Virtumonde.sdn TrojansC-04

jwarch · Mar 17, 2010

The S&D version I'm running is 1.6.0.30.
It is telling me that it has detected 'Virtumonde.sdn' 'TrojansC-04'
I have been having problems with my computer freezing up.
This is system info off of my computer:
OS Name Microsoft Windows 7 Home Premium
Version 6.1.7600 Build 7600
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name JAMES-PC
System Manufacturer EVGA__
System Model nForce 750i SLI
System Type x64-based PC
Processor Intel(R) Core(TM)2 Quad CPU Q8200 @ 2.33GHz, 2333 Mhz, 4 Core(s), 4 Logical Processor(s)
BIOS Version/Date Phoenix Technologies, LTD 6.00 PG, 7/7/2008
SMBIOS Version 2.5
Windows Directory C:\Windows
System Directory C:\Windows\system32
Boot Device \Device\HarddiskVolume1
Locale United States
Hardware Abstraction Layer Version = "6.1.7600.16385"
User Name James-PC\James
Time Zone Central Daylight Time
Installed Physical Memory (RAM) 4.00 GB
Total Physical Memory 4.00 GB
Available Physical Memory 2.40 GB
Total Virtual Memory 8.00 GB
Available Virtual Memory 6.01 GB
Page File Space 4.00 GB
Page File C:\pagefile.sys

This is the 'Hijackthis' file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:16:43 PM, on 3/16/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: ClickCatcher MSIE handler - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\Paraben Shared\Catcher.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ask and Record FLV Service] "C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe" /run
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [iYogiToolbar] C:\Program Files (x86)\iYogi SupportDock\iYogiSupportDock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_SD806.tmp" /EF "HKCU" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPSON WorkForce 30 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEEA.EXE /FU "C:\Windows\TEMP\E_SD806.tmp" /EF "HKCU" (User 'Default user')
O4 - Startup: CurseClientStartup.ccip
O4 - Global Startup: APC UPS Status.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download A&ll by PDM - C:\Program Files (x86)\Common Files\Paraben Shared\CC_All.htm
O8 - Extra context menu item: Download by PDM - C:\Program Files (x86)\Common Files\Paraben Shared\CC_Link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe
O23 - Service: CA Common Scheduler Service (ccSchedulerSVC) - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9b999bfdf6c79) (gupdate1c9b999bfdf6c79) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Unknown owner - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (file missing)
O23 - Service: LogMeIn Rescue (b58ca362-eb20-4875-b70a-30ff40a66999) (LMIRescue_b58ca362-eb20-4875-b70a-30ff40a66999) - Unknown owner - C:\Users\James\AppData\Local\Temp\LMIE512.tmp\LMI_Rescue_srv.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11755 bytes
========================

"BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

Blade81 · Mar 20, 2010

Hi,

Do you have Spybot results showing that finding handy?

jwarch · Mar 20, 2010

Spybot Post

Just as an update, I have continued to use this computer. It has lots of trouble booting, where it will stop in the middle of booting or start with the keyboard and mouse not loaded. The other thing it will do is freeze up about 5-10 minutes after starting.

This is the post after I let it try and remove everything.

Hint of the Day: Click the bar at the right of this to see more information! ()
Virtumonde.sdn: [SBI $4F0ABAF2] Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW
DoubleClick: Tracking cookie (Internet Explorer: James) (Cookie, fixed)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, fixed)
HitsLink: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, fixed)
WebTrends live: Tracking cookie (Firefox: default) (Cookie, fixed)
CoreMetrics: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
Zedo: Tracking cookie (Firefox: default) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-25 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2010-02-17 Includes\Adware.sbi (*)
2010-03-16 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-03-16 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-03-16 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-03-16 Includes\KeyloggersC.sbi (*)
2010-03-02 Includes\Malware.sbi (*)
2010-03-17 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-03-16 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-03-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-03-16 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans.sbi (*)
2010-03-16 Includes\TrojansC-02.sbi (*)
2010-03-16 Includes\TrojansC-03.sbi (*)
2010-03-16 Includes\TrojansC-04.sbi (*)
2010-03-17 Includes\TrojansC-05.sbi (*)
2010-03-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Blade81 · Mar 20, 2010

Hi again,

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

jwarch · Mar 20, 2010

OTL files

Want to thank you Blade81 for this help.

Here is the OTL file first and then I'll try and include the Extras in this same post.
OTL logfile created on: 3/20/2010 5:16:58 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\James\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 119.09 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 197.93 Gb Free Space | 84.99% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 206.00 Gb Free Space | 88.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-PC
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\James\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
PRC - C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
PRC - C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
PRC - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe (American Power Conversion Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\James\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (WatAdminSvc) -- C:\Windows\SysNative\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV:64bit: - (CaCCProvSP) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe (CA, Inc.)
SRV:64bit: - (ccSchedulerSVC) -- C:\Program Files\CA\CA Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (CAISafe) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus Plus\isafe.exe (Computer Associates International, Inc.)
SRV:64bit: - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV:64bit: - (ForceWare Intelligent Application Manager (IAM)) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe ()
SRV:64bit: - (nSvcIp) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe ()
SRV - (UmxPol) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA)
SRV - (VSS) -- C:\Windows\Vss [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009/07/13 22:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (UmxCfg) -- C:\Program Files (x86)\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (ASKUpgrade) -- C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (IntuitUpdateService) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (Autodesk Network Licensing Service) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskNetSrv.exe (Autodesk, Inc.)
SRV - (EPSON_EB_RPCV4_01) EPSON V5 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (SEIKO EPSON CORPORATION)
SRV - (APC UPS Service) -- C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe (American Power Conversion Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)

========== Driver Services (SafeList) ==========

DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (KmxCfg) -- C:\Windows\SysNative\drivers\KmxCfg.sys (CA)
DRV:64bit: - (KmxAgent) -- C:\Windows\SysNative\drivers\KmxAgent.sys (CA)
DRV:64bit: - (KmxAMRT) -- C:\Windows\SysNative\drivers\KmxAMRT.sys (CA)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV - (KmxCfg) -- C:\Windows\SysWOW64\drivers\kmxcfg.u2k0 ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/02/25 22:25:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/03/17 22:34:14 | 000,000,000 | ---D | M]

[2009/11/12 23:23:41 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Extensions
[2010/03/19 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\07dpi6qu.default\extensions
[2009/11/12 23:23:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\07dpi6qu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/24 02:14:18 | 000,000,000 | ---D | M] -- C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\07dpi6qu.default\extensions\smarterwiki@wikiatic.com
[2010/03/10 22:16:46 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009/03/06 13:06:14 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll
[2009/06/14 13:49:57 | 000,417,792 | ---- | M] (Invenda Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol305.dll

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ClickCatcher MSIE handler) - {16664845-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\Paraben Shared\Catcher.dll (ReGet Software)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\casc.exe (CA, Inc.)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files (x86)\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKCU..\Run: [iYogiToolbar] C:\Program Files (x86)\iYogi SupportDock\iYogiSupportDock.exe ()
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Download A&ll by PDM - C:\Program Files (x86)\Common Files\Paraben Shared\cc_all.htm ()
O8:64bit: - Extra context menu item: Download by PDM - C:\Program Files (x86)\Common Files\Paraben Shared\cc_link.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Download A&ll by PDM - C:\Program Files (x86)\Common Files\Paraben Shared\cc_all.htm ()
O8 - Extra context menu item: Download by PDM - C:\Program Files (x86)\Common Files\Paraben Shared\cc_link.htm ()
O9 - Extra Button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\VetRedir.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\VetRedir.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysNative\VetRedir.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWow64\VetRedir.dll (Computer Associates International, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\Windows\SysWow64\UmxWNP.dll (CA)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg
O28 - HKLM ShellExecuteHooks: {16664848-0E00-11D2-8059-000000000000} - C:\Program Files (x86)\Common Files\Paraben Shared\CatchOp.dll (ReGet Software)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/20 11:52:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009/10/09 20:46:05 | 000,000,062 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/20 17:13:32 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
[2010/03/17 22:35:28 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2010/03/17 22:34:00 | 000,000,000 | ---D | C] -- C:\_AcroTemp
[2010/03/16 21:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/03/16 21:10:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/03/12 18:53:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/03/12 18:22:14 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\iYogi
[2010/03/12 18:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iYogi SupportDock
[2010/03/10 22:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/10 22:21:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/03/10 22:16:44 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/03/10 22:16:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/03/10 22:16:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/03/08 21:09:16 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/03/08 20:24:57 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ztvcabinet.dll
[2010/03/08 20:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trojan Remover
[2010/03/08 20:24:57 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Simply Super Software
[2010/03/08 20:24:57 | 000,000,000 | ---D | C] -- C:\Users\James\AppData\Roaming\Simply Super Software
[2010/03/08 20:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010/03/08 20:20:23 | 008,334,160 | ---- | C] (Simply Super Software ) -- C:\Users\James\Desktop\trojanremover.exe
[2010/03/08 18:05:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/03/08 18:05:23 | 000,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbam.sys
[2010/03/08 18:05:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/03/08 17:19:03 | 000,000,000 | ---D | C] -- C:\ERDNT
[2010/03/08 17:19:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2010/03/08 17:18:36 | 000,000,000 | ---D | C] -- C:\!FixIEDef
[2010/03/07 01:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliType Pro
[2010/03/07 01:06:03 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/02/28 14:34:18 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Computer error info
[2010/02/27 18:13:52 | 000,000,000 | ---D | C] -- C:\Program Files\Ventrilo
[2010/02/26 17:43:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pandora
[2010/02/26 08:46:19 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Downloads
[2010/02/26 03:30:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010/02/24 08:07:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/02/24 08:07:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/02/24 00:43:46 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/02/24 00:43:46 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/02/24 00:43:46 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/02/24 00:43:46 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/02/24 00:43:46 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/02/24 00:43:46 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/02/24 00:43:46 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/02/24 00:43:46 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/02/24 00:43:46 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/02/24 00:43:46 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/02/24 00:43:46 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/02/24 00:43:46 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/02/24 00:43:46 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/02/24 00:43:46 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/02/24 00:43:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/02/24 00:43:46 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/02/24 00:43:45 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/02/24 00:43:45 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/02/24 00:43:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/02/24 00:43:45 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/02/24 00:43:44 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/02/24 00:43:44 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/02/24 00:43:44 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/02/24 00:43:41 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/02/24 00:43:41 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/02/24 00:43:41 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/02/24 00:43:41 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/02/24 00:43:41 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010/02/24 00:43:41 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010/02/24 00:43:41 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010/02/24 00:43:41 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010/02/24 00:43:41 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010/02/24 00:43:11 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010/02/24 00:43:10 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010/02/24 00:43:10 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010/02/24 00:43:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010/02/24 00:43:10 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010/02/24 00:43:10 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010/02/24 00:35:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/02/24 00:35:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/02/24 00:35:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/02/24 00:35:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/02/24 00:35:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/02/24 00:35:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/02/24 00:35:04 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/02/24 00:35:03 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/02/24 00:33:29 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/02/24 00:33:28 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/02/24 00:33:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/02/24 00:33:26 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/02/24 00:33:26 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/02/24 00:33:26 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/02/24 00:33:26 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/02/20 18:47:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/19 19:01:46 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\Continuing Education
[2010/02/19 18:29:53 | 000,000,000 | ---D | C] -- C:\Users\James\Documents\groupon
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\James\Documents\*.tmp files -> C:\Users\James\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/20 17:19:33 | 004,456,448 | -HS- | M] () -- C:\Users\James\ntuser.dat
[2010/03/20 17:13:35 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\James\Desktop\OTL.exe
[2010/03/20 16:39:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/20 15:44:18 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/03/20 15:38:08 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 15:38:08 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/20 15:35:14 | 000,717,892 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/03/20 15:35:14 | 000,618,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/03/20 15:35:14 | 000,104,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/03/20 15:33:12 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/03/20 15:31:05 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/20 15:30:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/20 15:30:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/20 15:30:42 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/20 15:30:07 | 000,004,857 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k0
[2010/03/20 15:30:07 | 000,000,209 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k1
[2010/03/20 15:30:07 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k7
[2010/03/20 15:30:07 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k6
[2010/03/20 15:30:07 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k5
[2010/03/20 15:30:07 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k4
[2010/03/20 15:30:07 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k3
[2010/03/20 15:30:07 | 000,000,081 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxcfg.u2k2
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k7
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k6
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k5
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k4
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k3
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k2
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k1
[2010/03/20 15:30:07 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\drivers\kmxzone.u2k0
[2010/03/20 15:29:48 | 002,752,126 | -H-- | M] () -- C:\Users\James\AppData\Local\IconCache.db
[2010/03/20 10:39:17 | 000,008,517 | ---- | M] () -- C:\Users\James\Desktop\Spybot - Search & Destroy scan report-after fix.pdf
[2010/03/20 10:35:42 | 000,008,520 | ---- | M] () -- C:\Users\James\Desktop\Spybot - Search & Destroy scan report.pdf
[2010/03/16 21:16:06 | 000,002,093 | ---- | M] () -- C:\Users\James\Desktop\HijackThis.lnk
[2010/03/16 21:10:46 | 000,000,905 | ---- | M] () -- C:\Users\James\Desktop\ERUNT.lnk
[2010/03/12 19:05:13 | 255,578,348 | ---- | M] () -- C:\Users\James\Documents\Registry Backup.reg
[2010/03/12 18:53:02 | 000,001,885 | ---- | M] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010/03/12 18:22:02 | 000,002,022 | ---- | M] () -- C:\Users\James\Desktop\iYogi SupportDock.lnk
[2010/03/08 20:30:11 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{9c24072e-2b13-11df-8e3f-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/03/08 20:30:11 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{9c24072e-2b13-11df-8e3f-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/03/08 20:30:11 | 000,065,536 | -HS- | M] () -- C:\Users\James\ntuser.dat{9c24072e-2b13-11df-8e3f-001fbc07f1ee}.TM.blf
[2010/03/08 20:24:58 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/03/08 18:05:24 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/08 16:31:25 | 008,334,160 | ---- | M] (Simply Super Software ) -- C:\Users\James\Desktop\trojanremover.exe
[2010/03/07 20:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{035fdedd-2a02-11df-813d-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/03/07 20:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{035fdedd-2a02-11df-813d-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/03/07 20:46:55 | 000,065,536 | -HS- | M] () -- C:\Users\James\ntuser.dat{035fdedd-2a02-11df-813d-001fbc07f1ee}.TM.blf
[2010/03/06 13:23:38 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{4f95f33f-294d-11df-b00e-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/03/06 13:23:38 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{4f95f33f-294d-11df-b00e-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/03/06 13:23:38 | 000,065,536 | -HS- | M] () -- C:\Users\James\ntuser.dat{4f95f33f-294d-11df-b00e-001fbc07f1ee}.TM.blf
[2010/03/03 22:07:57 | 000,000,020 | ---- | M] () -- C:\Windows\Äõb
[2010/02/27 18:13:55 | 000,000,262 | ---- | M] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/02/27 18:13:54 | 000,000,913 | ---- | M] () -- C:\Users\James\Desktop\Ventrilo.lnk
[2010/02/26 22:25:21 | 000,000,000 | ---- | M] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/02/26 22:25:14 | 000,000,312 | ---- | M] () -- C:\Users\James\Desktop\Curse Client.appref-ms
[2010/02/26 17:43:06 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Pandora.lnk
[2010/02/24 00:35:32 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{5629d77b-2105-11df-aed5-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/02/24 00:35:32 | 000,524,288 | -HS- | M] () -- C:\Users\James\ntuser.dat{5629d77b-2105-11df-aed5-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/02/24 00:35:32 | 000,065,536 | -HS- | M] () -- C:\Users\James\ntuser.dat{5629d77b-2105-11df-aed5-001fbc07f1ee}.TM.blf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\James\Documents\*.tmp files -> C:\Users\James\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/20 10:39:17 | 000,008,517 | ---- | C] () -- C:\Users\James\Desktop\Spybot - Search & Destroy scan report-after fix.pdf
[2010/03/20 10:35:42 | 000,008,520 | ---- | C] () -- C:\Users\James\Desktop\Spybot - Search & Destroy scan report.pdf
[2010/03/16 21:16:06 | 000,002,093 | ---- | C] () -- C:\Users\James\Desktop\HijackThis.lnk
[2010/03/16 21:10:46 | 000,000,905 | ---- | C] () -- C:\Users\James\Desktop\ERUNT.lnk
[2010/03/12 19:04:58 | 255,578,348 | ---- | C] () -- C:\Users\James\Documents\Registry Backup.reg
[2010/03/12 18:53:02 | 000,001,885 | ---- | C] () -- C:\Users\James\Desktop\CCleaner.lnk
[2010/03/12 18:22:02 | 000,002,022 | ---- | C] () -- C:\Users\James\Desktop\iYogi SupportDock.lnk
[2010/03/08 20:24:58 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2010/03/08 20:24:57 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\ztvunrar36.dll
[2010/03/08 20:24:57 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\UNRAR3.dll
[2010/03/08 20:24:57 | 000,077,312 | ---- | C] () -- C:\Windows\SysWow64\ztvunace26.dll
[2010/03/08 20:24:57 | 000,075,264 | ---- | C] () -- C:\Windows\SysWow64\unacev2.dll
[2010/03/08 19:36:36 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{9c24072e-2b13-11df-8e3f-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/03/08 19:36:36 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{9c24072e-2b13-11df-8e3f-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/03/08 19:36:36 | 000,065,536 | -HS- | C] () -- C:\Users\James\ntuser.dat{9c24072e-2b13-11df-8e3f-001fbc07f1ee}.TM.blf
[2010/03/08 18:05:24 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/07 10:57:13 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{035fdedd-2a02-11df-813d-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/03/07 10:57:12 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{035fdedd-2a02-11df-813d-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/03/07 10:57:12 | 000,065,536 | -HS- | C] () -- C:\Users\James\ntuser.dat{035fdedd-2a02-11df-813d-001fbc07f1ee}.TM.blf
[2010/03/06 13:23:38 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{4f95f33f-294d-11df-b00e-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/03/06 13:23:38 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{4f95f33f-294d-11df-b00e-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/03/06 13:23:38 | 000,065,536 | -HS- | C] () -- C:\Users\James\ntuser.dat{4f95f33f-294d-11df-b00e-001fbc07f1ee}.TM.blf
[2010/03/03 22:07:56 | 000,000,020 | ---- | C] () -- C:\Windows\Äõb
[2010/02/27 18:13:54 | 000,000,913 | ---- | C] () -- C:\Users\James\Desktop\Ventrilo.lnk
[2010/02/27 18:13:50 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2010/02/26 22:25:21 | 000,000,000 | ---- | C] () -- C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010/02/26 22:25:14 | 000,000,312 | ---- | C] () -- C:\Users\James\Desktop\Curse Client.appref-ms
[2010/02/26 17:43:06 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Pandora.lnk
[2010/02/25 23:16:46 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/02/24 00:28:27 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{5629d77b-2105-11df-aed5-001fbc07f1ee}.TMContainer00000000000000000002.regtrans-ms
[2010/02/24 00:28:27 | 000,524,288 | -HS- | C] () -- C:\Users\James\ntuser.dat{5629d77b-2105-11df-aed5-001fbc07f1ee}.TMContainer00000000000000000001.regtrans-ms
[2010/02/24 00:28:27 | 000,065,536 | -HS- | C] () -- C:\Users\James\ntuser.dat{5629d77b-2105-11df-aed5-001fbc07f1ee}.TM.blf
[2009/12/23 23:04:11 | 000,000,960 | ---- | C] () -- C:\ProgramData\ss.ini
[2009/11/29 12:01:50 | 000,000,084 | ---- | C] () -- C:\Users\James\AppData\Local\DVDPATH.TXT
[2009/11/18 15:07:12 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/14 09:50:13 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/03/03 13:46:23 | 000,000,316 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2008/12/14 22:47:25 | 000,000,737 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008/06/05 09:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[1997/07/11 01:00:00 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\MSENCODE.DLL
[1997/07/11 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\DOCOBJ.DLL
[1997/07/11 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\SysWow64\HLINKPRX.DLL

========== Custom Scans ==========

< MD5 for: AGP440.SYS >
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/13 20:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/13 20:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/13 20:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/13 20:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/07/13 20:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/13 20:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/13 20:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/13 20:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/13 20:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >

jwarch · Mar 20, 2010

You were right - Here is the Extras file

OTL Extras logfile created on: 3/20/2010 5:16:58 PM - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\James\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 64.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.88 Gb Total Space | 119.09 Gb Free Space | 51.14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 232.88 Gb Total Space | 197.93 Gb Free Space | 84.99% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 206.00 Gb Free Space | 88.46% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAMES-PC
Current User Name: James
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.reg[@ = Regedit.Document] -- Reg Error: Key error. File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.scr [@ = AutoCADScriptFile] -- C:\Windows\notepad.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{244FBE3B-3814-4999-A24D-672149DC822B}" = AMRT
"{2A8EEE2F-4A9E-43D8-AA07-EC8A316B2DEB}" = Autodesk Revit Architecture 2010 x64
"{38151262-FAF8-4778-9AAB-33E90B60D8E9}" = CA Anti-Virus Plus
"{39D7AD56-BCF2-4A51-AAFB-3D0333ECF504}" = IDL 7.1
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{5783F2D6-7028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2009
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D2A0CBEE-8949-474E-9D2B-539726D20531}" = Microsoft IntelliPoint 6.3
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"Autodesk Revit Architecture 2010 SP2" = Autodesk Revit Architecture 2010 x64 Update 2
"Autodesk Revit Architecture 2010 x64" = Autodesk Revit Architecture 2010 x64
"cciss_am" = CA Anti-Virus Plus
"DWG TrueView 2009" = DWG TrueView 2009
"EPSON WorkForce 30 Series" = EPSON WorkForce 30 Series Printer Uninstall
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01F9D88C-3C86-4E82-840A-101A3221F67A}" = Microsoft Money 2003
"{02B42D23-10F2-4862-ADA4-3DF1EA0021B2}" = Microsoft Money 2003 System Pack
"{03410014-3975-4267-9F39-1DC4745090B7}" = Microsoft Encarta Encyclopedia Standard 2003
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{12BDDF23-B1DB-49C8-92D3-3E6841CCED61}" = Microsoft Streets and Trips 2002
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 18
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F270D4D-3F3C-4FDE-B326-8E63149E4ABD}" = WebEx Event Manager for Firefox/Netscape/Chrome
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.30
"{50FAF530-B143-C18B-E1C4-F487C35429B4}" = Xtend2 (beta)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{5783F2D7-0204-0409-0000-0060B0CE6BBA}" = Autodesk Architectural Desktop 2004
"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DA2B636-698A-3294-BF4A-B5E11B238CDD}" = Microsoft Visual C++ 2008 x64 MFC Runtime 9.0.30729
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}" = Microsoft Works Suite Add-in for Microsoft Word
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = PhotoStudio
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCEA24C-51AE-3B71-9092-7D0C44DDA2DF}" = Microsoft Visual C++ 2008 x64 OpenMP Runtime 9.0.30729
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_SMALLBUSINESSR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}_931" = Adobe Acrobat 9.3.1 - CPSID_50570
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C3A57BB3-9AA6-3F6F-9395-6C062BDD5FC4}" = Microsoft Visual C++ 2008 x64 ATL Runtime 9.0.30729
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{D64DCF1C-7A95-49A4-BAFA-C42B5CF6B8B6}" = Works Suite OS Pack
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E371C150-A9F1-49CE-ACC1-51AEFD01C1D4}_is1" = Turbo Tax Audit Support Center 2.0
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FA3E4B-04DE-5EDE-FDC0-8E527912F2E0}" = Pandora
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6F09DD8-F39B-3A16-ADB9-C9E6B56903F9}" = Microsoft Visual C++ 2008 x64 CRT Runtime 9.0.30729
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Arcv2CAD 5.0" = Arcv2CAD 5.0
"Ask & Record Toolbar4.00" = Ask & Record Toolbar 4.00
"Ask Toolbar_is1" = Ask Toolbar
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Express Viewer" = Autodesk Express Viewer
"Canon CanoScan LiDE 200 User Registration" = Canon CanoScan LiDE 200 User Registration
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1" = Pandora
"COMcheck 3.6.0" = COMcheck 3.6.0
"ERUNT_is1" = ERUNT 1.1j
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"InstallShield_{39D7AD56-BCF2-4A51-AAFB-3D0333ECF504}" = IDL 7.1
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{E6F019F1-DFB6-4853-A87D-6E31624755A9}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Paraben’s Download Manager" = Paraben’s Download Manager 2.1
"RealPlayer 12.0" = RealPlayer
"Shockwave" = Shockwave
"SimpleOCR 3.1" = SimpleOCR 3.1
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TurboTax 2008" = TurboTax 2008
"WinLiveSuite_Wave3" = Windows Live Essentials
"Works2003Setup" = Microsoft Works 2003 Setup Launcher
"World of Warcraft" = World of Warcraft
"Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1" = Xtend2 (beta)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"ActiveTouchMeetingClient" = WebEx
"GoToMeeting" = GoToMeeting 4.1.0.366
"iYogi SupportDock" = iYogi SupportDock 3.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Blade81 · Mar 21, 2010

Hi again,

Uninstall Ask & Record Toolbar and Ask Toolbar if not installed on purpose.

Uninstall old Adobe Reader versions and get the latest one (9.3 + update 9.3.1) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Start MBAM, update its definitions and run a quick scan. Let the found items be removed. Post back the report.

Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

Post back its report. How's the system running?

jwarch · Mar 21, 2010

MBAM log

Hi. I'll go thru a little of what I went through in the previous processes.
I was able to unload the old Adobe reader and install the new one but I was trying to clean up my file structure, maybe I shouldn't have, I could not delete part of the files located in the old Reader 9.0\Resources folder.
As I was installing the update to the new Flash the system locked up on me, but I was able to reboot and start it right back up with a successful installation.
I hope I have not messed up the process.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.44
Database version: 3892
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/21/2010 12:18:02 PM
mbam-log-2010-03-21 (12-18-02).txt

Scan type: Quick Scan
Objects scanned: 108506
Time elapsed: 4 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

jwarch · Mar 21, 2010

S&D log

Maybe I shouldn't have, I hope it has not hurt the process, but I did a Search and Destroy scan. I have attached the log below.

Hint of the Day: Click the bar at the right of this to see more information! ()
Virtumonde.sdn: [SBI $4F0ABAF2] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
MediaPlex: Tracking cookie (Firefox: default) (Cookie, nothing done)
DoubleClick: Tracking cookie (Firefox: default) (Cookie, nothing done)
BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
BurstMedia: Tracking cookie (Firefox: default) (Cookie, nothing done)
HitsLink: Tracking cookie (Firefox: default) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---
2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-01-25 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2010-02-17 Includes\Adware.sbi (*)
2010-03-16 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-03-16 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-03-16 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-03-16 Includes\KeyloggersC.sbi (*)
2010-03-02 Includes\Malware.sbi (*)
2010-03-17 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-03-16 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-03-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-03-16 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans.sbi (*)
2010-03-16 Includes\TrojansC-02.sbi (*)
2010-03-16 Includes\TrojansC-03.sbi (*)
2010-03-16 Includes\TrojansC-04.sbi (*)
2010-03-17 Includes\TrojansC-05.sbi (*)
2010-03-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Blade81 · Mar 21, 2010

Hi,

Please update your Spybot version to 1.6.2 here. Then run a new scan with it and post back the results. That finding looks like CA Anti-Virus related item to me and thus legit.

jwarch · Mar 21, 2010

S&D 1.6.2 Log

Virtumonde.sdn: [SBI $4F0ABAF2] Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-03-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-03-16 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-03-16 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-03-16 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-03-16 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-03-02 Includes\Malware.sbi (*)
2010-03-17 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-03-16 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-03-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-03-16 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans.sbi (*)
2010-03-16 Includes\TrojansC-02.sbi (*)
2010-03-16 Includes\TrojansC-03.sbi (*)
2010-03-16 Includes\TrojansC-04.sbi (*)
2010-03-17 Includes\TrojansC-05.sbi (*)
2010-03-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

jwarch · Mar 21, 2010

Didn't think it would 'Fix'

After I sent the previous scan log I let S&D run Fix. It gave me the message that it did fix the Virtumonde.sdn.

Virtumonde.sdn: [SBI $4F0ABAF2] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PFW
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-03-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2010-02-17 Includes\Adware.sbi (*)
2010-03-16 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-03-16 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-03-16 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-03-16 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-03-02 Includes\Malware.sbi (*)
2010-03-17 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-03-16 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-03-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2010-03-02 Includes\Spyware.sbi (*)
2010-03-16 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-03-03 Includes\Trojans.sbi (*)
2010-03-16 Includes\TrojansC-02.sbi (*)
2010-03-16 Includes\TrojansC-03.sbi (*)
2010-03-16 Includes\TrojansC-04.sbi (*)
2010-03-17 Includes\TrojansC-05.sbi (*)
2010-03-16 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

Blade81 · Mar 22, 2010

Hi,

Please upload C:\Windows\SysWow64\UmxWNP.dll file to http://www.virustotal.com to see its results. As I said earlier, I suspect that Spybot finding is a false positive.

jwarch · Mar 23, 2010

Link to test result

analisis/7d67c524f1dc71a56e7dfd2243648e6b89a5474a429dd0c8c86fd7f1a20ca6c9-1253628253

I can copy and past the results if this link doesn't work.

jwarch · Mar 23, 2010

I'm still getting start up problems

I still takes on average about 3 tries to get my computer to boot up.

Blade81 · Mar 23, 2010

Hi,

You could post a topic on false positives area about that entry Spybot is finding.

Click start->run and type services.msc followed by enter. Make sure Event Log service is started and its startup type is automatic.

Run a disk check instructed here. Have you defragged hard drive lately?

Blade81 · Mar 31, 2010

Due to inactivity, this thread will now be closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.

Virtumonde.sdn TrojansC-04

jwarch

New member

Blade81

Security Expert: Emeritus

jwarch

New member

Blade81

Security Expert: Emeritus

jwarch

New member

jwarch

New member

Blade81

Security Expert: Emeritus

jwarch

New member

jwarch

New member

Blade81

Security Expert: Emeritus

jwarch

New member

jwarch

New member

Blade81

Security Expert: Emeritus

jwarch

New member

jwarch

New member

Blade81

Security Expert: Emeritus

Blade81

Security Expert: Emeritus