**********

Are things running okay? Do you have any more questions?

**********

Run OTL again

We will now remove the tools we used during this fix using OTL.
  • Double click the OTL icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
**********

Uninstall Combofix
  • Click on your Start Menu, then Run....
  • Now type combofix /u in the runbox and click OK.
    Notice the space between the "x" and "/".

    Posted Image
  • When shown the disclaimer, Select "2"
**********

Reset System Restore <--- Important
You should disable and enable system restore to make sure there are no infected files found in a restore point. You can find instructions here:

Window XP


Note: You should only do this once, not on a regular basis!
You will not be able to restore computer to any earlier than today!

**********

Recommendations
Below are some recommendations to lower your chances of (re)infection.
  • Install and maintain an outbound firewall
  • Install Spyware Blaster and update it regularly
    If you wish, the commercial version provides automatic updating.
  • Install the MVPs hosts file, and update it regularly
    You can use the HostMan host file manager to do this automaticly if you wish.
    For more information on the hosts file, and what it can do for you, you can view the Tutorial on the Hosts file
  • Install an Anti-Spyware program, and update it regularly
    Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
    SUPERAntiSpyware is another good scanner with high detection and removal rates.
    Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

    If you are using Windows XP or earlier
    Visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

  • Keep your other software up to date as well. Software does not need to be made by Microsoft to be insecure. Download Secunia Software Inspector to keep all your software up to date.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :).
**********

System Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

**********

Good luck & safe surfing,
Regards,
t
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/

#14 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:25 PM

Posted 17 July 2009 - 12:29 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :thumbup2:

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users