Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

"Welcome to nginx" trying to get to www.google.com

Started by trink , Jun 22 2011 09:32 AM

This topic is locked

11 replies to this topic

#1 trink

Member

Members
15 posts

Posted 22 June 2011 - 09:32 AM

My original cry for help is here:
http://www.bleepingcomputer.com/forums/topic400606.html/page__p__2301531__hl__trink__fromsearch__1#entry2301531

and boils down to this:
A few weeks ago, when I attached to a (trusted) wireless connection at the in-laws house I started getting a blank "welcome to nginx" screen only when I tried to go to www.google.com via Firefox or Chrome (IE worked). Higher pages of google worked, just the front page was bad. Ran Norton (which I always have running) and it found nothing. Malwarebytes found a couple of suspected "trojans" which I deleted, I scanned using iobytes 360. Without having found this site yet

I found reference to GMER and had run that as a scan. Then, suddenly, a few days later, it just stopped. Now, I've connected with a "foreign" wifi again (testing a demo phone from Verizon and using the hotspot feature) and IT'S BACK. Can someone help me with the ghost lingering in my machine?

I have tried to follow the instructions, and will attach the files from dds.scr. HOWEVER, I've tried running GMER twice and both have caused BSOD. The first time cleared up the problem, so now Google is google again (that's what happened last time - just running GMER "fixed" it. Both times I had walked away from the system during the GMER scan (it takes a long time) so I didn't see the death happen. The second time it was alllllllmost done. Neither time had any red entries. I'll start the scan again but wanted to post what I had.

thanks, very much.
Trink

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_25
Run by downes at 15:27:01 on 2011-06-21
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3536.1222 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\STacSV.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Roxio\BackOnTrack\App\BService.exe
c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
c:\Program Files\Dell\Latitude ON Reader\CLMonitorService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\TSM\baclient\dsmcad.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Dell\Latitude ON Reader\BIOSEvent.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PodTrapper\PodtrapperDesktop.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Users\downes\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Password Safe\pwsafe.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AcroTray.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\program files\adobe\acrobat 10.0\acrobat\acrord32.exe
c:\program files\adobe\acrobat 10.0\acrobat\acrord32.exe
C:\Users\downes\Desktop\dds.scr
C:\Windows\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\mif5ba~1\office14\URLREDIR.DLL
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\users\downes\appdata\roaming\compitlyengine\ComplitlyEngine.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [PodTrapper] c:\program files\podtrapper\PodtrapperDesktop.exe
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IntelWirelessWiMAX] "c:\program files\intel\wimax\bin\WiMAXCU.exe" /tasktray /nosplash
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [USCService] c:\program files\dell\dell controlpoint\security manager\BcmDeviceAndTaskStatusService.exe
mRun: [CLIVFR] "c:\program files\dell\latitude on reader\CLIVFR.exe"
mRun: [BIOSEvent] "c:\program files\dell\latitude on reader\BIOSEvent.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2
mRun: [acevents] "c:\program files\actividentity\activclient\acevents.exe"
mRun: [accrdsub] "c:\program files\actividentity\activclient\accrdsub.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ScanSnap WIA Service Checker] c:\windows\ssdriver\fi5110\SsWiaChecker.exe
mRun: [HP KEYBOARDg] "c:\program files\hewlett-packard\hp wireless elite keyboard\HPKEYBOARDg.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2011\roxio burn\RoxioBurnLauncher.exe"
mRun: [CPMonitor] "c:\program files\roxio\cineplayer\5.0\CPMonitor.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Anti-phishing Domain Advisor] "c:\programdata\anti-phishing domain advisor\visicom_antiphishing.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [<NO NAME>]
StartupFolder: c:\users\downes\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\downes\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\downes\appdata\roaming\micros~1\windows\startm~1\programs\startup\passwo~1.lnk - c:\program files\password safe\pwsafe.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\activc~1.lnk - c:\program files\actividentity\activclient\acsagent.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\conver~1.lnk - c:\program files\pfu\scansnap\organizer\PfuSsOrgOcrChk.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\scansn~1.lnk - c:\program files\pfu\scansnap\driver\PfuSsMon.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tdmnot~1.lnk - c:\program files\wave systems corp\trusted drive manager\TdmNotify.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{21e247d4-5e27-4bea-aa4d-19a81203fe2a}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\mif5ba~1\office14\EXCEL.EXE/3000
IE: Save to DataVault - file://c:\program files\datavault\DataVault.exe/../iemenuext.htm
IE: Se&nd to OneNote - c:\progra~1\mif5ba~1\office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mif5ba~1\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://storserver-support.webex.com/client/T27LC/smt/ieatgpc1.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {6A8027F1-A243-412A-B921-75348A3C9C66} = 132.250.1.131,132.250.108.12
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\downes\appdata\roaming\mozilla\firefox\profiles\jl7po10g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=723823&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\progra~1\mif5ba~1\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\mif5ba~1\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDbsGscInfo.dll
FF - plugin: c:\program files\gradkell systems, inc\dbsign data security suite\common\lib\npDBsignWeb.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\research in motion limited\blackberry app world browser plugin\npappworld.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\downes\appdata\roaming\mozilla\firefox\profiles\jl7po10g.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\users\downes\appdata\roaming\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\users\downes\appdata\roaming\mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2011-1-17 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2011-1-17 15856]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2011-1-17 25584]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\app\SaibSVC.exe [2009-6-2 457200]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 BOT4Service;BOT4Service;c:\program files\roxio\backontrack\app\BService.exe [2010-8-31 39408]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]
R2 CLMonitor;CLMonitor;c:\program files\dell\latitude on reader\CLMonitorService.exe [2009-5-22 120104]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 386848]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\intel\wimax\bin\DMAgent.exe [2009-7-30 348160]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-3-1 47640]
R2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\novatel wireless\verizon\drivers\NWHelper_001.exe [2010-6-3 216064]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2009-12-22 77312]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-11-28 1962136]
R2 TSM Client Acceptor;TSM Client Acceptor;c:\program files\tsm\baclient\dsmcad.exe [2010-4-27 3309592]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\intel\wimax\bin\AppSrv.exe [2009-7-30 815104]
R3 acpials;ALS Sensor Filter;c:\windows\system32\drivers\acpials.sys [2009-7-14 7680]
R3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\drivers\bpenum.sys [2010-4-5 56320]
R3 bpmp;Intel® WiMAX Link 5050 Series;c:\windows\system32\drivers\bpmp.sys [2010-4-5 142336]
R3 bpusb;Intel® WiMAX Link 5050 Series Function Driver;c:\windows\system32\drivers\bpusb.sys [2010-4-5 56320]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2010-4-5 143968]
R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-4-5 33832]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2010-4-5 221912]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-11 105592]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2010-4-5 122368]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2010-4-5 4232192]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2008-6-3 144672]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2008-9-18 277440]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-24 136176]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\13.0\sharedcom\RoxWatch13.exe [2010-7-16 354288]
S2 TSM Client Scheduler;TSM Client Scheduler;c:\program files\tsm\baclient\dsmcsvc.exe [2010-4-27 17264152]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-4-5 29472]
S3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\drivers\CtAudDrv.sys [2010-4-5 134144]
S3 GKUPRO2D;GKUPRO2D;c:\windows\system32\drivers\GKUPRO2D.sys [2010-4-5 71680]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-24 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2010-7-8 20480]
S3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\drivers\nwusbmdm_000.sys [2010-7-8 176384]
S3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\drivers\nwusbser_000.sys [2010-7-8 176384]
S3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\drivers\nwusbser2_000.sys [2010-7-8 176384]
S3 rimspci;rimspci;c:\windows\system32\drivers\rimspe86.sys [2010-4-5 47104]
S3 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-4-5 49152]
S3 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe86.sys [2010-4-5 38400]
S3 RoxMediaDB13;RoxMediaDB13;c:\program files\common files\roxio shared\13.0\sharedcom\RoxMediaDB13.exe [2010-7-16 1099248]
S3 SavRoam;SavRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-11-28 122008]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TSM Remote Client Agent;TSM Remote Client Agent;c:\program files\tsm\baclient\dsmagent.exe [2010-4-27 5821464]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-15 1343400]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
.
=============== Created Last 30 ================
.
2011-06-20 12:57:17 -------- d-----w- c:\users\downes\appdata\local\Freemake
2011-06-17 12:13:26 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e986a20e-314e-41a2-8f79-ca279a323a30}\mpengine.dll
2011-06-16 01:42:08 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 01:42:08 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 01:42:08 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 01:42:02 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 01:42:01 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 01:40:53 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 01:40:53 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 01:40:53 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-14 19:51:23 -------- d-----w- c:\program files\iPod
2011-06-14 19:51:22 -------- d-----w- c:\program files\iTunes
2011-06-10 15:18:34 -------- d-----w- c:\users\downes\appdata\roaming\EurekaLog
2011-06-10 14:13:46 -------- d-----w- c:\users\downes\appdata\roaming\Frostbow
2011-06-10 14:13:31 -------- d-----w- c:\program files\Frostbow
2011-06-08 20:37:52 -------- d-----w- c:\program files\Research In Motion Limited
2011-06-06 19:55:44 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 19:55:34 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55:32 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-02 00:26:28 -------- d-----w- c:\users\downes\appdata\roaming\OpenDNS Updater
2011-06-02 00:26:25 -------- d-----w- c:\program files\OpenDNS Updater
2011-05-31 14:34:50 -------- d-----w- c:\programdata\Norton
2011-05-31 14:34:46 -------- d-----w- c:\users\downes\appdata\local\NPE
2011-05-30 13:01:44 -------- d-----w- C:\$RECYCLE.BIN
2011-05-30 12:58:43 -------- d-----w- c:\users\downes\appdata\local\temp
2011-05-30 12:49:45 98816 ----a-w- c:\windows\sed.exe
2011-05-30 12:49:45 518144 ----a-w- c:\windows\SWREG.exe
2011-05-30 12:49:45 256512 ----a-w- c:\windows\PEV.exe
2011-05-30 12:49:45 208896 ----a-w- c:\windows\MBR.exe
2011-05-30 01:26:15 -------- d-----w- c:\programdata\IObit
2011-05-30 01:26:13 -------- d-----w- c:\program files\IObit
2011-05-29 01:40:24 -------- d-----w- c:\users\downes\appdata\roaming\Malwarebytes
2011-05-29 01:40:17 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 01:40:17 -------- d-----w- c:\programdata\Malwarebytes
2011-05-29 01:40:14 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-29 01:40:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-25 23:16:12 -------- d-----w- c:\users\downes\appdata\local\CANON_INC
2011-05-25 13:40:56 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
==================== Find3M ====================
.
2011-06-17 22:43:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-03 04:50:29 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-27 02:33:46 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-22 19:31:50 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31:26 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-22 18:23:59 386048 ----a-w- c:\windows\system32\html.iec
2011-04-14 09:07:59 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 06:13:06 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13:06 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56:38 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 20:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: SAMSUNG_ rev.VBM9 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83439000]<< >>UNKNOWN [0x8D03B000]<< >>UNKNOWN [0x8C9E0000]<< >>UNKNOWN [0x8CDF3000]<< >>UNKNOWN [0x8CA16000]<< >>UNKNOWN [0x83402000]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83475428] -> \Device\Harddisk0\DR0[0x87643580]
\Driver\Disk[0x8763F178] -> IRP_MJ_CREATE -> 0x8D03F39F
3 [0x8D03F59E] -> ntkrnlpa!IofCallDriver[0x83475428] -> [0x87643BA0]
\Driver\SahdIa32[0x875E9F38] -> IRP_MJ_CREATE -> 0x8CDF49FC
5 [0x8CDF4939] -> ntkrnlpa!IofCallDriver[0x83475428] -> \Device\Ide\IAAStorageDevice-1[0x867F3028]
\Driver\iaStor[0x867FAD18] -> IRP_MJ_CREATE -> 0x8CA5A954
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
user & kernel MBR OK
copy of MBR has been found in sector 19 !
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 15:27:21.87 ===============

Attached Files

Attach.txt 14.83K 0 downloads

BC Ads
BleepingComputer.com

#2 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 30 June 2011 - 01:04 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you.

I am very sorry for the delay in responding, but as you can see we are at the moment being flooded with logs which, when paired with the never-ending shortage of helpers, resulted in the delayed responding to your thread.

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)
Because of this, you must reply within three days failure to reply will result in the topic being closed!
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

Rootkit UnHooker (RkU)
Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.

Double-click on RKUnhookerLE.exe to start the program.
Vista/Windows 7 users right-click and select Run As Administrator.
Click the Report tab, then click Scan.
Check Drivers, Stealth Code, and uncheck the rest.
Click OK.
Wait until it's finished and then go to File > Save Report.
Save the report to your Desktop.
Copy and paste the contents of the report into your next reply.

-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

NEXT:

Running OTL

We need to create a FULL OTL Report

Please download OTL from here:
- Main Mirror
- Mirror
Save it to your desktop.
Double click on the icon on your desktop.
Click the "Scan All Users" checkbox.
Change the "Extra Registry" option to "SafeList"
Push the button.
Two reports will open, copy and paste them in a reply here:
- OTL.txt <-- Will be opened
- Extras.txt <-- Will be minimized

NEXT:

Please provide an update on how things are running in your next reply.

Have I helped you? If you'd like to assist in the fight against malware, click here

The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.

#3 trink

Member

Members
15 posts

Posted 30 June 2011 - 01:38 PM

ST,
Good to meet you too. I can be patient, any help is greatly appreciated. Weirdness in browsing is periodic. I do a lot of roaming around so am on "foreign" wireless signals fairly routinely. Not all are wide open, but I do have anti-virus running all the time and NoScript is installed for Firefox (my primary browser). Sometimes everything feels normal, sometimes I am welcomed back to nginx and things slow with all three browsers until I get fairly freaked out and shut down.
I'm a sysadmin in an "in the trenches" way, so know my way around the block but am NOT a specialist in defeating malware/spyware/bad guys in general. I tell you that just to help with the level of instruction you can give me. I know what a registry key is.

Here are the three logs requested: report.txt, OLT.txt and extras.txt.

-thanks!
Trink

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x9C429000 C:\Windows\system32\DRIVERS\igdkmd32.sys 6430720 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x9D811000 C:\Windows\system32\DRIVERS\NETw5v32.sys 4272128 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x83619000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x83619000 PnpManager 4259840 bytes
0x83619000 RAW 4259840 bytes
0x83619000 WMIxWDM 4259840 bytes
0x9DF20000 Win32k 2404352 bytes
0x9DF20000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x9240D000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110630.002\NAVEX15.SYS 1536000 bytes (Symantec Corporation, AV Engine)
0x8D210000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP Driver)
0x8CE12000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT File System Driver)
0x92832000 C:\Windows\System32\Drivers\dump_iaStor.sys 892928 bytes
0x8CC3D000 C:\Windows\system32\DRIVERS\iaStor.sys 892928 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x9CA4B000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x8D020000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20 driver)
0x8C8F4000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Code Integrity Module)
0xBDA3E000 C:\Windows\system32\drivers\hardlock.sys 696320 bytes (Aladdin Knowledge Systems Ltd., Hardlock Device Driver for Windows NT)
0xBDB1E000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0xB9F65000 C:\Windows\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0xB9E07000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x8C821000 C:\Windows\system32\mcupdate_GenuineIntel.dll 491520 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x8CA23000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernel Mode Driver Framework Runtime)
0x82EC5000 C:\Windows\system32\DRIVERS\stwrt.sys 425984 bytes (IDT, Inc., IDT PC Audio)
0x9BA24000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 417792 bytes (Symantec Corporation, SPBBC Driver)
0x9BB70000 C:\Windows\system32\drivers\csc.sys 409600 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x9BAE8000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x8CF7F000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8CD6F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xC227F000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0xC2230000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x9DE00000 C:\Windows\System32\ATMFD.DLL 315392 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0x9CB80000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x8CB64000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x92941000 C:\Windows\System32\Drivers\SRTSP.SYS 299008 bytes (Symantec Corporation, Symantec AutoProtect)
0x8CAA2000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI Driver for NT)
0x907A8000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0x90625000 C:\Windows\system32\DRIVERS\OA001Vid.sys 278528 bytes (Creative Technology Ltd., Video Capture Device Driver)
0x82E70000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x8C8B2000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x9BA93000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x8D393000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D0D7000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8C99F000 C:\Windows\system32\DRIVERS\NWADIenum.sys 249856 bytes (Novatel Wireless Inc, NWADI Interface Bus Enumerator)
0xB9EDA000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x9CB3B000 C:\Windows\system32\DRIVERS\e1y6232.sys 237568 bytes (Intel Corporation, Intel® Gigabit Network Connection NDIS 6 deserialized driver)
0x9DC92000 C:\Windows\system32\DRIVERS\Apfiltr.sys 233472 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x9CB02000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x906FD000 C:\Windows\system32\DRIVERS\WavxDMgr.sys 229376 bytes (Wave Systems Corp., WavX Document Manager Filter Driver)
0x83A29000 ACPI_HAL 225280 bytes
0x83A29000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8CD20000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x8CBC5000 C:\Windows\system32\DRIVERS\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x82E3D000 C:\Windows\system32\DRIVERS\bpenum.sys 208896 bytes (Intel Corporation, Intel® WiMax Link 5050 Series Enumerator)
0x8D167000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x92800000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8D359000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0xC2321000 C:\Windows\System32\Drivers\RDPWD.SYS 200704 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x82F2D000 C:\Windows\system32\DRIVERS\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8D13A000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x9DC24000 C:\Windows\system32\DRIVERS\1394ohci.sys 180224 bytes (Microsoft Corporation, 1394 OpenHCI Driver)
0x8CC00000 C:\Windows\System32\Drivers\SYMTDI.SYS 180224 bytes (Symantec Corporation, Network Dispatch Driver)
0x8CF41000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0xBDAE8000 C:\Windows\System32\Drivers\fastfat.SYS 172032 bytes (Microsoft Corporation, Fast FAT File System Driver)
0x8CAFB000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x82FD3000 C:\Windows\system32\DRIVERS\bpmp.sys 163840 bytes (Intel Corporation, Intel® WiMax Link 5050 Series Driver)
0x8D1AA000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8D115000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0xC22E5000 C:\Windows\System32\drivers\rdpdr.sys 151552 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x9068D000 C:\Windows\system32\DRIVERS\CtClsFlt.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x90669000 C:\Windows\system32\DRIVERS\OA001Ufd.sys 147456 bytes (Creative Technology Ltd., Video Class Upper Filter Driver)
0x82F75000 C:\Windows\system32\drivers\IntcHdmi.sys 143360 bytes (Intel® Corporation, Intel® High Definition Audio HDMI)
0xB9EB7000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x9DDB0000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x92589000 C:\Windows\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0xBDBBF000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x9BA00000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x925D9000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x90762000 C:\Windows\system32\DRIVERS\WUDFRd.sys 135168 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0x92922000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x9DD47000 C:\Windows\system32\DRIVERS\dne2000.sys 126976 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0x9CBDA000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D1DC000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x9E1B0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x9BB46000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x906E2000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0xB9F15000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90735000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB9E8C000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x82F5C000 C:\Windows\system32\DRIVERS\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x9DC50000 C:\Windows\system32\DRIVERS\sdbus.sys 102400 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x9BBD4000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x9DC7A000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042 Port Driver)
0x9DD8D000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x9DDD2000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x9DCFE000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x9C400000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x929CC000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x82E00000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x8CBAF000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Mount Point Manager)
0x9D4F6000 C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110630.002\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x82FC0000 C:\Windows\System32\Drivers\bpusb.sys 77824 bytes (Intel Corporation, Intel® WiMax Link 5050 Series Function Driver)
0x906BC000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x8CF6C000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x90600000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8CDE3000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9DD7B000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x9DD27000 C:\Windows\system32\DRIVERS\intelppm.sys 73728 bytes (Microsoft Corporation, Processor Device Driver)
0xB9EA5000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0xB9F54000 C:\Windows\System32\Drivers\adfs.SYS 69632 bytes (Adobe Systems, Inc., Adobe Drive File System Driver)
0x8D199000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x82FAF000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8CD54000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x82EB4000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8CB30000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x8C899000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x9DC69000 C:\Windows\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD/MMC Driver)
0x9298A000 C:\Windows\System32\Drivers\SRTSPX.SYS 69632 bytes (Symantec Corporation, Symantec AutoProtect)
0x90798000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x8D200000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x907EE000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x8D00E000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8CB54000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x9CBCB000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x9BBEC000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8D000000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x929BE000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x8CFDC000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x9DDEC000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x8CA94000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x9DD39000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x82FA2000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x9DCD8000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Keyboard Class Driver)
0x9DD6E000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x9DCCB000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mouse Class Driver)
0xBDBE0000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xC2314000 C:\Windows\System32\DRIVERS\tssecsrv.sys 53248 bytes (Microsoft Corporation, TS Security Filter Driver)
0x92400000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x82E19000 C:\Windows\System32\Drivers\cvusbdrv.sys 49152 bytes (Broadcom Corporation, Broadcom Credential Vault USB Driver)
0x9BB64000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0xB9F30000 C:\Windows\system32\drivers\Haspnt.sys 49152 bytes (Aladdin Knowledge Systems, HASP Kernel Device Driver for Windows NT)
0x906D6000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x9078C000 C:\Windows\System32\DRIVERS\scfilter.sys 49152 bytes (Microsoft Corporation, Microsoft Smart Card Reader Filter Driver)
0x925CD000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CB49000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x906B1000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x9D4EB000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x9074F000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x929B3000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x9DDA5000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x8D3EB000 C:\Windows\system32\DRIVERS\PBADRV.sys 45056 bytes (Dell Inc, PBA Support Driver)
0x929E3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x9CB75000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x8CB25000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Virtual Drive Root Enumerator)
0x82F98000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0xBDB14000 C:\Windows\system32\drivers\LMIRfsDriver.sys 40960 bytes (LogMeIn, Inc., LogMeIn Rfs Drivemap Driver)
0x9BADE000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9BAD4000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8CD65000 C:\Windows\System32\Drivers\PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x9DD1C000 C:\Windows\system32\DRIVERS\rdpbus.sys 40960 bytes (Microsoft Corporation, Microsoft RDP Bus Device driver)
0xBDBB5000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xC230A000 C:\Windows\system32\drivers\tdtcp.sys 40960 bytes (Microsoft Corporation, TCP Transport Driver)
0x8CD17000 C:\Windows\system32\drivers\amdxata.sys 36864 bytes (Advanced Micro Devices, Storage Filter Driver)
0x9D531000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x9D50A000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x8CFEA000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D3E2000 C:\Windows\System32\Drivers\SahdIa32.sys 36864 bytes (Sonic Solutions, Disk Filter Driver)
0x9BA8A000 C:\Windows\System32\Drivers\SaibVd32.sys 36864 bytes (Sonic Solutions, FileDisk Virtual Disk Driver)
0x9E180000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x8D38A000 C:\Windows\system32\DRIVERS\vmstorfl.sys 36864 bytes (Microsoft Corporation, Virtual Storage Filter Driver)
0x90783000 C:\Windows\system32\DRIVERS\WinUSB.sys 36864 bytes (Microsoft Corporation, Windows USB Class Driver BETA)
0x9DCF5000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x8CAEA000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x9075A000 C:\Windows\system32\DRIVERS\acpials.sys 32768 bytes (Microsoft Corporation, ACPI ALS Sensor Lower Filter Driver)
0x8C8AA000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8CB41000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8D3F6000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BB8000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x8CAF3000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x9299B000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x929A3000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x929AB000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x9DD66000 C:\Windows\System32\Drivers\RootMdm.sys 32768 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0x8D3DA000 C:\Windows\System32\Drivers\SaibIa32.sys 32768 bytes (Sonic Solutions, Disk Filter Driver)
0x8D3D2000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x925C6000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x906CF000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x925BF000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x9DD15000 C:\Windows\system32\DRIVERS\RimSerial.sys 28672 bytes (Research in Motion Ltd, RIM Virtual Serial Driver)
0x929EE000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x9DCEB000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xC2352000 C:\Windows\System32\Drivers\SYMREDRV.SYS 24576 bytes (Symantec Corporation, Redirector Filter Driver)
0x9DCE5000 C:\Windows\System32\Drivers\AnyDVD.sys 20480 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0x9DCF1000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xB9FF5000 C:\Windows\System32\Drivers\ElbyCDIO.sys 12288 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xBDB12000 C:\Program Files\LogMeIn\x86\RaInfo.sys 8192 bytes (LogMeIn, Inc., RemotelyAnywhere Kernel Information Provider)
0x9DDEA000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x82E17000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0x9DCEA000 C:\Windows\System32\Drivers\ElbyDelay.sys 4096 bytes (Elaborate Bytes AG, Elby Delay Lower Filter Driver)
0x9DD46000 C:\Windows\system32\DRIVERS\lmimirr.sys 4096 bytes (LogMeIn, Inc., LogMeIn Mirror Miniport Driver)
==============================================
>Stealth
==============================================

OTL logfile created on: 6/30/2011 2:22:43 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\downes\Desktop\nginx
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 39.17% Memory free
6.90 Gb Paging File | 4.25 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 237.70 Gb Total Space | 38.05 Gb Free Space | 16.01% Space Free | Partition Type: NTFS

Computer Name: UMUNHUM | User Name: downes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 14:21:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\downes\Desktop\nginx\OTL.exe
PRC - [2011/06/22 16:55:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
PRC - [2011/06/22 16:55:44 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
PRC - [2011/06/21 15:34:20 | 012,596,912 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2011/06/06 15:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\downes\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/05/17 05:40:44 | 000,072,704 | ---- | M] (Google) -- C:\Program Files\Google\Google Earth\client\googleearth.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/15 14:06:08 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/17 21:49:12 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/13 14:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
PRC - [2010/08/25 13:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/08/12 21:51:10 | 001,422,168 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
PRC - [2010/07/26 11:45:14 | 002,568,192 | ---- | M] (SourceForge.net) -- C:\Program Files\Password Safe\pwsafe.exe
PRC - [2010/06/30 10:10:14 | 000,477,680 | ---- | M] () -- C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
PRC - [2010/04/27 01:59:32 | 017,264,152 | ---- | M] (IBM Corporation) -- C:\Program Files\TSM\baclient\dsmcsvc.exe
PRC - [2010/04/27 01:59:30 | 003,309,592 | ---- | M] (IBM Corporation) -- C:\Program Files\TSM\baclient\dsmcad.exe
PRC - [2010/03/23 10:57:48 | 015,889,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/05 21:23:58 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/05 15:04:04 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/12/22 12:23:52 | 001,845,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/12/22 12:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/12/10 14:44:26 | 001,327,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/12/01 10:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/24 16:48:32 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/11/19 17:13:00 | 000,053,248 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/11/02 12:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/09/30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
PRC - [2009/08/11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/31 20:16:12 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/31 20:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
PRC - [2009/07/30 10:45:36 | 001,425,408 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
PRC - [2009/07/30 10:25:02 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
PRC - [2009/07/30 10:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
PRC - [2009/07/23 16:25:26 | 000,701,592 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 21:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009/07/08 18:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/19 18:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/08 12:08:16 | 000,315,392 | ---- | M] () -- C:\Program Files\PodTrapper\PodtrapperDesktop.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 16:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2009/05/22 15:51:24 | 000,120,104 | ---- | M] () -- c:\Program Files\Dell\Latitude ON Reader\CLMonitorService.exe
PRC - [2009/05/22 15:50:56 | 000,116,008 | ---- | M] () -- C:\Program Files\Dell\Latitude ON Reader\BIOSEvent.exe
PRC - [2009/04/23 10:05:14 | 005,689,344 | ---- | M] (Wisdom Software Inc. ) -- C:\Program Files\ScreenHunter\ScreenHunter.exe
PRC - [2009/02/01 04:15:38 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/11/24 17:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/09/23 11:20:00 | 000,415,072 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

========== Modules (SafeList) ==========

MOD - [2011/06/30 14:21:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\downes\Desktop\nginx\OTL.exe
MOD - [2011/03/15 14:06:10 | 000,384,168 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/08/11 17:10:08 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
MOD - [2008/05/29 14:41:04 | 000,057,344 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcrHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/13 14:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/05/15 03:00:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/08 10:36:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/27 01:59:32 | 017,264,152 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\TSM\baclient\dsmcsvc.exe -- (TSM Client Scheduler)
SRV - [2010/04/27 01:59:30 | 003,309,592 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\TSM\baclient\dsmcad.exe -- (TSM Client Acceptor)
SRV - [2010/04/27 01:59:28 | 005,821,464 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files\TSM\baclient\dsmagent.exe -- (TSM Remote Client Agent)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/12/22 12:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/11/18 17:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/07/31 20:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV)
SRV - [2009/07/30 10:25:02 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009/07/30 10:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/22 15:51:24 | 000,120,104 | ---- | M] () [Auto | Running] -- c:\Program Files\Dell\Latitude ON Reader\CLMonitorService.exe -- (CLMonitor)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - [2011/05/18 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110630.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110630.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/05/09 10:54:45 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/05/07 09:28:09 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/05 15:03:58 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/11/24 19:30:34 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/30 18:51:14 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/09/21 15:20:26 | 000,028,632 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/08/23 11:14:06 | 004,232,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/07/31 20:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/30 13:06:18 | 000,142,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpmp.sys -- (bpmp) Intel®
DRV - [2009/07/30 13:06:14 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpusb.sys -- (bpusb) Intel®
DRV - [2009/07/30 13:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum) Intel®
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 11:59:34 | 000,071,680 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GKUPRO2D.sys -- (GKUPRO2D)
DRV - [2009/07/04 22:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 12:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 23:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 20:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 20:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 20:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/23 18:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel®
DRV - [2009/06/15 14:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/06/12 22:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel®
DRV - [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/05/28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/05/26 15:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/09/18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/06/03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/22 16:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 16:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/10/26 12:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/26 12:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/09/28 18:40:58 | 000,018,048 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004/06/08 18:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4095778983-211508458-528760211-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4095778983-211508458-528760211-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4095778983-211508458-528760211-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.1.1
FF - prefs.js..extensions.enabledItems: {d15c1608-ba3e-4aa0-aa6f-aa9337226087}:1.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=723823&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\datavault@ascendo.inc: C:\Program Files\DataVault\DataVault.exe\..\firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/06/20 08:56:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/21 07:51:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 16:55:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 07:52:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/06/22 16:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/21 15:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/22 09:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\downes\AppData\Roaming\Mozilla\Extensions
[2010/04/22 09:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\downes\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/06/28 13:48:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions
[2011/06/24 21:15:33 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/05/24 09:05:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/04 09:45:21 | 000,000,000 | ---D | M] ("DoD Configuration") -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2011/04/29 09:43:11 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\fbdislike@doweb.fr
[2011/04/20 21:14:12 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\firefox@ghostery.com
[2010/12/29 09:53:43 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\isreaditlater@ideashower.com
[2011/02/17 09:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 20:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/05/07 09:20:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) --
[2011/06/21 07:51:57 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/06/20 08:56:55 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/05/24 09:11:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/06/21 14:50:02 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/30 09:01:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\downes\AppData\Roaming\CompitlyEngine\ComplitlyEngine.dll (SimplyGen)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4095778983-211508458-528760211-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BIOSEvent] c:\Program Files\Dell\Latitude ON Reader\BIOSEvent.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLIVFR] c:\Program Files\Dell\Latitude ON Reader\CLIVFR.exe (CyberLink)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HP KEYBOARDg] C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.dll (Pinnacle Systems)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-4095778983-211508458-528760211-1000..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKU\S-1-5-21-4095778983-211508458-528760211-1000..\Run: [PodTrapper] C:\Program Files\PodTrapper\PodtrapperDesktop.exe ()
O4 - Startup: C:\Users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\downes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4095778983-211508458-528760211-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4095778983-211508458-528760211-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKU\S-1-5-21-4095778983-211508458-528760211-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-4095778983-211508458-528760211-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://storserver-support.webex.com/client/T27LC/smt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/23 20:41:11 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\Folk Dance Underground - [tape]
[2011/06/23 20:40:38 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\Folk Music (Trink)
[2011/06/21 16:02:03 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\nginx
[2011/06/20 08:57:17 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Local\Freemake
[2011/06/15 21:41:32 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/06/15 21:41:07 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/06/15 21:41:07 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/06/15 21:41:07 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/06/15 21:41:07 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/06/15 21:41:07 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/06/15 21:41:07 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/06/15 21:41:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/06/15 21:41:07 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/06/15 21:41:07 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/06/15 21:41:07 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/06/15 21:41:07 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/06/14 15:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/14 15:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/14 15:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/10 11:18:34 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Roaming\EurekaLog
[2011/06/10 10:13:46 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Roaming\Frostbow
[2011/06/10 10:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frostbow Home Inventory Lite
[2011/06/10 10:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Frostbow
[2011/06/08 16:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited
[2011/06/08 10:29:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\wyoHomeInventory Projects
[2011/06/06 15:55:34 | 000,047,512 | ---- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2011/06/06 15:55:32 | 000,022,936 | ---- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2011/06/06 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\downes\Documents\My Garmin
[2011/06/03 07:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/01 20:26:28 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Roaming\OpenDNS Updater
[2011/06/01 20:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater
[2011/06/01 11:10:30 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Roaming\WinRAR
[2011/06/01 11:10:30 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/01 11:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/06/01 11:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/30 13:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/30 13:51:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/30 12:43:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/29 13:49:47 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/29 13:49:47 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/27 13:39:01 | 000,635,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/27 13:39:01 | 000,111,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/27 13:36:21 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\WavXMapDrive.bat
[2011/06/27 13:33:30 | 2780,758,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/27 08:36:58 | 000,000,668 | ---- | M] () -- C:\Users\downes\Desktop\load_cgcolors.pro
[2011/06/25 11:10:07 | 000,013,768 | ---- | M] () -- C:\Users\downes\Documents\q.pdf
[2011/06/25 08:39:03 | 000,034,858 | ---- | M] () -- C:\Users\downes\Desktop\Relieve Stress to Look Younger - 7 Steps for Healthy Skin.pdf
[2011/06/24 09:24:00 | 000,002,394 | ---- | M] () -- C:\Users\downes\Desktop\Every Day.lnk
[2011/06/23 19:48:53 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011/06/22 17:24:38 | 000,062,751 | ---- | M] () -- C:\Users\downes\Desktop\Find a Laptop, Notebook, Desktop, Server, Printer, Software, Service, Monitor or TV at Dell.pdf
[2011/06/22 16:55:59 | 000,002,099 | ---- | M] () -- C:\Users\downes\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
[2011/06/22 09:10:04 | 728,626,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/22 09:05:50 | 000,007,482 | ---- | M] () -- C:\Users\downes\Desktop\NRL.mobileconfig
[2011/06/21 15:43:22 | 000,293,977 | ---- | M] () -- C:\Users\downes\Desktop\gmer.zip
[2011/06/21 15:11:20 | 000,050,477 | ---- | M] () -- C:\Users\downes\Desktop\Defogger.exe
[2011/06/21 15:10:33 | 000,450,143 | ---- | M] () -- C:\Users\downes\Desktop\medic Alert pectus.pdf
[2011/06/21 14:34:19 | 001,344,272 | ---- | M] () -- C:\Users\downes\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.pdf
[2011/06/20 22:14:25 | 000,037,356 | ---- | M] () -- C:\Users\downes\Desktop\Service confirmation.pdf
[2011/06/20 22:05:11 | 000,047,256 | ---- | M] () -- C:\Users\downes\Desktop\SAVE 10%_ - Sears Home Services.pdf
[2011/06/20 17:05:25 | 000,002,068 | -H-- | M] () -- C:\Users\downes\Documents\Default.rdp
[2011/06/16 16:10:53 | 000,084,659 | ---- | M] () -- C:\Users\downes\Desktop\Trimble - GPS Tutorial.pdf
[2011/06/13 08:56:09 | 000,001,337 | ---- | M] () -- C:\Users\downes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/06 15:55:34 | 000,047,512 | ---- | M] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2011/06/06 15:55:32 | 000,022,936 | ---- | M] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2011/06/05 20:52:15 | 000,029,684 | ---- | M] () -- C:\Users\downes\Desktop\JCPenney Customer Satisfaction Survey.pdf
[2011/06/03 07:09:36 | 002,394,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/27 08:36:57 | 000,000,668 | ---- | C] () -- C:\Users\downes\Desktop\load_cgcolors.pro
[2011/06/25 11:10:07 | 000,013,768 | ---- | C] () -- C:\Users\downes\Documents\q.pdf
[2011/06/25 08:39:03 | 000,034,858 | ---- | C] () -- C:\Users\downes\Desktop\Relieve Stress to Look Younger - 7 Steps for Healthy Skin.pdf
[2011/06/24 09:21:23 | 000,002,394 | ---- | C] () -- C:\Users\downes\Desktop\Every Day.lnk
[2011/06/22 17:23:22 | 000,062,751 | ---- | C] () -- C:\Users\downes\Desktop\Find a Laptop, Notebook, Desktop, Server, Printer, Software, Service, Monitor or TV at Dell.pdf
[2011/06/22 09:05:48 | 000,007,482 | ---- | C] () -- C:\Users\downes\Desktop\NRL.mobileconfig
[2011/06/21 15:43:20 | 000,293,977 | ---- | C] () -- C:\Users\downes\Desktop\gmer.zip
[2011/06/21 15:10:32 | 000,450,143 | ---- | C] () -- C:\Users\downes\Desktop\medic Alert pectus.pdf
[2011/06/21 14:34:19 | 001,344,272 | ---- | C] () -- C:\Users\downes\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.pdf
[2011/06/20 22:14:25 | 000,037,356 | ---- | C] () -- C:\Users\downes\Desktop\Service confirmation.pdf
[2011/06/20 22:05:11 | 000,047,256 | ---- | C] () -- C:\Users\downes\Desktop\SAVE 10%_ - Sears Home Services.pdf
[2011/06/16 16:10:53 | 000,084,659 | ---- | C] () -- C:\Users\downes\Desktop\Trimble - GPS Tutorial.pdf
[2011/06/05 20:52:15 | 000,029,684 | ---- | C] () -- C:\Users\downes\Desktop\JCPenney Customer Satisfaction Survey.pdf
[2011/06/01 20:26:28 | 000,001,968 | ---- | C] () -- C:\Users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2011/05/30 08:49:45 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/30 08:49:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/30 08:49:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/30 08:49:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/30 08:49:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/01 13:50:30 | 000,000,340 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/12/21 13:08:01 | 000,022,016 | ---- | C] () -- C:\Users\downes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 15:26:17 | 000,158,372 | ---- | C] () -- C:\Windows\Screen Recorder Pro Uninstaller.exe
[2010/11/01 12:56:19 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/01 15:29:44 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/09 21:16:20 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2010/06/27 18:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/06/09 14:15:02 | 000,219,304 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/23 08:58:26 | 000,086,428 | ---- | C] () -- C:\Users\downes\AppData\Local\rx_audio.Cache
[2010/05/22 19:36:20 | 000,954,668 | ---- | C] () -- C:\Users\downes\AppData\Local\rx_image32.Cache
[2010/05/12 11:26:15 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/05/09 10:54:45 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/05/08 11:38:24 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/04/18 15:32:12 | 000,000,000 | ---- | C] () -- C:\Users\downes\AppData\Local\WavXMapDrive.bat
[2010/04/05 15:29:55 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/04/05 15:29:53 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/04/05 15:29:53 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/05 15:29:53 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/04/05 15:29:52 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/04/05 12:43:45 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2010/04/05 12:43:45 | 000,206,216 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2010/04/05 12:42:48 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010/04/05 12:40:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/12/22 12:03:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\preflib.dll
[2009/11/19 16:47:10 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2009/11/18 16:21:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2009/11/18 16:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2009/11/18 16:21:06 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2009/11/18 16:21:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2009/11/18 16:21:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2009/11/18 16:20:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2009/11/18 16:20:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2009/11/18 16:20:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2009/11/18 16:20:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2009/11/18 16:20:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2009/11/18 16:20:50 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2009/11/18 16:20:48 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2009/11/18 16:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2009/11/18 16:20:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2009/11/18 16:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2009/11/18 16:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2009/11/18 16:20:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2009/11/18 16:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2009/11/18 16:20:40 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2009/11/18 16:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2009/11/18 16:20:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2009/11/18 16:20:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2009/11/18 16:20:34 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2009/11/18 16:20:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2009/11/18 16:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2009/11/18 16:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2009/11/18 16:20:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2009/11/18 16:20:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2009/11/18 16:20:24 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/11/13 09:17:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2009/11/06 16:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 17:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/30 10:17:12 | 000,002,048 | ---- | C] () -- C:\Windows\System32\EventLogMessages.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,394,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,635,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,111,392 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/03/25 10:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/06/30 13:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 13:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll

< End of report >

OTL Extras logfile created on: 6/30/2011 2:22:43 PM - Run 1
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\downes\Desktop\nginx
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 39.17% Memory free
6.90 Gb Paging File | 4.25 Gb Available in Paging File | 61.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 237.70 Gb Total Space | 38.05 Gb Free Space | 16.01% Space Free | Partition Type: NTFS

Computer Name: UMUNHUM | User Name: downes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-4095778983-211508458-528760211-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{057159C5-3B94-4E36-9271-11615618CACE}" = Dell ControlPoint System Manager
"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport
"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{083CE5FA-E750-4594-B8D1-13994B297A02}" = Wave Infrastructure Installer
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1BE8806A-84F8-4655-A381-0D5524430944}" = ActivClient CAC x86
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}" = Cisco Systems VPN Client 5.0.06.0160
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23C12370-3A82-4558-B727-F345B473AD87}" = BlackBerry Device Software Updater
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 25
"{284D3B99-E8F5-4411-A7DD-7072EFCF3A46}" = Dell ControlPoint Connection Manager
"{2CC5FCAE-51BA-4926-8C2B-4F07E54F6EA3}" = ScanSnap
"{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"{3138EAD3-700B-4A10-B617-B3F8096EE30D}" = Dell Edoc Viewer
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset
"{39A6407B-DD99-410D-8EA2-280788F8423B}" = Dell Control Point
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3A9527CF-4E91-4683-A03F-F1AD022126E5}" = DirectX 9 Runtime
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4433FF9E-AF21-4E41-B296-4E13BF4D52F5}" = Roxio Creator 2011
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BA74C5-1890-4ED2-954A-AD11186D8E26}" = Garmin TOPO U.S. 2008
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = CLEAR™ WiMAX Tutorial
"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper
"{506E853B-8FBF-4F28-86EB-E931ABD0C056}" = Dell Latitude ON Reader
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{55E63724-2BFE-49BC-B03E-9BE0F62E18C2}" = ScanSnap Organizer
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58AA64B7-2CF3-473D-A0BB-28730D8CA0BB}" = ViewSpecPro
"{58FA5D40-E35A-47ED-8AFA-68CCC758559E}" = Garmin MapSource
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A7F4379-B2EE-444F-AC4A-C5379B1CF95E}" = Dell ControlVault Host Components Installer
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6E2B7A41-5ACC-4797-95C7-2BE64388028B}" = Garmin City Navigator North America NT 2010.10
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729B89D0-946A-407E-A121-343BD3320C40}" = Roxio BackOnTrack
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{780F9A1C-6BFE-4691-83A9-095D859E3052}" = VZAccess Manager
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus
"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes
"{7F9EB3E8-5CF3-448F-A2A0-982BE6C5FDDE}" = Roxio Creator 2011
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8EB29D71-DE8D-4B49-8833-F508ECF0BE59}" = DCP32MMWrapper
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90756E9C-97E4-4405-A85F-1734804990DD}" = Mindjet MindManager 9
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9569E6BC-326A-432F-97AB-35263A327BF1}" = Roxio Burn
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{9F717571-FEE8-45CD-8B03-5B2D06AD28F7}" = Roxio Creator 2011 Content
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A12CF335-1B84-4781-9735-44E39C6D3DD0}" = Roxio Creator 2011
"{A24532CF-37DF-43A7-B0F3-396EA928D0E5}" = Verizon Wireless PC770 Firmware Updates
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A9024A22-FB0E-4DDC-AB93-44D686F7F491}" = Roxio CinePlayer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-7760-000000000005}" = Adobe Acrobat X Pro
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEFD7815-35A5-4721-9964-606E48F59448}" = BlackBerry Device Software v4.5.0 for the BlackBerry 8830 smartphone
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}" = Jasc Paint Shop Photo Album
"{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"{BAD873C8-8631-4016-9E26-7978B4A5453F}" = ENVI 4.8
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BB830F9E-53B3-492F-B39C-2DF615D1C9E1}" = TurboTax 2010 wvaiper
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C03F3D5B-0D83-4F81-A324-32F4E7F1BF6A}" = Roxio CinePlayer
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCC68887-6E07-4438-A035-7C22EFBDC15E}" = Intel® Network Connections 14.6.9.0
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B2}" = WinZip 11.2
"{CF3A3816-7E48-4556-8614-654377EDE1B5}" = BlackBerry App World Browser Plugin
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D3AE96EE-2876-4B3F-847C-D3A4AD689E43}" = LogMeIn
"{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}" = OverDrive Media Console
"{D657DFB4-5DD9-4A2B-AEC9-3BBE25541EE7}" = SO32MMWrapper
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DBCDB997-EEEB-4BE9-BAFF-26B4094DBDE6}" = ScanSnap Manager
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E12A97F7-3AA4-4FC9-B298-EC3107F08252}" = IBM Tivoli Storage Manager Client
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E58F3B88-3B3E-4F85-9323-04789D979C15}" = ScanSnap Organizer
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9BE42A2-6815-42BC-82A9-A60401ABD417}" = ScanSnap Organizer
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F19553C5-F843-4C27-BF9F-9DE4D901B895}" = Verizon Mobile Broadband Drivers
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F522E59E-7168-4B4A-885E-1030009BEE56}" = DBsign Web Signer
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FAE224AF-B15E-448B-88FA-1839A7570CF8}" = Intel® PROSet/Wireless WiMAX Software
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFAC39DA-CF79-434B-A6E0-4055689667D9}" = Roxio CinePlayer Decoder Pack
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_7328fdfcb73660ec8b11d5a3d5c6232" = Adobe Dreamweaver CS3
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
"AnyDVD" = AnyDVD
"Avidemux 2.5" = Avidemux 2.5
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"Canon CanoScan LiDE 90 User Registration" = Canon CanoScan LiDE 90 User Registration
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CloneDVD2" = CloneDVD2
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CompitlyEngine_is1" = CompitlyEngine
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
"DataVault" = Ascendo DataVault 4.7.3
"Dell Webcam Central" = Dell Webcam Central
"Digital Editions" = Adobe Digital Editions
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DTGDesktop-BB" = Documents To Go Desktop for BlackBerry
"EOS Utility" = Canon Utilities EOS Utility
"Freemake Video Converter_is1" = Freemake Video Converter version 2.2.0
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.1.1
"Frostbow Home Inventory Lite_is1" = Frostbow Home Inventory 5 Lite
"Google Calendar Sync" = Google Calendar Sync
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"HP Wireless Elite Keyboard_is1" = HP Wireless Elite Keyboard V1.2.4.1
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}" = SmartSound Quicktracks 5
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{506E853B-8FBF-4F28-86EB-E931ABD0C056}" = Dell Latitude ON Reader
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}" = SmartSound Common Data
"InstallShield_{BAD873C8-8631-4016-9E26-7978B4A5453F}" = ENVI 4.8
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MixMeister BPM Analyzer_is1" = MixMeister BPM Analyzer 1.0
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"Mozilla Thunderbird (3.1.11)" = Mozilla Thunderbird (3.1.11)
"Office14.STANDARD" = Microsoft Office Standard 2010
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Password Safe" = Password Safe
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"ProInst" = Intel PROSet Wireless
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSetDX" = Intel® Network Connections 14.6.9.0
"Roxio PhotoShow" = Roxio PhotoShow
"Savings Bond Wizard" = Savings Bond Wizard
"Screen Recorder Pro" = River Past Screen Recorder Pro
"TurboTax 2010" = TurboTax 2010
"TVWiz" = Intel® TV Wizard
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.1.7
"WFTK" = Canon Utilities WFT Utility
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"Wisdom-soft ScreenHunter 5.1 Free" = Wisdom-soft ScreenHunter 5.1 Free
"YTdetect" = Yahoo! Detect
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4095778983-211508458-528760211-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ ActivIdentity Events ]
Error - 3/30/2011 2:26:30 PM | Computer Name = Computer | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/25/2011 10:10:00 AM | Computer Name = Computer | Source = ActivClient | ID = 769
Description = No exchange account

Error - 4/30/2011 9:01:19 PM | Computer Name = Computer | Source = ActivClient | ID = 769
Description = No exchange account

Error - 5/9/2011 11:21:02 AM | Computer Name = Computer | Source = ActivClient | ID = 769
Description = No exchange account

Error - 5/9/2011 2:34:44 PM | Computer Name = Computer | Source = ActivClient | ID = 769
Description = No exchange account

Error - 5/23/2011 12:01:35 PM | Computer Name = umunhum | Source = ActivClient | ID = 769
Description = No exchange account

Error - 5/26/2011 10:42:06 AM | Computer Name = umunhum | Source = ActivClient | ID = 769
Description = No exchange account

Error - 6/2/2011 3:34:07 PM | Computer Name = umunhum | Source = ActivClient | ID = 769
Description = No exchange account

Error - 6/7/2011 2:53:58 PM | Computer Name = umunhum | Source = ActivClient | ID = 769
Description = No exchange account

Error - 6/21/2011 9:07:47 PM | Computer Name = umunhum | Source = ActivClient | ID = 769
Description = No exchange account

[ Application Events ]
Error - 6/27/2011 1:34:44 PM | Computer Name = umunhum | Source = VSS | ID = 8193
Description =

Error - 6/27/2011 1:34:56 PM | Computer Name = umunhum | Source = AdsmClientService | ID = 4099
Description = Scheduler exited with a result code of 12.

Error - 6/27/2011 1:36:34 PM | Computer Name = umunhum | Source = VSS | ID = 8193
Description =

Error - 6/28/2011 4:11:49 PM | Computer Name = umunhum | Source = VSS | ID = 8193
Description =

Error - 6/28/2011 5:43:12 PM | Computer Name = umunhum | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2011 7:11:38 PM | Computer Name = umunhum | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Common
Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 6/28/2011 7:12:55 PM | Computer Name = umunhum | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\TSM\baclient\jvm60\jre\bin\unpack.dll".Error
in manifest or policy file "C:\Program Files\TSM\baclient\jvm60\jre\bin\unpack.dll"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 6/28/2011 7:12:55 PM | Computer Name = umunhum | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "C:\Program Files\TSM\baclient\jvm60\jre\bin\unpack200.exe".Error
in manifest or policy file "C:\Program Files\TSM\baclient\jvm60\jre\bin\unpack200.exe"
on line 19. The value "6.0.0.6u9b41" of attribute "version" in element "assemblyIdentity"
is invalid.

Error - 6/28/2011 7:13:23 PM | Computer Name = umunhum | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\Program Files\Common
Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program
Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
of attribute "version" in element "assemblyIdentity" is invalid.

Error - 6/28/2011 7:13:34 PM | Computer Name = umunhum | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\Research
In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 5/4/2011 7:37:06 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = 7:37:05 PM - Error connecting to the internet. 7:37:05 PM - Unable
to contact server..

Error - 5/4/2011 8:37:11 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = 8:37:11 PM - Error connecting to the internet. 8:37:11 PM - Unable
to contact server..

Error - 5/4/2011 8:37:17 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = 8:37:16 PM - Error connecting to the internet. 8:37:16 PM - Unable
to contact server..

Error - 5/5/2011 11:54:12 AM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = 11:54:11 AM - Error connecting to the internet. 11:54:11 AM - Unable
to contact server..

Error - 5/5/2011 11:54:21 AM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = 11:54:17 AM - Error connecting to the internet. 11:54:17 AM - Unable
to contact server..

Error - 5/6/2011 2:03:50 PM | Computer Name = Computer | Source = MCUpdate | ID = 0
Description = 2:03:46 PM - Error connecting to the internet. 2:03:46 PM - Unable
to contact server..

Error - 5/31/2011 9:31:36 AM | Computer Name = umunhum | Source = MCUpdate | ID = 0
Description = 9:31:36 AM - Error connecting to the internet. 9:31:36 AM - Unable
to contact server..

Error - 5/31/2011 9:31:47 AM | Computer Name = umunhum | Source = MCUpdate | ID = 0
Description = 9:31:41 AM - Error connecting to the internet. 9:31:41 AM - Unable
to contact server..

Error - 6/1/2011 7:28:16 PM | Computer Name = umunhum | Source = MCUpdate | ID = 0
Description = 7:28:16 PM - Error connecting to the internet. 7:28:16 PM - Unable
to contact server..

Error - 6/1/2011 7:28:25 PM | Computer Name = umunhum | Source = MCUpdate | ID = 0
Description = 7:28:21 PM - Error connecting to the internet. 7:28:21 PM - Unable
to contact server..

[ OSession Events ]
Error - 9/17/2010 7:11:02 PM | Computer Name = Computer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session
lasted 8262 seconds with 180 seconds of active time. This session ended with a
crash.

Error - 10/7/2010 9:13:37 PM | Computer Name = Computer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 993
seconds with 0 seconds of active time. This session ended with a crash.

Error - 11/17/2010 12:31:11 PM | Computer Name = Computer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 10, Application Name: Microsoft Office Visio, Application Version:
12.0.6529.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 9582
seconds with 4260 seconds of active time. This session ended with a crash.

Error - 2/17/2011 5:10:10 AM | Computer Name = Computer | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10293
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 6/26/2011 6:51:51 AM | Computer Name = umunhum | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/26/2011 6:40:54 PM | Computer Name = umunhum | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 6/26/2011 9:19:16 PM | Computer Name = umunhum | Source = Service Control Manager | ID = 7016
Description = The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service
service has reported an invalid current state 0.

Error - 6/26/2011 9:19:16 PM | Computer Name = umunhum | Source = Service Control Manager | ID = 7016
Description = The Intel® PROSet/Wireless WiMAX Red Bend Device Management Service
service has reported an invalid current state 0.

Error - 6/27/2011 9:03:05 AM | Computer Name = umunhum | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WiMAXAppSrv service.

Error - 6/27/2011 1:33:48 PM | Computer Name = umunhum | Source = Service Control Manager | ID = 7001
Description = The NTRU TSS v1.2.1.29 TCS service depends on the TPM Base Services
service which failed to start because of the following error: %%0

Error - 6/29/2011 1:00:18 AM | Computer Name = umunhum | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the WiMAXAppSrv service.

Error - 6/29/2011 1:44:08 PM | Computer Name = umunhum | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Wlansvc service.

Error - 6/29/2011 2:26:49 PM | Computer Name = umunhum | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.2
with the system having network hardware address 00-26-BB-B3-B7-80. Network operations
on this system may be disrupted as a result.

Error - 6/30/2011 11:14:43 AM | Computer Name = umunhum | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.3
with the system having network hardware address 58-94-6B-17-39-FC. Network operations
on this system may be disrupted as a result.

< End of report >

#4 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 30 June 2011 - 08:18 PM

Hi Trink!

I'm a sysadmin in an "in the trenches" way, so know my way around the block but am NOT a specialist in defeating malware/spyware/bad guys in general. I tell you that just to help with the level of instruction you can give me. I know what a registry key is. Here are the three logs requested: report.txt, OLT.txt and extras.txt.

Thanks for that information.

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.

Copy and Paste the following code into the Posted Image

textbox.

:Services
:Processes
KILLALLPROCESSES
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
[2010/05/07 09:20:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/05/24 09:11:51 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

:Reg

:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[CreateRestorePoint]
[emptytemp]
[EMPTYFLASH]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

NEXT:

Running TDSSKiller

Please read carefully and follow these steps.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

NEXT:

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

When finished, it will produce a report for you.
Please post the C:\ComboFix.txt for further review.

#5 trink

Member

Members
15 posts

Posted 30 June 2011 - 09:01 PM

OTL result:
All processes killed
========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\downes\Desktop\nginx\cmd.bat deleted successfully.
C:\Users\downes\Desktop\nginx\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: downes
->Temp folder emptied: 70030375 bytes
->Temporary Internet Files folder emptied: 119472604 bytes
->Java cache emptied: 2542877 bytes
->FireFox cache emptied: 187596855 bytes
->Google Chrome cache emptied: 13918281 bytes
->Apple Safari cache emptied: 31716352 bytes
->Flash cache emptied: 163183 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TEMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 309760 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 118438063 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2339551482 bytes

Total Files Cleaned = 2,750.00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: downes
->Flash cache emptied: 0 bytes

User: Public

User: TEMP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.25.0 log created on 06302011_213354

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...

TDSSKiller reported no problems found.

Combofix report:
ComboFix 11-06-30.03 - downes 06/30/2011 21:48:22.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3536.1551 [GMT -4:00]
Running from: c:\users\downes\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\downes\AppData\Roaming\EurekaLog
c:\users\downes\AppData\Roaming\EurekaLog\EurekaLog.ini
c:\windows\system32\PCLECoInst.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-06-01 to 2011-07-01 )))))))))))))))))))))))))))))))
.
.
2011-07-01 01:54 . 2011-07-01 01:54 -------- d-----w- c:\users\downes\AppData\Local\temp
2011-07-01 01:54 . 2011-07-01 01:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-07-01 01:54 . 2011-07-01 01:54 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2011-07-01 01:54 . 2011-07-01 01:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-07-01 01:54 . 2011-07-01 01:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-01 01:33 . 2011-07-01 01:33 -------- d-----w- C:\_OTL
2011-06-28 20:12 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEE6A8D-F9E0-4603-A0B3-DE065E4E86BD}\mpengine.dll
2011-06-20 12:57 . 2011-06-20 12:57 -------- d-----w- c:\users\downes\AppData\Local\Freemake
2011-06-16 01:42 . 2011-04-29 02:57 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-16 01:42 . 2011-04-29 02:57 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-16 01:42 . 2011-04-29 02:57 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-16 01:42 . 2011-04-25 04:56 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-16 01:42 . 2011-04-25 02:35 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-16 01:40 . 2011-05-04 02:43 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 01:40 . 2011-05-04 02:43 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 01:40 . 2011-05-04 02:43 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-14 19:51 . 2011-06-14 19:51 -------- d-----w- c:\program files\iPod
2011-06-14 19:51 . 2011-06-14 19:52 -------- d-----w- c:\program files\iTunes
2011-06-10 14:13 . 2011-06-10 14:13 -------- d-----w- c:\users\downes\AppData\Roaming\Frostbow
2011-06-10 14:13 . 2011-06-10 14:13 -------- d-----w- c:\program files\Frostbow
2011-06-08 20:37 . 2011-06-08 20:37 -------- d-----w- c:\program files\Research In Motion Limited
2011-06-06 19:55 . 2011-06-06 19:55 183696 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-06-06 19:55 . 2011-06-06 19:55 47512 ----a-w- c:\windows\system32\AdobePDF.dll
2011-06-06 19:55 . 2011-06-06 19:55 22936 ----a-w- c:\windows\system32\AdobePDFUI.dll
2011-06-02 00:26 . 2011-06-02 00:26 -------- d-----w- c:\users\downes\AppData\Roaming\OpenDNS Updater
2011-06-02 00:26 . 2011-06-02 00:26 -------- d-----w- c:\program files\OpenDNS Updater
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-01 01:37 . 2010-04-18 19:32 0 ----a-w- c:\users\downes\AppData\Local\WavXMapDrive.bat
2011-06-23 23:48 . 2011-05-15 19:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 00:28 . 2010-05-19 23:42 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-06-02 00:28 . 2010-05-19 23:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-06-02 00:28 . 2010-05-20 22:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-05-31 14:32 . 2010-05-10 11:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-05-31 14:32 . 2010-05-10 11:43 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-05-31 14:31 . 2010-05-19 23:41 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-05-29 13:11 . 2011-05-29 01:40 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2011-05-29 01:40 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14 . 2010-04-21 22:31 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-10 12:06 . 2011-05-10 12:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-05-10 12:06 . 2011-05-10 12:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-05-05 21:52 . 2010-05-10 11:43 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-05-01 23:23 . 2010-05-20 22:33 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-04-22 19:36 . 2011-05-25 13:40 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-14 09:07 . 2010-05-07 13:20 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-09 06:13 . 2011-05-11 12:00 3957632 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:13 . 2011-05-11 12:00 3901824 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-19 03:58 123904 ----a-w- c:\windows\system32\poqexec.exe
2011-04-06 20:20 . 2011-04-06 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 20:20 . 2011-04-06 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D27FC31C-6E3D-4305-8D53-ACDAEFA5F862}]
2011-03-28 19:40 139768 ----a-w- c:\users\downes\AppData\Roaming\CompitlyEngine\ComplitlyEngine.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\downes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\downes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\downes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\downes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2009-11-24 20:48 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PodTrapper"="c:\program files\PodTrapper\PodtrapperDesktop.exe" [2009-06-08 315392]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-06-19 249856]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-08-01 458844]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-03 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-03 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-03 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-07 186904]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2009-07-30 1425408]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2009-12-22 1845248]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-01-05 147328]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-01-06 34232]
"CLIVFR"="c:\program files\Dell\Latitude ON Reader\CLIVFR.exe" [2009-06-11 238888]
"BIOSEvent"="c:\program files\Dell\Latitude ON Reader\BIOSEvent.exe" [2009-05-22 116008]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-06-25 140520]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-07-08 413827]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"ScanSnap WIA Service Checker"="c:\windows\SSDriver\fi5110\SsWiaChecker.exe" [2009-09-30 86016]
"HP KEYBOARDg"="c:\program files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE" [2009-07-23 701592]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-06-06 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-06-06 2903448]
"Desktop Disc Tool"="c:\program files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe" [2010-06-30 477680]
"CPMonitor"="c:\program files\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-08-25 84464]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-09-17 63048]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-03-15 232104]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
.
c:\users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\downes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Password Safe.lnk - c:\program files\Password Safe\pwsafe.exe [2010-7-26 2568192]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files\ActivIdentity\ActivClient\acsagent.exe [2009-6-3 130600]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-8-11 795936]
Conversion to PDF with ScanSnap Organizer.lnk - c:\program files\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe [2010-8-9 15360]
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1327392]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2011-4-8 542264]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
ScanSnap Manager.lnk - c:\program files\PFU\ScanSnap\Driver\PfuSsMon.exe [2010-8-9 1146880]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2009-11-24 132456]
VPN Client.lnk - c:\windows\Installer\{21E247D4-5E27-4BEA-AA4D-19A81203FE2A}\Icon3E5562ED7.ico [2010-5-15 6144]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-23 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 136176]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe [2010-07-16 354288]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-09 29472]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 GKUPRO2D;GKUPRO2D;c:\windows\system32\Drivers\GKUPRO2D.sys [2009-07-13 71680]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 NvtSp50;NvtSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NvtSp50.sys [x]
R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [2010-07-08 20480]
R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 176384]
R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 176384]
R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 176384]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2009-07-02 47104]
R3 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2009-07-01 49152]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2009-07-05 38400]
R3 RoxMediaDB13;RoxMediaDB13;c:\program files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe [2010-07-16 1099248]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 TSM Remote Client Agent;TSM Remote Client Agent;c:\program files\TSM\baclient\dsmagent.exe [2010-04-27 5821464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-15 1343400]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 SahdIa32;HDD Filter Driver;c:\windows\System32\Drivers\SahdIa32.sys [2009-06-02 21488]
S0 SaibIa32;Volume Filter Driver;c:\windows\System32\Drivers\SaibIa32.sys [2009-06-02 15856]
S1 SaibVd32;Virtual Disk Driver;c:\windows\system32\Drivers\SaibVd32.sys [2009-06-02 25584]
S2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\App\SaibSVC.exe [2009-06-03 457200]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400]
S2 BOT4Service;BOT4Service;c:\program files\Roxio\BackOnTrack\App\BService.exe [2010-09-13 39408]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 278304]
S2 CLMonitor;CLMonitor;c:\program files\Dell\Latitude ON Reader\CLMonitorService.exe [2009-05-22 120104]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2009-12-17 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2009-12-17 27040]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2009-12-10 386848]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2009-07-30 348160]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2010-12-08 374152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2010-09-17 12856]
S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-03 216064]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
S2 TSM Client Acceptor;TSM Client Acceptor;c:\program files\TSM\baclient\dsmcad.exe [2010-04-27 3309592]
S2 TSM Client Scheduler;TSM Client Scheduler;c:\program files\TSM\baclient\dsmcsvc.exe [2010-04-27 17264152]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2009-07-30 815104]
S3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-13 7680]
S3 bpenum;Intel® WiMAX Link Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2009-07-30 56320]
S3 bpmp;Intel® WiMAX Link 5050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2009-07-30 142336]
S3 bpusb;Intel® WiMAX Link 5050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2009-07-30 56320]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-10 105592]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-05-26 122368]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-08-23 4232192]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2008-06-03 144672]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2008-09-18 277440]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 82325207
*Deregistered* - 82325207
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:07]
.
2011-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-24 19:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Save to DataVault - file://c:\program files\DataVault\DataVault.exe/../iemenuext.htm
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6A8027F1-A243-412A-B921-75348A3C9C66}: NameServer = 132.250.1.131,132.250.108.12
FF - ProfilePath - c:\users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-USB2Check - c:\windows\system32\PCLECoInst.dll
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-DataVault - c:\program files\DataVault\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,84,72,7f,5b,09,e9,4d,bf,d6,bd,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,83,84,72,7f,5b,09,e9,4d,bf,d6,bd,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-06-30 21:58:49
ComboFix-quarantined-files.txt 2011-07-01 01:58
.
Pre-Run: 43,377,418,240 bytes free
Post-Run: 43,299,241,984 bytes free
.
- - End Of File - - DCC178F23590FB395E588C3AE52D1066

-Trink

#6 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 30 June 2011 - 09:18 PM

Hi!

Do you recognize this program?

Anti-phishing Domain Advisor

Do you use it?

Lets see what these scans find, and see where we stand then.

Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

Open Malwarebytes' Anti-Malware
Select the Update tab
Click Check for Updates
After the update have been completed, Select the Scanner tab.
Select Perform quick scan, then click on Scan
Leave the default options as it is and click on Start Scan
When done, you will be prompted. Click OK, then click on Show Results
Checked (ticked) all items and click on Remove Selected
After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

NEXT:

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on to download the ESET Smart Installer. Save it to your desktop.
- Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):
- Enable Anti-Stealth technology
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

NEXT:

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

#7 trink

Member

Members
15 posts

Posted 01 July 2011 - 01:34 PM

Hi ST,
I don't recognize Anti-phishing Domain Advisor, but that doesn't absolutely mean I didn't install it once in a fit of trying to protect myself from such an event. <sigh>

Malware Bytes did not find anything:
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6993

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

7/1/2011 10:23:17 AM
mbam-log-2011-07-01 (10-23-17).txt

Scan type: Quick scan
Objects scanned: 202967
Time elapsed: 2 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

----------------------------------
ESET found no problems

----------------------------------

Results of screen317's Security Check version 0.99.17
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
Symantec AntiVirus
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java™ 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.3.181.26
Mozilla Thunderbird (3.1.11)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbam.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus VPTray.exe
``````````End of Log````````````

awaiting instruction!!
-Trink

#8 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 01 July 2011 - 03:08 PM

Hi!

I don't recognize Anti-phishing Domain Advisor, but that doesn't absolutely mean I didn't install it once in a fit of trying to protect myself from such an event. <sigh>

Okay.

Java Outdated

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to remove older version Java components and update:

Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
Look for "Java Platform, Standard Edition".
Click the "Download JRE" button to the right.
Read the License Agreement, and then check the box that says: "Accept License Agreement".
From the list, select your OS and Platform:
- 32-bit Select: Windows x86 Offline.
- 64-bit Select: Windows x64.
If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
Close any programs you may have running - especially your web browser.

Go to

> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u26-windows-i586.exe to install the newest version.
If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
When the Java Setup - Welcome window opens, click the Install > button.
If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:

Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.

NEXT

We need to remove a program. To do this please do the following:
For Vista Users:

Click on Start > Control Panel and double click on Programs and Features.
Locate McAfee Security Scan Plus and click on the Uninstall button to uninstall it.
Close Control Panel when done.

NEXT:

OTL Custom Scan

We need to run an OTL Custom Scan

Please reopen on your desktop.
Copy and Paste the following code into the textbox.

netsvcs
drivers32
hklm\software\clients\startmenuinternet|command /rs
%USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Push the Quick Scan button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

What outstanding issues (if any) are you still experiencing with your computer?

#9 trink

Member

Members
15 posts

Posted 01 July 2011 - 03:51 PM

Java uninstalled and re-installed.

McAfee uninstalled.

OTL log follows.

Right now I don't see any evidence of a problem - but it's come and gone at least three times since this all started. If you think my reports show I'm in the clear, I'm fine with moving forward from here. Do you have any advice on how I got myself into this in the first place? Also, can you offer advice as to what programs I can routinely use to scan my system for any badness so as to be a bit more proactive? My son has a laptop that I'm quite sure is going to need some clean up work... We run Norton A/V all the time, and now I know to scan periodically with Malware Bytes, but are there other things you can suggest?

Thanks VERY much.
-Trink in Virginia (wow, Antarctia, huh?)

OTL logfile created on: 7/1/2011 4:32:34 PM - Run 2
OTL by OldTimer - Version 3.2.25.0 Folder = C:\Users\downes\Desktop\nginx
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.45 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 48.51% Memory free
6.90 Gb Paging File | 4.84 Gb Available in Paging File | 70.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 237.70 Gb Total Space | 38.43 Gb Free Space | 16.17% Space Free | Partition Type: NTFS

Computer Name: UMUNHUM | User Name: downes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/30 14:21:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\downes\Desktop\nginx\OTL.exe
PRC - [2011/06/22 16:55:49 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
PRC - [2011/06/06 15:55:32 | 002,903,448 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2011/05/25 16:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\downes\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/04/08 08:50:02 | 000,542,264 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
PRC - [2011/03/15 14:06:08 | 000,232,104 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/02/26 01:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2011/02/17 21:49:12 | 000,577,536 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
PRC - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2010/09/17 16:40:06 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/13 14:02:00 | 000,039,408 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe
PRC - [2010/08/25 13:27:26 | 000,084,464 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe
PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/07/26 11:45:14 | 002,568,192 | ---- | M] (SourceForge.net) -- C:\Program Files\Password Safe\pwsafe.exe
PRC - [2010/06/16 17:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe
PRC - [2010/04/27 01:59:32 | 017,264,152 | ---- | M] (IBM Corporation) -- C:\Program Files\TSM\baclient\dsmcsvc.exe
PRC - [2010/04/27 01:59:30 | 003,309,592 | ---- | M] (IBM Corporation) -- C:\Program Files\TSM\baclient\dsmcad.exe
PRC - [2010/01/05 21:23:58 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/01/05 15:04:04 | 000,147,328 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2009/12/22 12:23:52 | 001,845,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/12/22 12:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/12/10 14:44:26 | 001,327,392 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/12/01 10:28:54 | 001,146,880 | ---- | M] (PFU LIMITED) -- C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
PRC - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2009/11/02 12:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/09/30 11:07:34 | 000,086,016 | ---- | M] (PFU LIMITED) -- C:\Windows\SSDriver\fi5110\SsWiaChecker.exe
PRC - [2009/08/11 17:09:52 | 000,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/08/07 06:29:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/07/31 20:16:12 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/07/31 20:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe
PRC - [2009/07/30 10:45:36 | 001,425,408 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
PRC - [2009/07/30 10:25:02 | 000,815,104 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
PRC - [2009/07/30 10:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
PRC - [2009/07/23 16:25:26 | 000,701,592 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE
PRC - [2009/07/13 21:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/08 18:08:30 | 000,413,827 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2009/06/24 21:19:50 | 000,140,520 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/06/19 18:57:40 | 000,249,856 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/06/08 12:08:16 | 000,315,392 | ---- | M] () -- C:\Program Files\PodTrapper\PodtrapperDesktop.exe
PRC - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/03 16:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/03 16:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/06/03 16:13:04 | 000,130,600 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
PRC - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe
PRC - [2009/05/22 15:51:24 | 000,120,104 | ---- | M] () -- c:\Program Files\Dell\Latitude ON Reader\CLMonitorService.exe
PRC - [2009/05/22 15:50:56 | 000,116,008 | ---- | M] () -- C:\Program Files\Dell\Latitude ON Reader\BIOSEvent.exe
PRC - [2009/04/23 10:05:14 | 005,689,344 | ---- | M] (Wisdom Software Inc. ) -- C:\Program Files\ScreenHunter\ScreenHunter.exe
PRC - [2009/02/01 02:43:30 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/11/24 17:56:46 | 000,054,568 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2006/11/28 06:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/11/22 17:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

========== Modules (SafeList) ==========

MOD - [2011/06/30 14:21:27 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\downes\Desktop\nginx\OTL.exe
MOD - [2011/03/15 14:06:10 | 000,384,168 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.dll
MOD - [2010/08/21 01:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/08/11 17:10:08 | 000,226,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
MOD - [2009/08/11 17:10:04 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/04/23 09:58:10 | 000,270,336 | ---- | M] (Wisdom Software Inc.) -- C:\Program Files\ScreenHunter\Sh50.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (RoxLiveShare10)
SRV - [2010/12/08 14:11:38 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/12/08 14:11:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010/11/08 13:04:20 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/13 14:02:00 | 000,039,408 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\BService.exe -- (BOT4Service)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/07/16 07:48:26 | 000,354,288 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxWatch13.exe -- (RoxWatch12)
SRV - [2010/07/16 07:48:04 | 001,099,248 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\13.0\SharedCOM\RoxMediaDB13.exe -- (RoxMediaDB13)
SRV - [2010/06/03 19:04:02 | 000,216,064 | ---- | M] (Novatel Wireless Inc.) [Auto | Running] -- C:\Program Files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe -- (NWVZHelper)
SRV - [2010/05/15 03:00:31 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/05/08 10:36:47 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/27 01:59:32 | 017,264,152 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\TSM\baclient\dsmcsvc.exe -- (TSM Client Scheduler)
SRV - [2010/04/27 01:59:30 | 003,309,592 | ---- | M] (IBM Corporation) [Auto | Running] -- C:\Program Files\TSM\baclient\dsmcad.exe -- (TSM Client Acceptor)
SRV - [2010/04/27 01:59:28 | 005,821,464 | ---- | M] (IBM Corporation) [On_Demand | Stopped] -- C:\Program Files\TSM\baclient\dsmagent.exe -- (TSM Remote Client Agent)
SRV - [2009/12/22 12:23:34 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/12/17 11:45:18 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/12/17 11:45:18 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/12/10 14:41:38 | 000,386,848 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/11/24 16:48:36 | 001,148,264 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2009/11/20 18:42:48 | 000,278,304 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2009/11/18 17:35:48 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2009/11/17 12:07:46 | 001,528,624 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/08/11 17:09:52 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/08/07 06:29:36 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2009/07/31 20:16:12 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_450b431403c091e3\stacsv.exe -- (STacSV)
SRV - [2009/07/30 10:25:02 | 000,815,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV - [2009/07/30 10:12:44 | 000,348,160 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV - [2009/07/13 21:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 21:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/03 16:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2009/06/02 20:05:58 | 000,457,200 | ---- | M] () [Auto | Running] -- C:\Program Files\Roxio\BackOnTrack\App\SaibSVC.exe -- (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269)
SRV - [2009/05/22 15:51:24 | 000,120,104 | ---- | M] () [Auto | Running] -- c:\Program Files\Dell\Latitude ON Reader\CLMonitorService.exe -- (CLMonitor)
SRV - [2008/11/12 14:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/11/28 06:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/11/28 06:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/11/28 06:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006/11/22 17:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006/10/31 10:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/05/18 04:00:00 | 001,542,392 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110630.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/05/18 04:00:00 | 000,086,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20110630.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/05/10 04:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/05/10 04:00:00 | 000,105,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/08 14:12:02 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/17 16:40:06 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/09/17 16:40:06 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/07/08 10:52:32 | 000,231,424 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser2_000.sys -- (NWUSBPort2_000) Novatel Wireless USB Status2 Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbser_000.sys -- (NWUSBPort_000) Novatel Wireless USB Status Port Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,176,384 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nwusbmdm_000.sys -- (NWUSBModem_000) Novatel Wireless USB Modem Driver (vGEN)
DRV - [2010/07/08 10:52:32 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2010/05/09 10:54:45 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/05/07 09:28:09 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/01/05 15:03:58 | 000,211,328 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/11/24 19:30:34 | 000,217,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/11/17 12:07:06 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2009/10/30 18:51:14 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/09/21 15:20:26 | 000,028,632 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2009/08/23 11:14:06 | 004,232,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2009/07/31 20:16:12 | 000,409,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009/07/30 13:06:18 | 000,142,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpmp.sys -- (bpmp) Intel®
DRV - [2009/07/30 13:06:14 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpusb.sys -- (bpusb) Intel®
DRV - [2009/07/30 13:06:10 | 000,056,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bpenum.sys -- (bpenum) Intel®
DRV - [2009/07/13 21:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 21:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 21:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009/07/13 19:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 19:45:20 | 000,007,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\acpials.sys -- (acpials)
DRV - [2009/07/13 19:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 19:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 11:59:34 | 000,071,680 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GKUPRO2D.sys -- (GKUPRO2D)
DRV - [2009/07/04 22:37:08 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdpe86.sys -- (rixdpcie)
DRV - [2009/07/02 12:50:16 | 000,047,104 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimspe86.sys -- (rimspci)
DRV - [2009/06/30 23:28:28 | 000,049,152 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\risdpe86.sys -- (risdpcie)
DRV - [2009/06/25 20:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/25 20:25:58 | 000,038,400 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rixdptsk.sys -- (rismxdp)
DRV - [2009/06/25 20:10:48 | 000,044,544 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\rimsptsk.sys -- (rimsptsk)
DRV - [2009/06/23 18:49:58 | 000,040,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HECI.sys -- (HECI) Intel®
DRV - [2009/06/15 14:05:16 | 000,143,968 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009/06/12 22:20:02 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel®
DRV - [2009/06/02 02:00:00 | 000,025,584 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\SaibVd32.sys -- (SaibVd32)
DRV - [2009/06/02 02:00:00 | 000,021,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SahdIa32.sys -- (SahdIa32)
DRV - [2009/06/02 02:00:00 | 000,015,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\SaibIa32.sys -- (SaibIa32)
DRV - [2009/05/28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009/05/26 15:12:36 | 000,122,368 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2008/09/18 17:03:00 | 000,277,440 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/06/03 09:30:22 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/12/12 12:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emAudio.sys -- (emAudio)
DRV - [2006/11/22 16:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2006/11/22 16:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2006/11/22 16:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2006/11/22 11:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/10/26 12:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/10/26 12:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/10/06 14:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2005/12/21 10:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 10:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emScan.sys -- (ScanUSBEMPIA)
DRV - [2005/09/24 00:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004/09/28 18:40:58 | 000,018,048 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2004/06/08 18:13:49 | 000,003,968 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ElbyDelay.sys -- (ElbyDelay)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"

FF - HKLM\software\mozilla\Firefox\Extensions\\datavault@ascendo.inc: C:\Program Files\DataVault\DataVault.exe\..\firefox
FF - HKLM\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2011/06/20 08:56:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011/06/21 07:51:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/21 16:55:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/21 07:52:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/06/22 16:55:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/06/21 15:34:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/22 09:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\downes\AppData\Roaming\Mozilla\Extensions
[2010/04/22 09:18:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\downes\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/07/01 16:30:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions
[2011/06/24 21:15:33 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/05/24 09:05:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/06/04 09:45:21 | 000,000,000 | ---D | M] ("DoD Configuration") -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2011/04/29 09:43:11 | 000,000,000 | ---D | M] (FDislike) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\fbdislike@doweb.fr
[2011/04/20 21:14:12 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\firefox@ghostery.com
[2010/12/29 09:53:43 | 000,000,000 | ---D | M] (Read It Later) -- C:\Users\downes\AppData\Roaming\Mozilla\Firefox\Profiles\jl7po10g.default\extensions\isreaditlater@ideashower.com
[2011/02/17 09:47:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/13 20:59:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011/06/21 07:51:57 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2011/06/20 08:56:55 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2011/07/01 16:29:53 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\COMPATIBILITY@ADDONS.MOZILLA.ORG.XPI
() (No name found) -- C:\USERS\DOWNES\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JL7PO10G.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/06/21 14:50:02 | 000,064,384 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/30 21:54:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\downes\AppData\Roaming\CompitlyEngine\ComplitlyEngine.dll (SimplyGen)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BIOSEvent] c:\Program Files\Dell\Latitude ON Reader\BIOSEvent.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLIVFR] c:\Program Files\Dell\Latitude ON Reader\CLIVFR.exe (CyberLink)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files\Roxio\CinePlayer\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files\Roxio 2011\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [HP KEYBOARDg] C:\Program Files\Hewlett-Packard\HP Wireless Elite Keyboard\HPKEYBOARDg.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ScanSnap WIA Service Checker] C:\Windows\SSDriver\fi5110\SsWiaChecker.exe (PFU LIMITED)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKCU..\Run: [OpenDNS Updater] C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - HKCU..\Run: [PodTrapper] C:\Program Files\PodTrapper\PodtrapperDesktop.exe ()
O4 - Startup: C:\Users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\downes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Password Safe.lnk = C:\Program Files\Password Safe\pwsafe.exe (SourceForge.net)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll (Mindjet)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://storserver-support.webex.com/client/T27LC/smt/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\Windows\System32\emYUV.dll (Microsoft Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/07/01 16:30:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/07/01 16:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/07/01 10:53:55 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\pix from canon camera
[2011/07/01 10:50:12 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\matthew
[2011/07/01 10:37:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/07/01 10:37:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\downes\Desktop\esetsmartinstaller_enu.exe
[2011/07/01 10:21:23 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\bob
[2011/06/30 21:58:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/06/30 21:58:51 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Local\temp
[2011/06/30 21:46:06 | 004,130,198 | R--- | C] (Swearware) -- C:\Users\downes\Desktop\ComboFix.exe
[2011/06/30 21:33:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/28 19:13:28 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\downes\Desktop\TDSSKiller.exe
[2011/06/23 20:41:11 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\Folk Dance Underground - [tape]
[2011/06/23 20:40:38 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\Folk Music (Trink)
[2011/06/21 16:02:03 | 000,000,000 | ---D | C] -- C:\Users\downes\Desktop\nginx
[2011/06/20 08:57:17 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Local\Freemake
[2011/06/14 15:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/06/14 15:51:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/14 15:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/06/10 10:13:46 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Roaming\Frostbow
[2011/06/10 10:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Frostbow Home Inventory Lite
[2011/06/10 10:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\Frostbow
[2011/06/08 16:37:52 | 000,000,000 | ---D | C] -- C:\Program Files\Research In Motion Limited
[2011/06/08 10:29:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\wyoHomeInventory Projects
[2011/06/06 10:57:19 | 000,000,000 | ---D | C] -- C:\Users\downes\Documents\My Garmin
[2011/06/03 07:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/06/01 20:26:28 | 000,000,000 | ---D | C] -- C:\Users\downes\AppData\Roaming\OpenDNS Updater
[2011/06/01 20:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\OpenDNS Updater

========== Files - Modified Within 30 Days ==========

[2011/07/01 16:05:33 | 000,002,682 | ---- | M] () -- C:\Users\downes\Desktop\MX20SW test 711.kmz
[2011/07/01 15:51:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/01 14:31:42 | 000,879,223 | ---- | M] () -- C:\Users\downes\Desktop\SecurityCheck.exe
[2011/07/01 13:51:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/01 10:37:14 | 002,322,184 | ---- | M] (ESET) -- C:\Users\downes\Desktop\esetsmartinstaller_enu.exe
[2011/07/01 03:00:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/06/30 21:54:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/06/30 21:45:29 | 004,130,198 | R--- | M] (Swearware) -- C:\Users\downes\Desktop\ComboFix.exe
[2011/06/30 21:44:27 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 21:44:27 | 000,014,256 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/06/30 21:42:02 | 000,635,850 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/06/30 21:42:02 | 000,111,392 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/06/30 21:37:37 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\WavXMapDrive.bat
[2011/06/30 21:36:09 | 2780,758,016 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/30 21:30:46 | 001,317,103 | ---- | M] () -- C:\Users\downes\Desktop\tdsskiller.zip
[2011/06/28 19:13:28 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\downes\Desktop\TDSSKiller.exe
[2011/06/27 08:36:58 | 000,000,668 | ---- | M] () -- C:\Users\downes\Desktop\load_cgcolors.pro
[2011/06/26 02:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011/06/25 11:10:07 | 000,013,768 | ---- | M] () -- C:\Users\downes\Documents\q.pdf
[2011/06/25 08:39:03 | 000,034,858 | ---- | M] () -- C:\Users\downes\Desktop\Relieve Stress to Look Younger - 7 Steps for Healthy Skin.pdf
[2011/06/24 09:24:00 | 000,002,394 | ---- | M] () -- C:\Users\downes\Desktop\Every Day.lnk
[2011/06/22 17:24:38 | 000,062,751 | ---- | M] () -- C:\Users\downes\Desktop\Find a Laptop, Notebook, Desktop, Server, Printer, Software, Service, Monitor or TV at Dell.pdf
[2011/06/22 16:55:59 | 000,002,099 | ---- | M] () -- C:\Users\downes\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
[2011/06/22 09:10:04 | 728,626,254 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/06/22 09:05:50 | 000,007,482 | ---- | M] () -- C:\Users\downes\Desktop\NRL.mobileconfig
[2011/06/21 15:43:22 | 000,293,977 | ---- | M] () -- C:\Users\downes\Desktop\gmer.zip
[2011/06/21 15:11:20 | 000,050,477 | ---- | M] () -- C:\Users\downes\Desktop\Defogger.exe
[2011/06/21 15:10:33 | 000,450,143 | ---- | M] () -- C:\Users\downes\Desktop\medic Alert pectus.pdf
[2011/06/21 14:34:19 | 001,344,272 | ---- | M] () -- C:\Users\downes\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.pdf
[2011/06/20 22:14:25 | 000,037,356 | ---- | M] () -- C:\Users\downes\Desktop\Service confirmation.pdf
[2011/06/20 22:05:11 | 000,047,256 | ---- | M] () -- C:\Users\downes\Desktop\SAVE 10%_ - Sears Home Services.pdf
[2011/06/20 17:05:25 | 000,002,068 | -H-- | M] () -- C:\Users\downes\Documents\Default.rdp
[2011/06/16 16:10:53 | 000,084,659 | ---- | M] () -- C:\Users\downes\Desktop\Trimble - GPS Tutorial.pdf
[2011/06/13 08:56:09 | 000,001,337 | ---- | M] () -- C:\Users\downes\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/06/05 20:52:15 | 000,029,684 | ---- | M] () -- C:\Users\downes\Desktop\JCPenney Customer Satisfaction Survey.pdf
[2011/06/03 07:09:36 | 002,394,616 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2011/07/01 14:31:39 | 000,879,223 | ---- | C] () -- C:\Users\downes\Desktop\SecurityCheck.exe
[2011/06/30 21:30:41 | 001,317,103 | ---- | C] () -- C:\Users\downes\Desktop\tdsskiller.zip
[2011/06/30 15:33:09 | 000,002,682 | ---- | C] () -- C:\Users\downes\Desktop\MX20SW test 711.kmz
[2011/06/27 08:36:57 | 000,000,668 | ---- | C] () -- C:\Users\downes\Desktop\load_cgcolors.pro
[2011/06/25 11:10:07 | 000,013,768 | ---- | C] () -- C:\Users\downes\Documents\q.pdf
[2011/06/25 08:39:03 | 000,034,858 | ---- | C] () -- C:\Users\downes\Desktop\Relieve Stress to Look Younger - 7 Steps for Healthy Skin.pdf
[2011/06/24 09:21:23 | 000,002,394 | ---- | C] () -- C:\Users\downes\Desktop\Every Day.lnk
[2011/06/22 17:23:22 | 000,062,751 | ---- | C] () -- C:\Users\downes\Desktop\Find a Laptop, Notebook, Desktop, Server, Printer, Software, Service, Monitor or TV at Dell.pdf
[2011/06/22 09:05:48 | 000,007,482 | ---- | C] () -- C:\Users\downes\Desktop\NRL.mobileconfig
[2011/06/21 15:43:20 | 000,293,977 | ---- | C] () -- C:\Users\downes\Desktop\gmer.zip
[2011/06/21 15:10:32 | 000,450,143 | ---- | C] () -- C:\Users\downes\Desktop\medic Alert pectus.pdf
[2011/06/21 14:34:19 | 001,344,272 | ---- | C] () -- C:\Users\downes\Desktop\Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help.pdf
[2011/06/20 22:14:25 | 000,037,356 | ---- | C] () -- C:\Users\downes\Desktop\Service confirmation.pdf
[2011/06/20 22:05:11 | 000,047,256 | ---- | C] () -- C:\Users\downes\Desktop\SAVE 10%_ - Sears Home Services.pdf
[2011/06/16 16:10:53 | 000,084,659 | ---- | C] () -- C:\Users\downes\Desktop\Trimble - GPS Tutorial.pdf
[2011/06/05 20:52:15 | 000,029,684 | ---- | C] () -- C:\Users\downes\Desktop\JCPenney Customer Satisfaction Survey.pdf
[2011/06/01 20:26:28 | 000,001,968 | ---- | C] () -- C:\Users\downes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenDNS Updater.lnk
[2011/05/30 08:49:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/05/30 08:49:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/05/30 08:49:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/05/30 08:49:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/05/30 08:49:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/01 13:50:30 | 000,000,340 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/12/21 13:08:01 | 000,022,016 | ---- | C] () -- C:\Users\downes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/06 15:26:17 | 000,158,372 | ---- | C] () -- C:\Windows\Screen Recorder Pro Uninstaller.exe
[2010/11/01 12:56:19 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/10/01 15:29:44 | 000,000,056 | ---- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/08/09 21:16:20 | 000,000,161 | ---- | C] () -- C:\Windows\DISPARAM.INI
[2010/06/27 18:26:44 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2010/06/09 14:15:02 | 000,219,304 | ---- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/05/23 08:58:26 | 000,086,428 | ---- | C] () -- C:\Users\downes\AppData\Local\rx_audio.Cache
[2010/05/22 19:36:20 | 000,954,668 | ---- | C] () -- C:\Users\downes\AppData\Local\rx_image32.Cache
[2010/05/12 11:26:15 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2010/05/09 10:54:45 | 000,000,383 | ---- | C] () -- C:\Windows\System32\haspdos.sys
[2010/05/08 11:38:24 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2010/04/18 15:32:12 | 000,000,000 | ---- | C] () -- C:\Users\downes\AppData\Local\WavXMapDrive.bat
[2010/04/05 15:29:55 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2010/04/05 15:29:53 | 000,982,220 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010/04/05 15:29:53 | 000,134,592 | ---- | C] () -- C:\Windows\System32\igfcg500.bin
[2010/04/05 15:29:53 | 000,092,216 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010/04/05 15:29:52 | 000,439,300 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010/04/05 12:43:45 | 000,308,624 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll
[2010/04/05 12:43:45 | 000,206,216 | ---- | C] () -- C:\Windows\System32\bipbsp.dll
[2010/04/05 12:42:48 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2010/04/05 12:40:58 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/01/25 13:58:06 | 000,462,848 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2009/12/22 12:03:22 | 000,143,360 | ---- | C] () -- C:\Windows\System32\preflib.dll
[2009/11/19 16:47:10 | 000,249,856 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2009/11/18 16:21:08 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-HK.dll
[2009/11/18 16:21:06 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sl.dll
[2009/11/18 16:21:06 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_th.dll
[2009/11/18 16:21:04 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sk.dll
[2009/11/18 16:21:02 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_hr.dll
[2009/11/18 16:20:56 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_ro.dll
[2009/11/18 16:20:56 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_tr.dll
[2009/11/18 16:20:54 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt-BR.dll
[2009/11/18 16:20:52 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_hu.dll
[2009/11/18 16:20:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_he.dll
[2009/11/18 16:20:50 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_fi.dll
[2009/11/18 16:20:48 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_el.dll
[2009/11/18 16:20:48 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_cs.dll
[2009/11/18 16:20:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_ar.dll
[2009/11/18 16:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2009/11/18 16:20:44 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2009/11/18 16:20:42 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_sv.dll
[2009/11/18 16:20:40 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2009/11/18 16:20:40 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2009/11/18 16:20:38 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pl.dll
[2009/11/18 16:20:36 | 000,106,496 | ---- | C] () -- C:\Windows\System32\Internationalization_nl.dll
[2009/11/18 16:20:36 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_no.dll
[2009/11/18 16:20:34 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2009/11/18 16:20:32 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2009/11/18 16:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2009/11/18 16:20:30 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2009/11/18 16:20:28 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2009/11/18 16:20:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2009/11/18 16:20:24 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_da.dll
[2009/11/17 12:08:34 | 000,197,424 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2009/11/13 09:17:00 | 000,010,752 | ---- | C] () -- C:\Windows\System32\Wavx_ESC_Logging.dll
[2009/11/06 16:27:22 | 000,839,680 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2009/08/26 17:25:08 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/30 10:17:12 | 000,002,048 | ---- | C] () -- C:\Windows\System32\EventLogMessages.dll
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 002,394,616 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,635,850 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,111,392 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 20:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008/03/25 10:46:00 | 000,077,536 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/06/30 13:58:44 | 000,176,128 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2006/06/30 13:58:44 | 000,126,976 | ---- | C] () -- C:\Windows\System32\bioapi100.dll

========== LOP Check ==========

[2011/03/13 20:06:31 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\.minecraft
[2010/11/01 20:51:59 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Amazon
[2011/03/26 14:42:30 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Ascendo
[2011/04/12 09:41:22 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\avidemux
[2010/05/17 16:33:52 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Blackberry Desktop
[2010/04/18 15:32:13 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Broadcom
[2011/04/15 17:02:36 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\calibre
[2011/05/25 19:33:23 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Canon
[2011/04/07 13:14:13 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\CompitlyEngine
[2010/06/05 07:32:39 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\DocumentsToGoDesktopBB
[2011/07/01 13:22:39 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Dropbox
[2011/04/12 09:16:56 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Flip Video
[2011/06/10 10:13:46 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Frostbow
[2010/08/09 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Fujitsu
[2010/07/12 15:04:24 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\GARMIN
[2010/08/09 21:12:35 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Leadertech
[2011/04/26 19:07:30 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Mobipocket
[2011/04/07 13:58:13 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\MPEG Streamclip
[2011/06/01 20:26:28 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\OpenDNS Updater
[2011/04/15 14:23:32 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\OverDrive
[2010/08/09 21:27:26 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\PFU
[2010/08/26 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Research In Motion
[2011/01/17 22:45:35 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Simple Star
[2010/09/09 06:33:59 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Smith Micro
[2010/05/07 08:25:39 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Thunderbird
[2010/04/18 15:32:13 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\Wave Systems Corp
[2011/04/07 14:06:17 | 000,000,000 | ---D | M] -- C:\Users\downes\AppData\Roaming\WinFF
[2011/02/15 20:36:50 | 000,032,726 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 8\uninstall\helper.exe" /HideShortcuts [2011/06/22 16:55:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 8\uninstall\helper.exe" /ShowShortcuts [2011/06/22 16:55:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox 4.0 Beta 8\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/06/22 16:55:43 | 000,712,976 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe [2011/06/22 16:55:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe" -preferences [2011/06/22 16:55:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe" -safe-mode [2011/06/22 16:55:49 | 000,924,632 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2011/06/24 02:25:50 | 001,012,792 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2009/07/13 21:14:21 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/22 15:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/22 15:29:16 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2011/03/21 20:10:48 | 002,388,264 | ---- | M] (Apple Inc.)

< %USERPROFILE%\AppData\Local\Google\Chrome\User Data\*.* /s >
[2011/06/29 15:29:36 | 000,000,004 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt
[2010/06/22 08:25:11 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\First Run
[2011/06/29 15:29:36 | 000,007,793 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Local State
[2011/06/29 14:32:13 | 007,436,016 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom
[2011/06/29 14:32:14 | 002,698,053 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom Filter 2
[2011/06/29 15:24:24 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Safe Browsing Bloom_new
[2011/06/29 14:32:13 | 000,154,552 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Safe Browsing Download
[2011/06/29 15:24:24 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Safe Browsing Download_new
[2011/06/29 14:37:18 | 001,019,904 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Archived History
[2011/01/27 13:12:15 | 000,216,327 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Bookmarks
[2011/01/27 13:12:15 | 000,216,327 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Bookmarks.bak
[2011/06/29 15:24:54 | 000,390,144 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Cookies
[2011/06/29 15:29:36 | 000,012,947 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Current Session
[2011/06/29 15:29:36 | 000,010,533 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Current Tabs
[2010/06/22 08:52:06 | 000,006,144 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies
[2011/06/29 14:37:18 | 000,163,840 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Favicons
[2011/06/29 15:29:36 | 010,792,960 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History
[2010/06/22 10:36:14 | 000,108,544 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-06
[2010/12/24 17:07:53 | 000,257,024 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-08
[2010/12/31 10:03:53 | 005,611,520 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-09
[2011/01/27 12:32:45 | 010,880,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-10
[2011/02/21 10:35:56 | 002,149,376 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-11
[2011/04/03 10:13:22 | 001,826,816 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2010-12
[2011/05/15 11:48:53 | 006,221,824 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-01
[2011/05/28 21:46:52 | 002,568,192 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-02
[2011/06/29 14:37:19 | 001,388,544 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-03
[2011/06/29 15:29:36 | 001,634,304 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-04
[2011/06/23 20:29:01 | 001,191,936 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-05
[2011/06/29 15:29:36 | 000,462,848 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\History Index 2011-06
[2011/06/27 13:55:09 | 000,000,719 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Last Session
[2011/06/27 13:55:09 | 000,000,374 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Last Tabs
[2011/05/15 12:15:26 | 000,040,960 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Login Data
[2011/06/29 15:29:36 | 000,039,569 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Preferences
[2011/06/29 15:23:18 | 000,229,376 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Top Sites
[2011/06/29 15:29:36 | 000,131,072 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Visited Links
[2011/06/29 14:29:49 | 000,122,880 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Web Data
[2011/05/28 21:50:44 | 000,009,216 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db
[2011/05/28 21:50:45 | 000,004,096 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\databases\http_download.cnet.com_0\2
[2011/02/21 10:35:20 | 000,004,096 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\databases\http_foodily.com_0\1
[2011/06/21 16:35:43 | 000,020,386 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\icon-128.png
[2011/06/21 16:35:43 | 000,000,698 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\manifest.json
[2011/06/21 16:35:43 | 000,000,385 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\bg\messages.json
[2011/06/21 16:35:43 | 000,000,158 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ca\messages.json
[2011/06/21 16:35:43 | 000,000,224 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\cs\messages.json
[2011/06/21 16:35:43 | 000,000,162 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\da\messages.json
[2011/06/21 16:35:43 | 000,000,172 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\de\messages.json
[2011/06/21 16:35:43 | 000,000,432 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\el\messages.json
[2011/06/21 16:35:43 | 000,000,272 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\en\messages.json
[2011/06/21 16:35:43 | 000,000,159 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\en_GB\messages.json
[2011/06/21 16:35:43 | 000,000,194 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\es\messages.json
[2011/06/21 16:35:43 | 000,000,152 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\es_419\messages.json
[2011/06/21 16:35:43 | 000,000,178 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\et\messages.json
[2011/06/21 16:35:43 | 000,000,191 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\fi\messages.json
[2011/06/21 16:35:43 | 000,000,180 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\fil\messages.json
[2011/06/21 16:35:43 | 000,000,154 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\fr\messages.json
[2011/06/21 16:35:43 | 000,000,393 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\hi\messages.json
[2011/06/21 16:35:43 | 000,000,172 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\hr\messages.json
[2011/06/21 16:35:43 | 000,000,221 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\hu\messages.json
[2011/06/21 16:35:43 | 000,000,180 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\id\messages.json
[2011/06/21 16:35:43 | 000,000,169 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\it\messages.json
[2011/06/21 16:35:43 | 000,000,232 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ja\messages.json
[2011/06/21 16:35:43 | 000,000,212 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ko\messages.json
[2011/06/21 16:35:43 | 000,000,190 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\lt\messages.json
[2011/06/21 16:35:43 | 000,000,191 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\lv\messages.json
[2011/06/21 16:35:43 | 000,000,167 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\nb\messages.json
[2011/06/21 16:35:43 | 000,000,165 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\nl\messages.json
[2011/06/21 16:35:43 | 000,000,168 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\pl\messages.json
[2011/06/21 16:35:43 | 000,000,168 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\pt_BR\messages.json
[2011/06/21 16:35:43 | 000,000,159 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\pt_PT\messages.json
[2011/06/21 16:35:43 | 000,000,197 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ro\messages.json
[2011/06/21 16:35:43 | 000,000,402 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\ru\messages.json
[2011/06/21 16:35:43 | 000,000,172 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sk\messages.json
[2011/06/21 16:35:43 | 000,000,175 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sl\messages.json
[2011/06/21 16:35:43 | 000,000,391 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sr\messages.json
[2011/06/21 16:35:43 | 000,000,168 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\sv\messages.json
[2011/06/21 16:35:43 | 000,000,478 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\th\messages.json
[2011/06/21 16:35:43 | 000,000,241 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\tr\messages.json
[2011/06/21 16:35:43 | 000,000,379 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\uk\messages.json
[2011/06/21 16:35:43 | 000,000,261 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\vi\messages.json
[2011/06/21 16:35:43 | 000,000,242 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\zh_CN\messages.json
[2011/06/21 16:35:43 | 000,000,256 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.4.6_0\_locales\zh_TW\messages.json
[2011/03/04 22:46:50 | 000,000,967 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\background.html
[2011/03/04 22:46:50 | 000,072,174 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\jquery-1.4.2.min.js
[2011/03/04 22:46:50 | 000,001,189 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\manifest.json
[2011/03/04 22:46:50 | 000,026,878 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\prosperity-128.jpg
[2011/03/04 22:46:50 | 000,000,895 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\prosperity-16.jpg
[2011/03/04 22:46:50 | 000,005,585 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\prosperity-48.jpg
[2011/03/04 22:46:50 | 000,004,917 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\search.js
[2011/03/04 22:46:50 | 000,000,110 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiklhdolfdhapknlmhdljmbgmdofdknf\0.0.16_0\style.css
[2011/04/13 15:40:39 | 000,000,351 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\bg.html
[2011/04/13 15:40:39 | 000,001,175 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\contentscript.js
[2011/04/13 15:40:40 | 000,000,819 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\manifest.json
[2011/04/13 15:40:40 | 000,003,882 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\icons\128.png
[2011/04/13 15:40:40 | 000,000,364 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\icons\16.png
[2011/04/13 15:40:39 | 000,009,347 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\icons\256.png
[2011/04/13 15:40:40 | 000,000,841 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\icons\32.png
[2011/04/13 15:40:40 | 000,001,361 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\icons\48.png
[2011/04/13 15:40:39 | 000,001,903 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk\1.1_0\icons\64.png
[2010/10/12 16:50:26 | 000,010,016 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\adblock.js
[2010/10/12 16:50:26 | 000,004,816 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\adblock_start.js
[2010/10/12 16:50:25 | 000,019,931 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\background.html
[2010/10/12 16:50:25 | 000,004,397 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\blacklister.js
[2010/10/12 16:50:25 | 000,001,158 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\broadcast_channel.js
[2010/10/12 16:50:26 | 000,004,221 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\functions.js
[2010/10/12 16:50:26 | 000,010,019 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\Icon.png
[2010/10/12 16:50:25 | 000,002,292 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\Info.plist
[2010/10/12 16:50:26 | 000,001,416 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\manifest.json
[2010/10/12 16:50:25 | 000,012,484 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\port.js
[2010/10/12 16:50:25 | 000,002,180 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\whitelister.js
[2010/10/12 16:50:26 | 000,030,071 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\cs\messages.json
[2010/10/12 16:50:26 | 000,028,273 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\de\messages.json
[2010/10/12 16:50:26 | 000,053,467 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\el\messages.json
[2010/10/12 16:50:26 | 000,028,157 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\en\messages.json
[2010/10/12 16:50:26 | 000,017,612 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\es\messages.json
[2010/10/12 16:50:26 | 000,028,465 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\fr\messages.json
[2010/10/12 16:50:26 | 000,029,793 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\hu\messages.json
[2010/10/12 16:50:26 | 000,027,794 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\id\messages.json
[2010/10/12 16:50:26 | 000,027,490 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\it\messages.json
[2010/10/12 16:50:26 | 000,035,042 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\ko\messages.json
[2010/10/12 16:50:25 | 000,029,347 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\mk\messages.json
[2010/10/12 16:50:26 | 000,027,177 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\nl\messages.json
[2010/10/12 16:50:26 | 000,029,602 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\pl\messages.json
[2010/10/12 16:50:26 | 000,051,990 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\ru\messages.json
[2010/10/12 16:50:26 | 000,029,323 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\sl\messages.json
[2010/10/12 16:50:26 | 000,031,450 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\_locales\zh_CN\messages.json
[2010/10/12 16:50:25 | 000,011,347 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\blacklisting\blacklistui.js
[2010/10/12 16:50:25 | 000,003,940 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\blacklisting\clickwatcher.js
[2010/10/12 16:50:25 | 000,001,290 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\blacklisting\elementchain.js
[2010/10/12 16:50:25 | 000,000,742 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\blacklisting\overlay.js
[2010/10/12 16:50:26 | 000,002,194 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\button\popup.css
[2010/10/12 16:50:26 | 000,015,334 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\button\popup.html
[2010/10/12 16:50:26 | 000,001,220 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\button\temporary_background_code.js
[2010/10/12 16:50:26 | 000,000,921 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filtering\fifocache.js
[2010/10/12 16:50:26 | 000,000,585 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filtering\filteroptions.js
[2010/10/12 16:50:26 | 000,005,141 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filtering\filterset.js
[2010/10/12 16:50:26 | 000,016,316 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filtering\filtertypes.js
[2010/10/12 16:50:26 | 000,016,356 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filtering\myfilters.js
[2010/10/12 16:50:26 | 000,000,242 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filtering\todo
[2010/10/12 16:50:25 | 000,071,010 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filters\adblock_custom.txt
[2010/10/12 16:50:25 | 000,237,959 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\filters\easylist.txt
[2010/10/12 16:50:26 | 000,009,863 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon128.png
[2010/10/12 16:50:26 | 000,003,100 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon16-grayscale.png
[2010/10/12 16:50:26 | 000,000,753 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon16.png
[2010/10/12 16:50:26 | 000,000,869 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon19-grayscale.png
[2010/10/12 16:50:26 | 000,001,829 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon19-whitelisted.png
[2010/10/12 16:50:26 | 000,000,687 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon19.png
[2010/10/12 16:50:26 | 000,002,299 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon24.png
[2010/10/12 16:50:26 | 000,001,904 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon32.png
[2010/10/12 16:50:26 | 000,003,307 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon48.png
[2010/10/12 16:50:26 | 000,003,337 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\img\icon_screenshot.png
[2010/10/12 16:50:25 | 000,072,174 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\jquery-1.4.2.min.js
[2010/10/12 16:50:25 | 000,064,573 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\jquery-ui-1.8.custom.min.js
[2010/10/12 16:50:25 | 000,004,246 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\jquery.cookie.js
[2010/10/12 16:50:25 | 000,001,334 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\override-page.css
[2010/10/12 16:50:25 | 000,030,831 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\jquery-ui-1.8.custom.css
[2010/10/12 16:50:25 | 000,000,180 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_flat_55_999999_40x100.png
[2010/10/12 16:50:25 | 000,000,180 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_flat_75_aaaaaa_40x100.png
[2010/10/12 16:50:25 | 000,000,136 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_glass_45_0078ae_1x400.png
[2010/10/12 16:50:25 | 000,000,131 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_glass_55_f8da4e_1x400.png
[2010/10/12 16:50:25 | 000,000,132 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_glass_75_79c9ec_1x400.png
[2010/10/12 16:50:25 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_gloss-wave_50_38cfff_500x100.png
[2010/10/12 16:50:25 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_gloss-wave_75_2191c0_500x100.png
[2010/10/12 16:50:25 | 000,000,088 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-bg_inset-hard_100_fcfdfd_1x100.png
[2010/10/12 16:50:25 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-icons_0078ae_256x240.png
[2010/10/12 16:50:25 | 000,005,355 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-icons_056b93_256x240.png
[2010/10/12 16:50:25 | 000,004,369 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\jquery\css\custom-theme\images\ui-icons_d8e7f3_256x240.png
[2010/10/12 16:50:25 | 000,008,100 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\options\blacklist.html
[2010/10/12 16:50:25 | 000,012,588 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\options\filters.html
[2010/10/12 16:50:25 | 000,004,206 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\options\general.html
[2010/10/12 16:50:25 | 000,003,836 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\options\index.html
[2010/10/12 16:50:25 | 000,001,421 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\options\options.css
[2010/10/12 16:50:25 | 000,004,028 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\options\whitelist.html
[2010/10/12 16:50:26 | 000,014,123 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\pages\adreport.html
[2010/10/12 16:50:26 | 000,005,902 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\pages\installed.html
[2010/10/12 16:50:26 | 000,003,146 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.2.5_0\pages\subscribe.html
[2011/03/26 14:57:37 | 000,001,515 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\background.html
[2011/03/26 14:57:37 | 000,001,629 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\content_script.js
[2011/03/26 14:57:39 | 000,000,582 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\manifest.json
[2011/03/26 14:57:37 | 000,002,512 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\popup.html
[2011/03/26 14:57:37 | 000,000,719 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\saveForms.js
[2011/03/26 14:57:37 | 000,158,181 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\DataVault.ico
[2011/03/26 14:57:37 | 000,000,826 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\generatepassword.png
[2011/03/26 14:57:37 | 000,000,229 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\saveforms.png
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item00.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item01.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item02.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item03.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item04.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item05.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item06.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item07.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item08.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item09.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item10.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item11.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item12.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item13.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item14.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item15.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item16.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item17.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item18.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item19.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item20.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item21.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item22.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item23.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item24.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item25.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item26.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item27.ico
[2011/03/26 14:57:37 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item28.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item29.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item30.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item31.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item32.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item33.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item34.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item35.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item36.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item37.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item38.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item39.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item40.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item41.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item42.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item43.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item44.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item45.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item46.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item47.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item48.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item49.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item50.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item51.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item52.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item53.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item54.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item55.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item56.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item57.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item58.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item59.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item60.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item61.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item62.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item63.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item64.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item65.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item66.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item67.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item68.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item69.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item70.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item71.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item72.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item73.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item74.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item75.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item76.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item77.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item78.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item79.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item80.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item81.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item82.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item83.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item84.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item85.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item86.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item87.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item88.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item89.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item90.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item91.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item92.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item93.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item94.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item95.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item96.ico
[2011/03/26 14:57:38 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item97.ico
[2011/03/26 14:57:39 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item98.ico
[2011/03/26 14:57:39 | 000,007,886 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\idbmmgcdhhiblollphopejjpnkpdgbii\4.7.3_0\images\itemicons\item99.ico
[2011/06/21 16:19:47 | 000,003,085 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\48freemake.png
[2011/06/21 16:19:46 | 000,000,372 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\background.html
[2011/06/21 16:19:46 | 000,285,478 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\freemake.ico
[2011/06/21 16:19:47 | 000,000,817 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\manifest.json
[2011/06/21 16:19:47 | 000,057,344 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\npFreemake.dll
[2011/06/21 16:19:47 | 000,000,585 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj\1.0.0_0\toolbar-button.png
[2011/02/08 09:28:25 | 000,014,514 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\icon_poppit.png
[2011/02/08 09:28:25 | 000,000,767 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\manifest.json
[8 C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp files -> C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\JumpListIcons\*.tmp -> ]
[9 C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp files -> C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsOld\*.tmp -> ]
[2011/01/18 11:32:13 | 000,003,072 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eemcgdkfndhakfknompkggombfjjjeno_0.localstorage
[2011/06/29 14:29:20 | 000,951,296 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gighmmpiobklfepjocnamgkkbiglidom_0.localstorage
[2011/04/26 09:04:11 | 000,003,072 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.amazon.com_0.localstorage
[2010/10/21 15:30:37 | 000,003,072 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_ad.doubleclick.net_0.localstorage
[2010/10/09 21:15:43 | 000,045,056 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_0
[2010/10/09 21:15:43 | 000,270,336 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_1
[2010/10/09 20:54:01 | 000,008,192 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_2
[2010/10/09 20:54:01 | 000,008,192 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Media Cache\data_3
[2010/10/09 20:54:01 | 000,524,656 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Media Cache\index
[2010/06/22 08:52:06 | 000,017,408 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\localserver.db
[2010/06/22 08:52:06 | 000,019,456 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\Plugin Data\Google Gears\permissions.db
[2010/09/09 07:42:18 | 000,000,000 | ---- | M] () -- C:\Users\downes\AppData\Local\Google\Chrome\User Data\Default\User StyleSheets\Custom.css

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-07-01 10:14:29

< End of report >

#10 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 01 July 2011 - 07:39 PM

Hi trink!

Right now I don't see any evidence of a problem - but it's come and gone at least three times since this all started. If you think my reports show I'm in the clear, I'm fine with moving forward from here. Do you have any advice on how I got myself into this in the first place? Also, can you offer advice as to what programs I can routinely use to scan my system for any badness so as to be a bit more proactive? My son has a laptop that I'm quite sure is going to need some clean up work... We run Norton A/V all the time, and now I know to scan periodically with Malware Bytes, but are there other things you can suggest?

Usually people get infected by having things like outdated programs installed such as Java. People also get infected from malicious email attachments, P2P downloads,etc.

I'll provide recommendations for how to stay clean and protect your computer in my all clean speech.

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

Time for some housekeeping
The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

NEXT:

OTL Fix

We need to run an OTL Fix

Please reopen on your desktop.
Copy and Paste the following code into the textbox.
```
:Commands
[ClearAllRestorePoints]
```
Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.

NEXT:

OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:

Reopen on your desktop.
Click on
You will be prompted to reboot your system. Please do so.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

NEXT:

All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

Updated Anti-Virus Program
It's essential that you have an updated anti-virus program running on your computer. You don't want to run more than one as it can cause program conflicts, as well as false positives

You can view an excellent list of Free Security Software programs that has been compiled by GeekstoGo.

Avoid P2P Programs

Remember that no matter how clean the program you're using for peer-to-peer filesharing may be, it offers no guarantees regarding the cleanliness of files you may choose to download. All files available via p2p filesharing carry a high risk, particularly those that offer you illegitimate methods of using legitimate software programs without paying for them. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

If you have any of these programs installed then I highly suggest you uninstall them.

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Internet Browsers

Many of the users that I assist here on the forums, ask me which programs they can use to prevent themselves from getting infected again in the future. The best answer I can give you is too practice safe browsing.

Please consider using an alternative browser such as Google Chrome or Opera. They are both much more secure than Internet Explorer, immune to almost all known browser hijackers, and also have great built-in pop-up blockers.

I also suggest you make your Internet Explore more secure.

Make Internet Explorer more secure

Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Extra Goodies

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
You should run an updated scan with MalwareBytes' Anti-Malware weekly. Instructions are included below:
- Open Malwarebytes' Anti-Malware
- Select the Update tab
- Click Check for Updates
Be weary of e-mails from unknown senders. Keep the following in mind as well: If it's to good to be true, then it more than likely is.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
WOT has an addon available for Chrome and Opera.
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.

#11 trink

Member

Members
15 posts

Posted 02 July 2011 - 10:08 AM

ST,
Looks like the clean up is done. The OTL log has nothing in it:
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.25.0 log created on 07012011_210719

I've made sure Norton A/V is back up and running, made notes to follow up with the rest of your "staying clean" speech, including swearing off IE altogether (except for MS updates). I will stick with Firefox and Chrome (perhaps shift more towards Chrome). I also did just install Opera (haven't tried it for a few years) and was pretty happy with it, so that will go back in the mix. I don't P2P, and don't know why/how Java was old, but will be aware of that sort of thing. Will use the goodies and now start the process of making sure my son's laptop is clean, too.

Thank you SO MUCH for your help - now I know if you're patient this is the place to come for help. Feel free to close this thread!

-Trink

#12 SweetTech

Agent ST

Malware Response Team
13,421 posts

Gender:Male
Location:Antarctica

Posted 02 July 2011 - 10:44 AM

You're more than welcome! I'm glad that we were able to work together to solve the issues you were experiencing with your computer.

Please take care!

Kindest Regards,
SweetTech.

____________________________________________________

Since it appears that the issues you were experiencing with your computer have been resolved, I am going to close this thread. If you should need the thread re-opened please send me a Private Message (PM) with a request to re-open the thread, as well as the link to the thread in question, and I'd be happy to re-open the thread.