Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vxidl, IE opens itself, mouse click sounds


  • This topic is locked This topic is locked
9 replies to this topic

#1 astronaut

astronaut

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 16 December 2008 - 07:28 PM

I'm using WinXP and had my CA AntiVirus identify and suposedly cure Vxidl!generic, but it keeps coming up with a warning that it's identified and cured it again and again.

Also, Internet Explorer randomly opens to different websites. (Best Buy, Forbes, others - I don't even use IE, I use FF).

And I hear random mouse clicks (opening folder sound) and warning bell sounds in the background (Nothing to do with what my mouse cursor is doing at the time)

Not sure if the issues are related, but here's my RSIT logs AND Kapersky scan.

Any help is GREATLY appreciated!!!

------------------------------------

Logfile of random's system information tool 1.04 (written by random/random)
Run by USER at 2008-12-16 18:17:07
Microsoft Windows XP Professional Service Pack 3
System drive C: has 57 GB (53%) free of 108 GB
Total RAM: 3572 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:17:11 PM, on 16/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r190031\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\system32\AESTFltr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\26Gjv0R6.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\name.COMPANY\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\name.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/ig/dell?hl=en&cli...amp;ibd=4080924
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.as...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.as...;l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ca/hws/sb/dell-row-rel/e...html?channel=ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.ca/ig/dell?hl=en&cli...amp;ibd=4080924
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = COMPANY.local
O17 - HKLM\Software\..\Telephony: DomainName = COMPANY.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = COMPANY.local
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\metefovu.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r190031\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.27 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12198 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At10.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At20.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At30.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At40.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2008-07-01 196608]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2008-06-29 442467]
"AESTFltr"=C:\WINDOWS\system32\AESTFltr.exe [2008-06-29 466944]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-07 13537280]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=C:\WINDOWS\system32\nvHotkey.dll [2008-08-07 90112]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-08-07 86016]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-06-15 178712]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-06-18 2220032]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Realtime Monitor"=C:\Program Files\CA\eTrustITM\realmon.exe [2007-01-16 407632]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"PowerBar"= []
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe [2008-05-30 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DCPstrApp]
C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe [2008-08-25 1486848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe [2008-05-30 593920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-02-26 128296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecureUpgrade]
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
C:\WINDOWS\system32\mobsync.exe [2008-04-14 143360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WavXMgr]
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2008-10-10 295606]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [1999-11-04 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\WINDOWS\system32\metefovu.dll"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
wvauth
"notification packages"=scecli
C:\WINDOWS\system32\metefovu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoWelcomeScreen"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook"
"C:\WINDOWS\Network Diagnostic\xpnetdiag.exe"="C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\instsrv.exe"="C:\WINDOWS\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\FileZilla FTP Client\filezilla.exe"="C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client"
"C:\Program Files\CA\eTrustITM\InoRpc.exe"="C:\Program Files\CA\eTrustITM\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service"
"C:\Program Files\CA\eTrustITM\Realmon.exe"="C:\Program Files\CA\eTrustITM\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor"
"C:\Program Files\CA\eTrustITM\Shellscn.exe"="C:\Program Files\CA\eTrustITM\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}]
shell\AutoRun\command - G:\LaunchU3.exe -a


======File associations======

.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2008-12-16 18:17:07 ----D---- C:\rsit
2008-12-15 09:15:42 ----D---- C:\Program Files\Trend Micro
2008-12-15 07:14:37 ----A---- C:\WINDOWS\system32\83Ilx6T3.dll
2008-12-14 23:10:57 ----D---- C:\Program Files\Lavasoft
2008-12-14 23:10:54 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-12-14 23:09:39 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-12-14 22:12:47 ----D---- C:\Program Files\Spybot - Search & Destroy
2008-12-14 22:12:47 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 15:42:53 ----A---- C:\WINDOWS\system32\26Gjv0R6.exe_
2008-12-14 15:42:53 ----A---- C:\WINDOWS\system32\26Gjv0R6.exe.a_a
2008-12-14 15:42:53 ----A---- C:\WINDOWS\system32\26Gjv0R6.exe
2008-12-14 15:30:53 ----A---- C:\WINDOWS\system32\7I6bMX0N.exe.a_a
2008-12-14 15:30:53 ----A---- C:\WINDOWS\system32\7I6bMX0N.exe
2008-12-07 22:48:43 ----D---- C:\Documents and Settings\name.COMPANY\Application Data\skypePM
2008-12-07 22:45:34 ----D---- C:\Documents and Settings\name.COMPANY\Application Data\Skype
2008-12-07 22:45:26 ----D---- C:\Program Files\Skype
2008-12-07 22:45:26 ----D---- C:\Program Files\Common Files\Skype
2008-12-07 22:45:23 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2008-11-28 08:44:01 ----D---- C:\Documents and Settings\name.COMPANY\Application Data\ImgBurn
2008-11-28 08:42:59 ----D---- C:\Program Files\ImgBurn
2008-11-17 08:45:10 ----D---- C:\Program Files\gpsbabel-1.3.6

======List of files/folders modified in the last 1 months======

2008-12-16 18:17:05 ----D---- C:\WINDOWS\Prefetch
2008-12-16 18:14:12 ----D---- C:\WINDOWS\Temp
2008-12-16 18:13:22 ----D---- C:\WINDOWS\system32\CatRoot2
2008-12-16 18:12:01 ----AD---- C:\WINDOWS\system32
2008-12-16 18:09:24 ----D---- C:\Program Files\Mozilla Firefox
2008-12-16 17:05:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2008-12-16 17:00:52 ----AD---- C:\WINDOWS
2008-12-16 16:06:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2008-12-16 14:54:40 ----SD---- C:\Documents and Settings\name.COMPANY\Application Data\Microsoft
2008-12-16 08:16:30 ----D---- C:\WINDOWS\security
2008-12-15 15:26:15 ----HD---- C:\Program Files\InstallShield Installation Information
2008-12-15 15:26:13 ----D---- C:\Program Files\Microsoft Games
2008-12-15 15:26:12 ----SHD---- C:\WINDOWS\Installer
2008-12-15 15:24:57 ----RSD---- C:\WINDOWS\Fonts
2008-12-15 09:15:42 ----RD---- C:\Program Files
2008-12-14 23:10:57 ----D---- C:\WINDOWS\system32\drivers
2008-12-14 23:09:39 ----D---- C:\Program Files\Common Files
2008-12-14 21:37:05 ----A---- C:\WINDOWS\NeroDigital.ini
2008-12-14 16:19:26 ----D---- C:\Documents and Settings\name.COMPANY\Application Data\uTorrent
2008-12-14 15:42:53 ----SD---- C:\WINDOWS\Tasks
2008-12-12 12:52:53 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-12-12 11:22:53 ----D---- C:\Documents and Settings\name.COMPANY\Application Data\FileZilla
2008-12-09 10:44:53 ----D---- C:\Documents and Settings\name.COMPANY\Application Data\U3
2008-12-07 20:10:29 ----RSHDC---- C:\WINDOWS\system32\dllcache
2008-12-03 22:12:19 ----ASH---- C:\boot.ini
2008-12-03 22:12:19 ----A---- C:\WINDOWS\win.ini
2008-12-03 22:12:19 ----A---- C:\WINDOWS\system.ini
2008-12-03 22:00:28 ----D---- C:\WINDOWS\pss
2008-11-28 11:19:04 ----D---- C:\Documents and Settings\name.COMPANY\Application Data\dvdcss
2008-11-27 19:11:18 ----D---- C:\Program Files\Windows Media Player
2008-11-24 13:16:02 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-11-19 15:48:42 ----A---- C:\WINDOWS\omv.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 DLARTL_M;DLARTL_M; C:\WINDOWS\System32\Drivers\DLARTL_M.SYS [2007-07-23 30064]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 DLABMFSM;DLABMFSM; C:\WINDOWS\System32\Drivers\DLABMFSM.SYS [2007-07-23 37360]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\Drivers\DLABOIOM.SYS [2007-07-23 32848]
R2 DLADResM;DLADResM; C:\WINDOWS\System32\Drivers\DLADResM.SYS [2007-07-23 9104]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\Drivers\DLAIFS_M.SYS [2007-07-23 108752]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\Drivers\DLAOPIOM.SYS [2007-07-23 27216]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\Drivers\DLAPoolM.SYS [2007-07-23 16304]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\Drivers\DLAUDF_M.SYS [2007-07-23 98448]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\Drivers\DLAUDFAM.SYS [2007-07-23 93552]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2007-07-23 52000]
R2 INO_FLTR;INO_FLTR; \??\C:\WINDOWS\system32\Drivers\ino_fltr.sys []
R2 rimmptsk;rimmptsk; C:\WINDOWS\system32\DRIVERS\rimmptsk.sys [2008-07-01 39936]
R3 AESTAud;AE Audio Service; C:\WINDOWS\system32\drivers\AESTAud.sys [2008-06-29 108160]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2008-07-01 170032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-06-18 1287552]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-18 991016]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 cvusbdrv;Broadcom USH CV; C:\WINDOWS\System32\Drivers\cvusbdrv.sys [2008-07-31 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver; C:\WINDOWS\system32\DRIVERS\e1y5132.sys [2008-06-30 244368]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-07 6591872]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2008-06-29 1381914]
R3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
R3 USBCCID;USB Smart Card reader; C:\WINDOWS\system32\DRIVERS\usbccid.sys [2008-07-22 28672]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 a2rys6ai;a2rys6ai; C:\WINDOWS\system32\drivers\a2rys6ai.sys []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-18 47272]
S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-14 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 atapi;Standard IDE/ESDI Hard Disk Controller; C:\WINDOWS\system32\DRIVERS\atapi.sys [2008-04-14 96512]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-14 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-09-10 611664]
R2 ASFAgent;ASF Agent; C:\Program Files\Intel\ASF Agent\ASFAgent.exe [2007-04-19 133968]
R2 buttonsvc32;Dell ControlPoint Button Service; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2008-06-03 386328]
R2 Credential Vault Host Storage;Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2008-07-31 21352]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager; C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2008-08-18 455960]
R2 FolderSize;Folder Size; C:\Program Files\FolderSize\FolderSizeSvc.exe [2007-11-14 131072]
R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-06-15 354840]
R2 iGateway;iTechnology iGateway 4.2; C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe [2007-02-05 106496]
R2 InoRPC;eTrust ITM RPC Service; C:\Program Files\CA\eTrustITM\InoRpc.exe [2007-01-16 198736]
R2 InoRT;eTrust Antivirus Realtime Service; C:\Program Files\CA\eTrustITM\InoRT.exe [2007-01-16 215120]
R2 InoTask;eTrust ITM Job Service; C:\Program Files\CA\eTrustITM\InoTask.exe [2008-11-03 386888]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-07 159812]
R2 SMManager;Smith Micro Connection Manager Service; C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2008-08-25 69632]
R2 STacSV;Audio Service; c:\drivers\audio\r190031\stacsv.exe [2008-06-29 221273]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-06-18 24064]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 tcsd_win32.exe;NTRU TSS v1.2.1.27 TCS; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [2008-03-10 1249280]
S3 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
S3 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-08-15 342624]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 Credential Vault Host Control Service;Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2008-07-31 808296]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-10-10 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2006-10-21 36864]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2006-10-30 741376]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 SecureStorageService;SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [2008-04-25 638976]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2007-07-11 69632]
S4 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-05 168432]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2006-10-30 122880]

-----------------EOF-----------------

info.txt logfile of random's system information tool 1.04 2008-12-16 18:17:13

======Uninstall list======

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->msiexec /qb /x {77DCDCE3-2DED-62F3-8154-05E745472D07}
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Add or Remove Adobe Creative Suite 3 Master Collection-->C:\Program Files\Common Files\Adobe\Installers\8bb24e071e5922899698c2105557bd2\Setup.exe
Adobe Acrobat 8 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000003}
Adobe After Effects CS3 Presets-->MsiExec.exe /I{185D0A67-E066-44AE-926D-F6305813301C}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe BridgeTalk Plugin CS3-->MsiExec.exe /I{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Creative Suite 3 Master Collection-->MsiExec.exe /I{7162AC2C-733F-4127-ACAD-C5F0F27D123D}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe Dreamweaver CS3-->MsiExec.exe /I{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Extension Manager CS3-->MsiExec.exe /I{BE5F3842-8309-4754-92D5-83E02E6077A3}
Adobe Flash Player 9 Plugin-->MsiExec.exe /X{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{7ACFB90E-8FD0-4397-AD3A-5195412623A3}
Adobe InDesign CS3 Icon Handler-->MsiExec.exe /I{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe Media Player-->msiexec /qb /x {5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe Media Player-->MsiExec.exe /I{5C74694C-A687-E3EB-FF18-B018D4A76ECD}
Adobe MotionPicture Color Files-->MsiExec.exe /I{6B708481-748A-4EB4-97C1-CD386244FF77}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop 6.0-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Adobe\Photoshop 6.0\Uninst.isu" -c"C:\Program Files\Adobe\Photoshop 6.0\Uninst.dll"
Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A90000000001}
Adobe Setup-->MsiExec.exe /I{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}
Adobe Shockwave Player 11-->C:\WINDOWS\system32\adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe SING CS3-->MsiExec.exe /I{B671CBFD-4109-4D35-9252-3062D3CCB7B2}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe Video Profiles-->MsiExec.exe /I{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}
Adobe WAS CS3-->MsiExec.exe /I{C5BD220A-EFE8-48A5-B70E-9503D535FACE}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP DVA Panels CS3-->MsiExec.exe /I{0224CACC-994D-45F8-B973-D65056EA9C2F}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AHV content for Acrobat and Flash-->MsiExec.exe /I{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}
All Day Battery Life Configuration-->MsiExec.exe /X{2220CF3A-EBD6-4070-94D0-0C7337B537A7}
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ArcGIS Desktop-->"C:\Program Files\ArcGIS\Support\Setup.exe"
BioAPI Framework-->MsiExec.exe /X{AF7E4468-E364-4991-BC2A-6E8293E1055B}
biolsp patch-->MsiExec.exe /I{9593C6E5-205E-45C3-B785-05CF146CA76A}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
Broadcom USH Host Components-->MsiExec.exe /I{066D25F6-8B8B-433C-88B4-EDF41D604E7E}
CA eTrustITM Agent-->MsiExec.exe /X{107558C8-458B-45EA-A0FE-7CC10D687DB6}
CA iTechnology iGateway-->MsiExec.exe /X{847501DF-07C0-4691-B04A-893929F108AE}
Celestia 1.5.1-->"C:\Program Files\Celestia\unins000.exe"
Cobian Backup 9-->C:\Program Files\Cobian Backup 9\cbUninstall.exe
CorelDRAW Graphics Suite X3-->C:\Program Files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} C:\DOCUME~1\NAME~1.TIT\LOCALS~1\Temp\CGSX3.log
CorelDRAW Graphics Suite X3-->MsiExec.exe /I{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}
Dell ControlPoint Connection Manager-->MsiExec.exe /I{041F04B1-F985-44E8-A070-C3EB1A39369F}
Dell ControlPoint System Manager-->MsiExec.exe /I{52D299D8-F84E-497E-B4A4-D8F02782BFAA}
Dell Embassy Trust Suite by Wave Systems-->C:\WINDOWS\Downloaded Installations\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}\Installer.exe
Dell Security Device Driver Pack-->C:\Program Files\InstallShield Installation Information\{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}\setup.exe -runfromtemp -l0x0009 -removeonly
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
EN-->MsiExec.exe /I{32A72502-BC2C-4C39-ACEA-BC3D463F0697}
Encom Discover 8.0-->C:\PROGRA~1\MapInfo\PROFES~1\Discover\UNWISE.EXE C:\PROGRA~1\MapInfo\PROFES~1\Discover\INSTALL.LOG
ER Mapper ArcMap ECW Jpeg 2000 Plug-in-->"C:\Program Files\InstallShield Installation Information\{E46014D3-25A8-4ACD-94D7-490CB8122A61}\setup.exe" -runfromtemp -l0x0009 -removeonly
FileZilla Client 3.1.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Folder Size for Windows-->MsiExec.exe /I{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}
FontNav-->MsiExec.exe /I{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}
Gemalto-->MsiExec.exe /I{EF05BA0F-AC15-4D12-AC5C-276225F5E751}
Geosoft Extensions for ArcGIS-->MsiExec.exe /I{0AACEBB2-1E1A-4774-9EC7-13EB8B1EC005}
Geosoft Oasis montaj Viewer-->MsiExec.exe /I{B4CCABB9-4A07-49D1-A39A-7495FCB0BABA}
Geosoft Plug-In for ArcGIS-->MsiExec.exe /I{F6E54214-ECCD-4CCA-BACC-C5213F948240}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x9 -removeonly
Google SketchUp 6-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}\setup.exe" -l0x9 -removeonly
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ImgBurn-->"C:\Program Files\ImgBurn\uninstall.exe"
Intel® Network Connections 13.0.42.0-->MsiExec.exe /i{2223FC2F-B862-4F83-BC9E-DDF2DADF2859} ARPREMOVE=1
Intel® PRO Alerting Agent-->MsiExec.exe /X{6EA8A52B-8EA1-4A59-85AB-48132299061A}
Intel® Matrix Storage Manager-->C:\WINDOWS\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
MapInfo Professional 8.0-->MsiExec.exe /I{309AFCC1-C343-40A0-B23A-568073036409}
Mavis Beacon Teaches Typing 16-->C:\WINDOWS\TLCUninstall.exe -f "C:\Program Files\Broderbund\Mavis Beacon Teaches Typing 16\Uninstall.xml"
MediaJoin-->"C:\Documents and Settings\All Users\Application Data\{E0FD8DB4-0B1B-427B-B11A-E920A60A344E}\setup_mj.exe" REMOVE=TRUE MODIFY=FALSE
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0-->c:\WINDOWS\Microsoft.NET\Framework\v3.0\Microsoft .NET Framework 3.0\setup.exe
Microsoft .NET Framework 3.0-->MsiExec.exe /X{15095BF3-A3D7-4DDF-B193-3A496881E003}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NTRU TCG Software Stack-->MsiExec.exe /I{558B86E5-CFAC-447C-99EE-5BB1C068706D}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OpenVPN 2.0.9-gui-1.0.3-->C:\Program Files\OpenVPN\Uninstall.exe
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
Python 2.5 numpy-1.0.3-->C:\Python25\\UNWISE.EXE C:\Python25\\Lib\site-packages\INSTALL.LOG
Python 2.5.1-->C:\Python25\\UNWISE.EXE C:\Python25\\INSTALL.LOG
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Roxio Activation Module-->MsiExec.exe /I{07159635-9DFE-4105-BFC0-2817DB540C68}
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41C6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4C52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ED8-B104-03393876DFDF}
Roxio Drag-to-Disc-->MsiExec.exe /I{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sam Spade version 1.14-->"C:\Program Files\Blighty Design\unins000.exe"
Skypeāāā‚¬Å¾¢ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic CinePlayer Decoder Pack-->MsiExec.exe /I{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
tsp patch-->MsiExec.exe /I{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}
Update Manager-->MsiExec.exe /I{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}
VBA-->MsiExec.exe /I{C94E45B0-6AA6-4FB9-9AAE-22085F631880}
VLC media player 0.9.2-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Wave Infrastructure Installer-->MsiExec.exe /I{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}
Wave Support Software-->C:\Program Files\InstallShield Installation Information\{07D618CD-B016-438A-ADC9-A75BD23F85CE}\setup.exe -runfromtemp -l0x0409
WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}
Winamp-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Communication Foundation-->MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)-->C:\PROGRA~1\DIFX\270581355A767BF1\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\pbadrv_D8D224CEC214CACEA7B42A3CB4D1B2E57B753A54\pbadrv.inf
Windows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Workflow Foundation-->MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll

======Security center information======

AV: eTrust ITM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\DMIX;C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\;C:\Program Files\Wave Systems Corp\Gemalto\Access Client\v5\;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\CA\SharedComponents\ScanEngine;C:\Program Files\CA\SharedComponents\CAUpdate\;C:\Program Files\CA\SharedComponents\ThirdParty\;C:\Program Files\CA\SharedComponents\SubscriptionLicense\;C:\Program Files\CA\eTrustITM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CASHCOMP"=C:\Program Files\CA\SharedComponents\
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_05\lib\ext\QTJava.zip
"PYTHONPATH"=C:\Program Files\ArcGIS\bin
"ARCGISHOME"=C:\Program Files\ArcGIS\
"ITMTHIRDPARTY"=C:\Program Files\CA\SharedComponents\ThirdParty\
"ITMLICENSE"=C:\Program Files\CA\SharedComponents\SubscriptionLicense\
"INOCULAN"=C:\Program Files\CA\eTrustITM
"IGW_LOC"=C:\Program Files\CA\SharedComponents\iTechnology\

-----------------EOF-----------------

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 16, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 16, 2008 21:45:15
Records in database: 1467018
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area Critical Areas
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Documents and Settings\name.COMPANY\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics
Files scanned 90073
Threat name 2
Infected objects 4
Suspicious objects 0
Duration of the scan 00:51:57

File name Threat name Threats count
C:\WINDOWS\system32\26Gjv0R6.exe/C:\WINDOWS\system32\26Gjv0R6.exe Infected: Trojan-Downloader.Win32.Agent.auip 1
C:\WINDOWS\system32\26Gjv0R6.exe Infected: Trojan-Downloader.Win32.Agent.auip 1
C:\WINDOWS\system32\26Gjv0R6.exe_ Infected: Trojan-Downloader.Win32.Agent.auip 1
C:\WINDOWS\system32\83Ilx6T3.dll Infected: Trojan.Win32.Agent.arzx 1
The selected area was scanned.

Edited by astronaut, 16 December 2008 - 08:28 PM.


BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 25 December 2008 - 06:16 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

I apologize for the delay in response. We get overwhelmed with logs at times, but we are trying our best to keep up. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following so I can have a look at the current condition of your machine.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
Download and Run OTViewit
  • Please download OTViewIt by OldTimer.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTViewIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized
Run Kaspersky Online Scanner
Please do a scan with Kaspersky Online Scanner.

This scan is for Internet Explorer only.

If you are using Windows Vista, open your browser by right-clicking on its icon and select Run as administrator to perform this scan.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

In your next reply please include the following:
  • OTViewIt.txt
  • Extra.txt
  • Kaspersky's Log

Important Note: For other users who are reading this topic,the instructions provided in this topic are for the original topic starter ONLY. Even if you have similar problems or even log entries to those given here, please do not follow the directions, especially those involving specific tools and scripts. Doing so can result in serious damage to your computer. Instead, please start your own topic and feel free to link to any relevant topics as needed.Please Do NOT follow the instructions provided for this topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 astronaut

astronaut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 27 December 2008 - 12:40 PM

Hey EB, Thanks for your help!
Here's my logs:

1 - OTViewIt.txt
2 - Extra.txt
3 - Kaspersky's Log

------------------------------------------------------



OTViewIt logfile created on: 27/12/2008 12:15:19 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\username.company\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.26 Gb Total Space | 48.65 Gb Free Space | 46.22% Space Free | Partition Type: NTFS
Drive D: | 127.51 Gb Total Space | 37.90 Gb Free Space | 29.72% Space Free | Partition Type: NTFS
Drive E: | 7.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRECISION_M4400
Current User Name: username
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008/06/18 19:20:08 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2008/06/18 19:19:30 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008/06/29 18:57:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe
[2008/07/31 20:41:50 | 00,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
[2008/08/25 11:04:18 | 00,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
[2008/04/14 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007/04/19 04:56:36 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
[2008/06/03 14:28:50 | 00,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
[2008/08/18 09:39:28 | 00,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
[2007/11/14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
[2008/06/15 05:12:20 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2007/02/05 07:57:24 | 00,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
[2007/01/16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe
[2007/01/16 21:27:36 | 00,215,120 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
[2008/12/23 08:49:32 | 00,386,888 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
[2008/08/07 16:06:08 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008/08/15 07:51:34 | 00,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008/07/01 15:22:18 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2008/06/29 18:57:30 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
[2008/06/29 18:57:18 | 00,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
[2008/07/01 15:22:16 | 00,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2008/04/14 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/04/14 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008/07/01 15:22:34 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2008/06/15 05:12:18 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2008/07/01 15:22:16 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2008/06/18 19:20:06 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2005/08/18 02:55:00 | 00,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe
[2006/09/11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008/09/16 12:16:08 | 01,833,296 | RHS- | M] (Safer Networking Limited) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[2008/04/14 06:00:00 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
[2006/10/23 01:40:14 | 00,349,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
[2008/10/10 15:40:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
[2008/12/17 19:08:35 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008/12/27 00:15:06 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008/10/01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [On_Demand | Stopped])
[2007/04/19 04:56:36 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent [Auto | Running])
[2007/10/24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [On_Demand | Stopped])
[2008/08/15 07:51:34 | 00,342,624 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [On_Demand | Stopped])
[2008/06/03 14:28:50 | 00,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32 [Auto | Running])
[2007/10/24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008/07/31 20:41:50 | 00,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service [On_Demand | Stopped])
[2008/07/31 20:41:50 | 00,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage [Auto | Running])
[2008/08/18 09:39:28 | 00,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc [Auto | Running])
[2008/10/10 15:40:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Running])
[2007/11/14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
[2006/10/21 03:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008/10/05 00:42:52 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2008/06/15 05:12:20 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006/10/30 09:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007/02/05 07:57:24 | 00,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway [Auto | Running])
[2007/01/16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC [Auto | Running])
[2007/01/16 21:27:36 | 00,215,120 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT [Auto | Running])
[2008/12/23 08:49:32 | 00,386,888 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask [Auto | Running])
[2008/10/01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006/10/30 09:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008/08/07 16:06:08 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006/10/01 06:37:42 | 00,016,384 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService [On_Demand | Stopped])
[2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008/04/25 14:45:40 | 00,638,976 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped])
[2008/08/25 11:04:18 | 00,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager [Auto | Running])
[2008/06/29 18:57:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe -- (STacSV [Auto | Running])
[2007/07/11 08:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008/03/10 14:48:48 | 01,249,280 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Stopped])
[2005/01/28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2008/06/18 19:20:08 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services ==========

[2008/06/29 18:57:16 | 00,108,160 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud [On_Demand | Running])
[2001/08/17 19:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008/04/14 06:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2008/07/01 15:22:14 | 00,170,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2001/08/17 19:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001/08/17 19:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2008/06/18 19:19:50 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2008/08/18 10:01:14 | 00,991,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2008/08/18 09:37:14 | 00,047,272 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2001/08/17 19:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2008/07/31 20:39:26 | 00,032,808 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv [On_Demand | Running])
[2001/08/17 19:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2007/07/23 14:04:58 | 00,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2007/07/23 14:04:52 | 00,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2007/07/23 13:49:44 | 00,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [Boot | Running])
[2007/07/23 14:05:20 | 00,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM [Auto | Running])
[2007/07/23 14:04:50 | 00,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2007/07/23 14:04:54 | 00,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2007/07/23 14:04:52 | 00,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2007/07/23 13:49:44 | 00,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2007/07/23 14:04:56 | 00,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2007/07/23 14:04:56 | 00,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2007/07/23 13:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2007/07/23 13:43:42 | 00,052,000 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2008/06/30 16:47:30 | 00,244,368 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress [On_Demand | Running])
[2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008/04/14 06:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008/08/07 18:55:42 | 00,318,488 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007/08/06 22:07:02 | 00,027,536 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\drivers\ino_flpy.sys -- (INO_FLPY [Boot | Running])
[2007/10/18 21:14:32 | 00,184,080 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR [Auto | Running])
[2008/04/14 06:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001/08/17 19:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008/02/20 20:19:56 | 00,030,816 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2008/08/07 16:05:32 | 06,591,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008/06/04 13:14:00 | 00,026,608 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV [Boot | Running])
[2003/12/05 03:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2008/04/14 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007/07/26 02:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001/08/17 19:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001/08/17 19:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001/08/17 19:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2008/07/01 15:12:18 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007/04/24 11:33:34 | 00,083,336 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus [On_Demand | Stopped])
[2007/04/24 11:33:42 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl [On_Demand | Stopped])
[2007/04/24 11:33:44 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm [On_Demand | Stopped])
[2007/04/24 11:33:46 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt [On_Demand | Stopped])
[2007/04/24 11:33:46 | 00,098,696 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex [On_Demand | Stopped])
[2008/04/14 06:00:00 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2008/04/14 06:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008/04/14 06:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001/08/17 20:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008/10/15 22:50:16 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008/06/29 18:57:26 | 01,381,914 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001/08/17 20:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001/08/17 20:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001/08/17 20:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001/08/17 20:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006/10/01 06:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Running])
[2001/08/17 19:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008/07/22 15:27:04 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID [On_Demand | Running])
[2006/11/02 13:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2008/04/14 06:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
"Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"SearchAssistant"=http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
"Start Page"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
"Start Page"=http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Start Page"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Start Page"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.google.ca/hws/sb/dell-row-rel/en/side.html?channel=ca
"Start Page"=http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{99C6D1BB-7555-474C-91DA-D8FB62A9CC75} (HKLM) -- C:\WINDOWS\system32\83Ilx6T3.dll (TODO: <Company name>)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"=%SystemRoot%\system32\AESTFltr.exe /NoDlg (Andrea Electronics Corporation)
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet ()
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PowerBar"= File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"PowerBar"= File not found
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWelcomeScreen"=1
"NoCDBurning"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/09/20 10:53:26 | 00,002,773 | ---- | M] ()
Send To Bluetooth: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/03/27 16:19:40 | 00,005,601 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006/10/22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006/10/27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007/09/20 10:53:26 | 00,002,773 | ---- | M] ()
Send To Bluetooth: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/03/27 16:19:40 | 00,005,601 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/03/27 16:19:40 | 00,005,601 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008/03/27 16:19:40 | 00,005,601 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008/04/14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008/02/22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008/04/14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
localhost: http in Local intranet

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
localhost: http in Local intranet

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{60096A34-E7B6-477D-9DA0-ABAD2306703C} (Servers: | Description: 1394 Net Adapter)
{75B2393D-1CF8-49A2-8E02-652ED49B454A} (Servers: | Description: Dell Wireless 1397 WLAN Mini-Card)
{B05B9036-D467-410C-934C-D3D0909B5BD7} (Servers: | Description: Intel® 82567LM Gigabit Network Connection)
{FB8FCB58-C739-49F3-8672-630FD9E89B89} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\metefovu.dll
>File not found -- C:\WINDOWS\system32\metefovu.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,wvauth,
>[2008/06/13 10:16:16 | 00,991,232 | ---- | M] (Wave Systems Corp.) -- C:\WINDOWS\system32\wvauth.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008/04/25 15:29:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2008/12/27 00:15:05 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe
[2008/12/26 21:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Desktop\misc
[2008/12/26 21:52:54 | 73,455,2064 | ---- | C] () -- C:\Documents and Settings\username.company\Desktop\madagascar 2.avi
[2008/12/23 09:23:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2008/12/23 08:32:27 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2008/12/19 19:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Teleca
[2008/12/19 19:16:12 | 00,100,488 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mgmt.sys
[2008/12/19 19:16:12 | 00,098,696 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125obex.sys
[2008/12/19 19:16:06 | 00,108,680 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mdm.sys
[2008/12/19 19:16:06 | 00,015,112 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mdfl.sys
[2008/12/19 19:16:06 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125cmnt.sys
[2008/12/19 19:16:06 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125cm.sys
[2008/12/19 19:16:05 | 00,083,336 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125bus.sys
[2008/12/19 19:16:05 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125whnt.sys
[2008/12/19 19:16:05 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125wh.sys
[2008/12/19 19:15:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Sony Ericsson
[2008/12/19 19:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2008/12/17 20:12:07 | 00,031,232 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\83Ilx6T3.dll
[2008/12/17 20:12:07 | 00,031,232 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\83Ilx6T3.dl_
[2008/12/17 12:22:26 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26Gjv0R6.exe.a_a
[2008/12/16 18:17:07 | 00,000,000 | ---D | C] -- C:\rsit
[2008/12/16 11:36:46 | 00,990,916 | ---- | C] () -- C:\Documents and Settings\username.company\Desktop\Pages from CastleNorthQR.pdf
[2008/12/15 09:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008/12/14 23:10:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008/12/14 23:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/14 23:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008/12/14 22:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008/12/14 22:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2008/12/14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2008/12/14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2008/12/14 15:30:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\7I6bMX0N.exe.a_a
[2008/12/07 22:48:43 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/07 22:48:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\skypePM
[2008/12/07 22:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Skype
[2008/12/07 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2008/12/07 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2008/12/07 22:45:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008/12/07 20:10:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/12/07 20:10:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/11/28 08:44:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\ImgBurn
[2008/11/28 08:42:59 | 00,000,000 | ---D | C] -- C:\Program Files\ImgBurn

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[8 C:\WINDOWS\*.tmp files]
[2008/12/27 00:15:06 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe
[2008/12/27 00:12:06 | 00,236,684 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008/12/27 00:12:06 | 00,236,628 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2008/12/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2008/12/26 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2008/12/26 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2008/12/26 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2008/12/26 21:52:43 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008/12/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2008/12/26 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2008/12/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2008/12/26 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2008/12/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2008/12/26 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2008/12/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2008/12/26 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2008/12/26 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2008/12/26 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2008/12/26 16:37:10 | 00,530,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/26 16:37:10 | 00,447,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/26 16:37:10 | 00,074,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/26 16:35:40 | 00,929,699 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2008/12/26 16:32:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008/12/26 16:32:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008/12/26 16:32:08 | 37,454,23360 | -HS- | M] () -- C:\hiberfil.sys
[2008/12/26 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2008/12/26 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2008/12/26 11:06:09 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008/12/25 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2008/12/25 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2008/12/25 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2008/12/25 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2008/12/25 00:43:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2008/12/25 00:23:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2008/12/24 21:55:31 | 00,071,168 | ---- | M] () -- C:\Documents and Settings\username.company\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/24 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2008/12/24 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2008/12/24 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2008/12/24 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2008/12/24 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2008/12/24 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008/12/24 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2008/12/24 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2008/12/24 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2008/12/24 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2008/12/24 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2008/12/24 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2008/12/24 00:05:51 | 00,006,962 | ---- | M] () -- C:\Documents and Settings\username.company\Application Data\PrimoPDFSet.xml
[2008/12/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2008/12/23 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2008/12/23 11:41:20 | 00,001,730 | -H-- | M] () -- C:\Documents and Settings\username\My Documents\Default.rdp
[2008/12/23 07:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2008/12/23 07:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2008/12/23 06:38:25 | 00,031,232 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\83Ilx6T3.dll
[2008/12/23 06:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2008/12/23 06:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2008/12/23 05:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2008/12/23 05:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2008/12/23 04:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2008/12/23 04:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2008/12/23 03:00:20 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2008/12/23 03:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2008/12/23 00:35:01 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\leharuvu
[2008/12/22 10:27:49 | 00,031,232 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\83Ilx6T3.dl_
[2008/12/22 08:37:34 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2008/12/22 08:00:10 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2008/12/22 03:23:52 | 73,455,2064 | ---- | M] () -- C:\Documents and Settings\username.company\Desktop\madagascar 2.avi
[2008/12/17 12:22:26 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26Gjv0R6.exe.a_a
[2008/12/16 11:36:47 | 00,990,916 | ---- | M] () -- C:\Documents and Settings\username.company\Desktop\Pages from CastleNorthQR.pdf
[2008/12/15 17:24:26 | 00,435,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/12/14 15:30:53 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\7I6bMX0N.exe.a_a
[2008/12/07 22:48:43 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/12/03 22:12:19 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2008/12/03 22:12:19 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008/12/03 22:12:19 | 00,000,211 | -HS- | M] () -- C:\boot.ini
< End of report >




------------------------------------------------------




OTViewIt Extras logfile created on: 27/12/2008 12:15:29 AM - Run
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\username.company\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.26 Gb Total Space | 48.65 Gb Free Space | 46.22% Space Free | Partition Type: NTFS
Drive D: | 127.51 Gb Total Space | 37.90 Gb Free Space | 29.72% Space Free | Partition Type: NTFS
Drive E: | 7.76 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRECISION_M4400
Current User Name: username
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/14 06:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\WINDOWS\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program
[2006/10/27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008/10/16 07:14:10 | 07,024,640 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
[2008/10/04 14:06:40 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007/01/16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service
[2007/01/16 21:27:58 | 00,407,632 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor
[2007/01/16 21:28:02 | 00,358,480 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008/04/14 06:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008/10/04 14:06:40 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008/10/01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
[2006/10/27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook
[2008/04/14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000
[2008/11/07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006/10/26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008/11/07 14:31:38 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006/10/26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}"=CorelDRAW Graphics Suite X3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}"=Roxio Creator Tools
"{041F04B1-F985-44E8-A070-C3EB1A39369F}"=Dell ControlPoint Connection Manager
"{066D25F6-8B8B-433C-88B4-EDF41D604E7E}"=Broadcom USH Host Components
"{07159635-9DFE-4105-BFC0-2817DB540C68}"=Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}"=Wave Support Software
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AACEBB2-1E1A-4774-9EC7-13EB8B1EC005}"=Geosoft Extensions for ArcGIS
"{0D397393-9B50-4C52-84D5-77E344289F87}"=Roxio Creator Data
"{107558C8-458B-45EA-A0FE-7CC10D687DB6}"=CA eTrustITM Agent
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}"=Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}"=All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}"=Intel® Network Connections 13.0.42.0
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}"=MediaJoin
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}"=tsp patch
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{309AFCC1-C343-40A0-B23A-568073036409}"=MapInfo Professional 8.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}"=EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}"=FontNav
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}"=ArcGIS Desktop
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{52D299D8-F84E-497E-B4A4-D8F02782BFAA}"=Dell ControlPoint System Manager
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{558B86E5-CFAC-447C-99EE-5BB1C068706D}"=NTRU TCG Software Stack
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}"=Adobe Media Player
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}"=Intel® PRO Alerting Agent
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}"=Adobe Creative Suite 3 Master Collection
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}"=CorelDRAW Graphics Suite X3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}"=Wave Infrastructure Installer
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{83FFCFC7-88C6-41C6-8752-958A45325C82}"=Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{847501DF-07C0-4691-B04A-893929F108AE}"=CA iTechnology iGateway
"{84814E6B-2581-46EC-926A-823BD1C670F6}"=WIDCOMM Bluetooth Software
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9593C6E5-205E-45C3-B785-05CF146CA76A}"=biolsp patch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}"=Google SketchUp 6
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}"=Adobe Setup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}"=Visual Basic for Applications ® Core - English
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}"=Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}"=BioAPI Framework
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}"=Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4CCABB9-4A07-49D1-A39A-7495FCB0BABA}"=Geosoft Oasis montaj Viewer
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}"=VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DB93FA95-5F66-4F63-A0DA-7FF0E040804D}"=ER Mapper ArcMap ECW Jpeg 2000 Plug-in
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E46014D3-25A8-4ACD-94D7-490CB8122A61}"=ER Mapper ArcMap ECW Jpeg 2000 Plug-in
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}"=Gemalto
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}"=Update Manager
"{F6E54214-ECCD-4CCA-BACC-C5213F948240}"=Geosoft Plug-In for ArcGIS
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}"=Visual Basic for Applications ® Core
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}"=Folder Size for Windows
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}"=Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3"=Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8 Professional
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 6.0"=Adobe Photoshop 6.0
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_8bb24e071e5922899698c2105557bd2"=Add or Remove Adobe Creative Suite 3 Master Collection
"ArcGIS Desktop"=ArcGIS Desktop
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card Utility
"Celestia_is1"=Celestia 1.5.1
"CobBackup9"=Cobian Backup 9
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Encom Discover 8.0"=Encom Discover 8.0
"FileZilla Client"=FileZilla Client 3.1.4.1
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"ImgBurn"=ImgBurn
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}"=Wave Support Software
"Mavis Beacon Teaches Typing 16"=Mavis Beacon Teaches Typing 16
"MediaJoin"=MediaJoin
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"numpy-py2.5"=Python 2.5 numpy-1.0.3
"NVIDIA Drivers"=NVIDIA Drivers
"OpenVPN"=OpenVPN 2.0.9-gui-1.0.3
"PrimoPDF4.1.0.9"=PrimoPDF
"PROPLUS"=Microsoft Office Professional Plus 2007
"Python 2.5 numpy-1.0.3"=Python 2.5 numpy-1.0.3
"Python 2.5.1"=Python 2.5.1
"Sam Spade version 1.14_is1"=Sam Spade version 1.14
"VLC media player"=VLC media player 0.9.2
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format Runtime
"WinRAR archiver"=WinRAR archiver
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/12/2008 1:08:56 PM | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 26/12/2008 1:09:07 PM | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

Error - 26/12/2008 1:14:46 PM | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 26/12/2008 1:14:47 PM | Computer Name = PRECISION_M4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 26/12/2008 1:48:16 PM | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 26/12/2008 1:48:19 PM | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

Error - 26/12/2008 6:32:47 PM | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 26/12/2008 6:32:48 PM | Computer Name = PRECISION_M4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 26/12/2008 6:35:31 PM | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 26/12/2008 6:35:52 PM | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

[ System Events ]
Error - 26/12/2008 10:00:00 PM | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At21.job command failed to start due to the following error: %%2147942402

Error - 26/12/2008 10:00:00 PM | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At45.job command failed to start due to the following error: %%2147942402

Error - 26/12/2008 10:18:00 PM | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 26/12/2008 11:00:00 PM | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At22.job command failed to start due to the following error: %%2147942402

Error - 26/12/2008 11:00:00 PM | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At46.job command failed to start due to the following error: %%2147942402

Error - 27/12/2008 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At23.job command failed to start due to the following error: %%2147942402

Error - 27/12/2008 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At47.job command failed to start due to the following error: %%2147942402

Error - 27/12/2008 12:44:07 AM | Computer Name = PRECISION_M4400 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain company due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 27/12/2008 1:00:00 AM | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At24.job command failed to start due to the following error: %%2147942402

Error - 27/12/2008 1:00:00 AM | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At48.job command failed to start due to the following error: %%2147942402


< End of report >




------------------------------------------------------




KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, December 27, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, December 27, 2008 03:56:04
Records in database: 1519612
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
T:\
Z:\
Scan statistics
Files scanned 195606
Threat name 2
Infected objects 7
Suspicious objects 0
Duration of the scan 02:32:18

File name Threat name Threats count
C:\WINDOWS\system32\83Ilx6T3.dll/C:\WINDOWS\system32\83Ilx6T3.dll Infected: Trojan.Win32.Agent.arzx

1
C:\Documents and Settings\username.company\Desktop\scanners\file from system32\83Ilx6T3.dll Infected:

Trojan.Win32.Agent.arzx 1
C:\WINDOWS\system32\83Ilx6T3.dll Infected: Trojan.Win32.Agent.arzx 1
C:\WINDOWS\system32\83Ilx6T3.dl_ Infected: Trojan.Win32.Agent.arzx 1
C:\WINDOWS\Temp\84887F3n.exe Infected: Trojan-Downloader.Win32.Agent.axdj 1
C:\WINDOWS\Temp\nJEG6UMi.exe Infected: Trojan-Downloader.Win32.Agent.axdj 1
C:\WINDOWS\Temp\Ulya7j7W.exe Infected: Trojan-Downloader.Win32.Agent.axdj 1
The selected area was scanned.

#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 27 December 2008 - 05:14 PM

Hello again.

What problems do you have specifically? There are some entries we will take care of now..

There are some bad tasks related to Zlob such as those: C:\WINDOWS\tasks\At??.exe
C:\WINDOWS\tasks\At?.exe entries. There are also some vundoish files and trojan downloader.win32.axdj according to kaspersky.

We will start off with Combofix.

Install Recovery Console and Run ComboFix

Download Combofix from any of the links below, and save it to your desktop.

Link 1
Link 2
Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • Posted Image
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Post back with:
-Combofix log
-New OTViewIT logs
-Problems you have


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 astronaut

astronaut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 29 December 2008 - 05:24 PM

Hi EB, Thanks again.

The problems I was having were:

- IE opening to random webpages

- Random mouseclick and warning bell sounds in background

Here is my combofix and new otv logs:


-----------------------------COMBOFIX LOG--------------------------------

ComboFix 08-12-28.04 - username 2008-12-29 16:03:37.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2940 [GMT -6:00]
Running from: c:\documents and settings\username.company\Desktop\ComboFix.exe
AV: eTrust ITM *On-access scanning enabled* (Outdated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\bold.log
c:\windows\1.tmp
c:\windows\system32\26Gjv0R6.exe.a_a
c:\windows\system32\7I6bMX0N.exe.a_a
c:\windows\system32\83Ilx6T3.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-29 )))))))))))))))))))))))))))))))
.

2008-12-23 09:23 . 2008-12-23 10:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2008-12-23 08:32 . 2008-12-23 08:32 <DIR> d-------- c:\program files\CA
2008-12-19 19:16 . 2008-12-20 16:10 <DIR> d-------- c:\documents and settings\username.company\Application Data\Teleca
2008-12-19 19:16 . 2007-04-24 11:33 108,680 -ra------ c:\windows\system32\drivers\s125mdm.sys
2008-12-19 19:16 . 2007-04-24 11:33 100,488 -ra------ c:\windows\system32\drivers\s125mgmt.sys
2008-12-19 19:16 . 2007-04-24 11:33 98,696 -ra------ c:\windows\system32\drivers\s125obex.sys
2008-12-19 19:16 . 2007-04-24 11:33 83,336 -ra------ c:\windows\system32\drivers\s125bus.sys
2008-12-19 19:16 . 2007-04-24 11:33 15,112 -ra------ c:\windows\system32\drivers\s125mdfl.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125whnt.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125wh.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125cmnt.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125cm.sys
2008-12-19 19:15 . 2008-12-19 19:15 <DIR> d-------- c:\documents and settings\username.company\Application Data\Sony Ericsson
2008-12-19 19:14 . 2008-12-20 16:09 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2008-12-17 20:12 . 2008-12-22 10:27 31,232 --a------ c:\windows\system32\83Ilx6T3.dl_
2008-12-16 18:17 . 2008-12-16 18:17 <DIR> d-------- C:\rsit
2008-12-15 09:15 . 2008-12-15 09:15 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 23:10 . 2008-12-14 23:10 <DIR> d-------- c:\program files\Lavasoft
2008-12-14 23:10 . 2008-12-14 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 23:09 . 2008-12-14 23:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 22:12 . 2008-12-14 23:34 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-14 22:12 . 2008-12-14 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 22:48 . 2008-12-08 08:08 <DIR> d-------- c:\documents and settings\username.company\Application Data\skypePM
2008-12-07 22:48 . 2008-12-07 22:48 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-07 22:45 . 2008-12-07 22:45 <DIR> d-------- c:\program files\Skype
2008-12-07 22:45 . 2008-12-07 22:45 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-07 22:45 . 2008-12-08 11:59 <DIR> d-------- c:\documents and settings\username.company\Application Data\Skype
2008-12-07 22:45 . 2008-12-07 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-07 20:10 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-07 20:10 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-29 21:53 --------- d-----w c:\program files\Google
2008-12-25 07:17 --------- d-----w c:\documents and settings\username.company\Application Data\dvdcss
2008-12-24 06:40 --------- d-----w c:\documents and settings\username.company\Application Data\uTorrent
2008-12-15 21:26 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-15 21:26 --------- d-----w c:\program files\Microsoft Games
2008-12-12 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-12 17:22 --------- d-----w c:\documents and settings\username.company\Application Data\FileZilla
2008-12-09 16:44 --------- d-----w c:\documents and settings\username.company\Application Data\U3
2008-11-28 15:45 --------- d-----w c:\documents and settings\username.company\Application Data\ImgBurn
2008-11-28 14:43 --------- d-----w c:\program files\ImgBurn
2008-11-24 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-17 14:45 --------- d-----w c:\program files\gpsbabel-1.3.6
2008-11-12 19:35 --------- d-----w c:\program files\HawthsTools
2008-11-08 20:56 --------- d-----w c:\program files\Blighty Design
2008-11-05 02:47 --------- d-----w c:\program files\Zone Labs
2008-11-01 01:24 --------- d-----w c:\program files\MSXML 4.0
2008-10-29 19:45 --------- d-----w c:\program files\Earth Resource Mapping
2008-10-29 02:49 --------- d-----w c:\program files\Common Files\Adobe
2008-10-28 21:21 --------- d-----w c:\program files\FolderSize
2004-03-11 19:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-01 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-29 442467]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-06-29 466944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-18 2220032]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2008-08-07 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-08-07 c:\windows\system32\nvhotkey.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\metefovu.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1139346280-1970192546-2495151335-1193\Scripts\Logon\0\0]
"Script"=geoserver drive mapping.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
--a------ 2008-05-30 08:37 180224 c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
--a------ 2008-08-25 11:01 1486848 c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
--a------ 2008-05-30 02:29 593920 c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2008-02-26 09:57 128296 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2008-04-14 06:00 143360 c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 4:56:36 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;"c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [6/3/2008 2:28:50 PM 386328]
R2 Credential Vault Host Storage;Credential Vault Host Storage;"c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe" [7/31/2008 8:41:50 PM 21352]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;"c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [8/18/2008 9:39:28 AM 455960]
R2 SMManager;Smith Micro Connection Manager Service;"c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe" [8/25/2008 11:04:18 AM 69632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/24/2008 1:05:33 AM 108160]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [9/24/2008 1:07:48 AM 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys [9/24/2008 1:05:41 AM 244368]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [10/1/2006 6:37:02 AM 26624]
S3 Credential Vault Host Control Service;Credential Vault Host Control Service;"c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe" [7/31/2008 8:41:50 PM 808296]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [12/19/2008 7:16:05 PM 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [12/19/2008 7:16:06 PM 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [12/19/2008 7:16:06 PM 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [12/19/2008 7:16:12 PM 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [12/19/2008 7:16:12 PM 98696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-12-27 c:\windows\Tasks\At1.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At10.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At11.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At12.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-26 c:\windows\Tasks\At13.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At14.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At15.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At16.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At17.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-28 c:\windows\Tasks\At18.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At19.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-28 c:\windows\Tasks\At2.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At20.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At21.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At22.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At23.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At24.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-28 c:\windows\Tasks\At25.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-28 c:\windows\Tasks\At26.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At27.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At28.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At29.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At3.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At30.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At31.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At32.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At33.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At34.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At35.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At36.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-26 c:\windows\Tasks\At37.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At38.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At39.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At4.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-29 c:\windows\Tasks\At40.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At41.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-28 c:\windows\Tasks\At42.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At43.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At44.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At45.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At46.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At47.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-29 c:\windows\Tasks\At48.job
- c:\windows\system32\26Gjv0R6.exe []

2008-12-27 c:\windows\Tasks\At5.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At6.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At7.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At8.job
- c:\windows\system32\7I6bMX0N.exe []

2008-12-27 c:\windows\Tasks\At9.job
- c:\windows\system32\7I6bMX0N.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - (no file)
HKCU-Run-PowerBar - (no file)
MSConfigStartUp-DCPstrApp - c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe
MSConfigStartUp-EmbassySecurityCheck - c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe
MSConfigStartUp-SecureUpgrade - c:\program files\Wave Systems Corp\SecureUpgrade.exe
MSConfigStartUp-WavXMgr - c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\username.company\Application Data\Mozilla\Firefox\Profiles\ma8e7x9z.default\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-29 16:11:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1196)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\drivers\audio\R190031\stacsv.exe
c:\windows\system32\scardsvr.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApntEx.exe
.
**************************************************************************
.
Completion time: 2008-12-29 16:14:46 - machine was rebooted [username]
ComboFix-quarantined-files.txt 2008-12-29 22:14:43

Pre-Run: 52,522,184,704 bytes free
Post-Run: 52,734,353,408 bytes free

327







-----------------------------OTVIEWIT.TXT LOG--------------------------------






OTViewIt logfile created on: 2008-12-29 16:16:21 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\username.company\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.26 Gb Total Space | 49.21 Gb Free Space | 46.75% Space Free | Partition Type: NTFS
Drive D: | 127.51 Gb Total Space | 43.53 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRECISION_M4400
Current User Name: username
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008-06-18 19:20:08 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2008-06-18 19:19:30 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008-06-29 18:57:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe
[2008-07-31 20:41:50 | 00,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
[2008-08-25 11:04:18 | 00,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
[2008-04-14 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007-04-19 04:56:36 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
[2008-06-03 14:28:50 | 00,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
[2008-08-18 09:39:28 | 00,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
[2007-11-14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
[2008-06-15 05:12:20 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2007-02-05 07:57:24 | 00,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
[2007-01-16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe
[2007-01-16 21:27:36 | 00,215,120 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
[2008-12-23 08:49:32 | 00,386,888 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
[2008-08-07 16:06:08 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008-04-14 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008-08-15 07:51:34 | 00,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008-04-14 06:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008-07-01 15:22:18 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2008-06-29 18:57:30 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
[2008-06-29 18:57:18 | 00,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
[2008-07-01 15:22:16 | 00,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2008-07-01 15:22:34 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2008-04-14 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008-04-14 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008-07-01 15:22:16 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2008-06-15 05:12:18 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2008-06-18 19:20:06 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2005-08-18 02:55:00 | 00,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe
[2006-09-11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008-12-17 19:08:35 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2008-12-27 00:15:06 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008-10-01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [On_Demand | Stopped])
[2007-04-19 04:56:36 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent [Auto | Running])
[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [On_Demand | Stopped])
[2008-08-15 07:51:34 | 00,342,624 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [On_Demand | Stopped])
[2008-06-03 14:28:50 | 00,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32 [Auto | Running])
[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008-07-31 20:41:50 | 00,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service [On_Demand | Stopped])
[2008-07-31 20:41:50 | 00,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage [Auto | Running])
[2008-08-18 09:39:28 | 00,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc [Auto | Running])
[2008-10-10 15:40:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007-11-14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
[2006-10-21 03:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008-10-05 00:42:52 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2008-06-15 05:12:20 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006-10-30 09:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007-02-05 07:57:24 | 00,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway [Auto | Running])
[2007-01-16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC [Auto | Running])
[2007-01-16 21:27:36 | 00,215,120 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT [Auto | Running])
[2008-12-23 08:49:32 | 00,386,888 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask [Auto | Running])
[2008-10-01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006-10-30 09:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008-08-07 16:06:08 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-01 06:37:42 | 00,016,384 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008-04-25 14:45:40 | 00,638,976 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped])
[2008-08-25 11:04:18 | 00,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager [Auto | Running])
[2008-06-29 18:57:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe -- (STacSV [Auto | Running])
[2007-07-11 08:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008-03-10 14:48:48 | 01,249,280 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Stopped])
[2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2008-06-18 19:20:08 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services ==========

[2008-06-29 18:57:16 | 00,108,160 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud [On_Demand | Running])
[2001-08-17 19:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008-04-14 06:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2008-07-01 15:22:14 | 00,170,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2001-08-17 19:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001-08-17 19:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2008-06-18 19:19:50 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2008-08-18 10:01:14 | 00,991,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2008-08-18 09:37:14 | 00,047,272 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2001-08-17 19:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2008-07-31 20:39:26 | 00,032,808 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv [On_Demand | Running])
[2001-08-17 19:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2007-07-23 14:04:58 | 00,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2007-07-23 14:04:52 | 00,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2007-07-23 13:49:44 | 00,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [Boot | Running])
[2007-07-23 14:05:20 | 00,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM [Auto | Running])
[2007-07-23 14:04:50 | 00,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2007-07-23 14:04:54 | 00,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2007-07-23 14:04:52 | 00,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2007-07-23 13:49:44 | 00,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2007-07-23 14:04:56 | 00,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2007-07-23 14:04:56 | 00,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2007-07-23 13:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2007-07-23 13:43:42 | 00,052,000 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2008-06-30 16:47:30 | 00,244,368 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress [On_Demand | Running])
[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008-04-14 06:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008-08-07 18:55:42 | 00,318,488 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007-08-06 22:07:02 | 00,027,536 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\drivers\ino_flpy.sys -- (INO_FLPY [Boot | Running])
[2007-10-18 21:14:32 | 00,184,080 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR [Auto | Running])
[2008-04-14 06:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001-08-17 19:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008-02-20 20:19:56 | 00,030,816 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2008-08-07 16:05:32 | 06,591,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008-06-04 13:14:00 | 00,026,608 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV [Boot | Running])
[2003-12-05 03:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2008-04-14 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-07-26 02:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001-08-17 19:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001-08-17 19:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001-08-17 19:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2008-07-01 15:12:18 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007-04-24 11:33:34 | 00,083,336 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus [On_Demand | Stopped])
[2007-04-24 11:33:42 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl [On_Demand | Stopped])
[2007-04-24 11:33:44 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm [On_Demand | Stopped])
[2007-04-24 11:33:46 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt [On_Demand | Stopped])
[2007-04-24 11:33:46 | 00,098,696 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex [On_Demand | Stopped])
[2008-04-14 06:00:00 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2008-04-14 06:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008-04-14 06:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001-08-17 20:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008-10-15 22:50:16 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008-06-29 18:57:26 | 01,381,914 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001-08-17 20:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001-08-17 20:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001-08-17 20:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001-08-17 20:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006-10-01 06:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Running])
[2001-08-17 19:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008-07-22 15:27:04 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID [On_Demand | Running])
[2006-11-02 13:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2008-04-14 06:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"=%SystemRoot%\system32\AESTFltr.exe /NoDlg (Andrea Electronics Corporation)
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet ()
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWelcomeScreen"=1
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006-10-27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007-09-20 10:53:26 | 00,002,773 | ---- | M] ()
Send To Bluetooth: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006-10-27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007-09-20 10:53:26 | 00,002,773 | ---- | M] ()
Send To Bluetooth: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
localhost: http in Local intranet

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
localhost: http in Local intranet

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{60096A34-E7B6-477D-9DA0-ABAD2306703C} (Servers: | Description: 1394 Net Adapter)
{75B2393D-1CF8-49A2-8E02-652ED49B454A} (Servers: | Description: Dell Wireless 1397 WLAN Mini-Card)
{B05B9036-D467-410C-934C-D3D0909B5BD7} (Servers: | Description: Intel® 82567LM Gigabit Network Connection)
{FB8FCB58-C739-49F3-8672-630FD9E89B89} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== (O20) AppInit_DLLs ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_Dlls"=C:\WINDOWS\system32\metefovu.dll
>File not found -- C:\WINDOWS\system32\metefovu.dll

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,wvauth,
>[2008-06-13 10:16:16 | 00,991,232 | ---- | M] (Wave Systems Corp.) -- C:\WINDOWS\system32\wvauth.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008-04-25 15:29:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\*.tmp files]
[2008-12-29 16:01:24 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008-12-29 16:01:22 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008-12-29 16:01:16 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008-12-29 15:57:49 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008-12-29 15:57:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008-12-29 15:57:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008-12-29 15:57:49 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008-12-29 15:57:49 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008-12-29 15:57:49 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008-12-29 15:57:49 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008-12-29 15:57:49 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008-12-29 15:57:49 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008-12-29 15:56:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008-12-29 15:56:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008-12-28 20:46:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Desktop\New Folder
[2008-12-28 00:56:03 | 02,887,984 | R--- | C] () -- C:\Documents and Settings\username.company\Desktop\ComboFix.exe
[2008-12-27 00:15:05 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe
[2008-12-26 21:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Desktop\misc
[2008-12-23 09:23:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2008-12-23 08:32:27 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2008-12-19 19:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Teleca
[2008-12-19 19:16:12 | 00,100,488 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mgmt.sys
[2008-12-19 19:16:12 | 00,098,696 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125obex.sys
[2008-12-19 19:16:06 | 00,108,680 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mdm.sys
[2008-12-19 19:16:06 | 00,015,112 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mdfl.sys
[2008-12-19 19:16:06 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125cmnt.sys
[2008-12-19 19:16:06 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125cm.sys
[2008-12-19 19:16:05 | 00,083,336 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125bus.sys
[2008-12-19 19:16:05 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125whnt.sys
[2008-12-19 19:16:05 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125wh.sys
[2008-12-19 19:15:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Sony Ericsson
[2008-12-19 19:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2008-12-17 20:12:07 | 00,031,232 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\83Ilx6T3.dl_
[2008-12-16 18:17:07 | 00,000,000 | ---D | C] -- C:\rsit
[2008-12-16 11:36:46 | 00,990,916 | ---- | C] () -- C:\Documents and Settings\username.company\Desktop\Pages from CastleNorthQR.pdf
[2008-12-15 09:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Desktop\scanners
[2008-12-15 09:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008-12-14 23:10:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008-12-14 23:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008-12-14 23:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008-12-14 22:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008-12-14 22:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At48.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At47.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At46.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At45.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At44.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At43.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At42.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At41.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At40.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At39.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At38.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At37.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At36.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At35.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At34.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At33.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At32.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At31.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At30.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At29.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At28.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At27.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At26.job
[2008-12-14 15:42:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At25.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At9.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At8.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At7.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At6.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At5.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At24.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At23.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At22.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At21.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At20.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At19.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At18.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At17.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At16.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At15.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At14.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At13.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At12.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At11.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At10.job
[2008-12-14 15:30:53 | 00,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2008-12-07 22:48:43 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-12-07 22:48:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\skypePM
[2008-12-07 22:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Skype
[2008-12-07 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2008-12-07 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2008-12-07 22:45:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008-12-07 20:10:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008-12-07 20:10:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008-12-29 16:13:03 | 00,530,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008-12-29 16:13:03 | 00,447,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008-12-29 16:13:03 | 00,074,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008-12-29 16:11:03 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008-12-29 16:10:41 | 00,962,825 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2008-12-29 16:10:39 | 00,251,596 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2008-12-29 16:10:27 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008-12-29 16:07:51 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-12-29 16:07:40 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-12-29 16:07:29 | 37,454,23360 | -HS- | M] () -- C:\hiberfil.sys
[2008-12-29 16:01:24 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008-12-29 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2008-12-29 16:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2008-12-29 15:57:31 | 02,887,984 | R--- | M] () -- C:\Documents and Settings\username.company\Desktop\ComboFix.exe
[2008-12-29 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2008-12-29 15:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2008-12-29 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2008-12-29 14:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2008-12-29 13:41:19 | 00,251,596 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008-12-29 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2008-12-29 13:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2008-12-28 23:09:16 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-28 23:09:14 | 00,070,656 | ---- | M] () -- C:\Documents and Settings\username.company\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-28 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2008-12-28 23:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2008-12-28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At47.job
[2008-12-28 22:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2008-12-28 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2008-12-28 21:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2008-12-28 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2008-12-28 20:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2008-12-28 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2008-12-28 19:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2008-12-28 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2008-12-28 18:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2008-12-28 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2008-12-28 17:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2008-12-28 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2008-12-28 01:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2008-12-28 00:43:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2008-12-27 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2008-12-27 11:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2008-12-27 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2008-12-27 10:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2008-12-27 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2008-12-27 09:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2008-12-27 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2008-12-27 08:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2008-12-27 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2008-12-27 07:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2008-12-27 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2008-12-27 06:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2008-12-27 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2008-12-27 05:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2008-12-27 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2008-12-27 04:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2008-12-27 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2008-12-27 03:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2008-12-27 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2008-12-27 02:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2008-12-27 00:46:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-12-27 00:23:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2008-12-27 00:15:06 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe
[2008-12-26 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2008-12-26 12:00:00 | 00,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2008-12-24 00:05:51 | 00,006,962 | ---- | M] () -- C:\Documents and Settings\username.company\Application Data\PrimoPDFSet.xml
[2008-12-23 11:41:20 | 00,001,730 | -H-- | M] () -- C:\Documents and Settings\username\My Documents\Default.rdp
[2008-12-23 00:35:01 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\leharuvu
[2008-12-22 10:27:49 | 00,031,232 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\83Ilx6T3.dl_
[2008-12-16 11:36:47 | 00,990,916 | ---- | M] () -- C:\Documents and Settings\username.company\Desktop\Pages from CastleNorthQR.pdf
[2008-12-15 17:24:26 | 00,435,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-12-07 22:48:43 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-12-03 22:12:19 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2008-12-03 22:12:19 | 00,000,211 | ---- | M] () -- C:\Boot.bak
< End of report >






-----------------------------EXTRAS.TXT LOG--------------------------------





OTViewIt Extras logfile created on: 2008-12-29 16:16:30 - Run 2
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\username.company\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.26 Gb Total Space | 49.21 Gb Free Space | 46.75% Space Free | Partition Type: NTFS
Drive D: | 127.51 Gb Total Space | 43.53 Gb Free Space | 34.14% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRECISION_M4400
Current User Name: username
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008-04-14 06:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\WINDOWS\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program
[2006-10-27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008-10-16 07:14:10 | 07,024,640 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
[2008-10-04 14:06:40 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007-01-16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service
[2007-01-16 21:27:58 | 00,407,632 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor
[2007-01-16 21:28:02 | 00,358,480 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-14 06:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-10-04 14:06:40 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008-10-01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
[2006-10-27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook
[2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000
[2008-11-07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008-11-07 14:31:38 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}"=CorelDRAW Graphics Suite X3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}"=Roxio Creator Tools
"{041F04B1-F985-44E8-A070-C3EB1A39369F}"=Dell ControlPoint Connection Manager
"{066D25F6-8B8B-433C-88B4-EDF41D604E7E}"=Broadcom USH Host Components
"{07159635-9DFE-4105-BFC0-2817DB540C68}"=Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}"=Wave Support Software
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AACEBB2-1E1A-4774-9EC7-13EB8B1EC005}"=Geosoft Extensions for ArcGIS
"{0D397393-9B50-4C52-84D5-77E344289F87}"=Roxio Creator Data
"{107558C8-458B-45EA-A0FE-7CC10D687DB6}"=CA eTrustITM Agent
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}"=Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}"=All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}"=Intel® Network Connections 13.0.42.0
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}"=MediaJoin
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}"=tsp patch
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{309AFCC1-C343-40A0-B23A-568073036409}"=MapInfo Professional 8.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}"=EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}"=FontNav
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}"=ArcGIS Desktop
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{52D299D8-F84E-497E-B4A4-D8F02782BFAA}"=Dell ControlPoint System Manager
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{558B86E5-CFAC-447C-99EE-5BB1C068706D}"=NTRU TCG Software Stack
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}"=Adobe Media Player
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}"=Intel® PRO Alerting Agent
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}"=Adobe Creative Suite 3 Master Collection
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}"=CorelDRAW Graphics Suite X3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}"=Wave Infrastructure Installer
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{83FFCFC7-88C6-41C6-8752-958A45325C82}"=Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{847501DF-07C0-4691-B04A-893929F108AE}"=CA iTechnology iGateway
"{84814E6B-2581-46EC-926A-823BD1C670F6}"=WIDCOMM Bluetooth Software
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9593C6E5-205E-45C3-B785-05CF146CA76A}"=biolsp patch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}"=Google SketchUp 6
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}"=Adobe Setup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}"=Visual Basic for Applications ® Core - English
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}"=Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}"=BioAPI Framework
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}"=Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4CCABB9-4A07-49D1-A39A-7495FCB0BABA}"=Geosoft Oasis montaj Viewer
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BEF106F8-2689-4530-925A-E1117836E8CD}"=Google SketchUp 7
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}"=VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DB93FA95-5F66-4F63-A0DA-7FF0E040804D}"=ER Mapper ArcMap ECW Jpeg 2000 Plug-in
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E46014D3-25A8-4ACD-94D7-490CB8122A61}"=ER Mapper ArcMap ECW Jpeg 2000 Plug-in
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}"=Gemalto
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}"=Update Manager
"{F6E54214-ECCD-4CCA-BACC-C5213F948240}"=Geosoft Plug-In for ArcGIS
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}"=Visual Basic for Applications ® Core
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}"=Folder Size for Windows
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}"=Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3"=Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8 Professional
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 6.0"=Adobe Photoshop 6.0
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_8bb24e071e5922899698c2105557bd2"=Add or Remove Adobe Creative Suite 3 Master Collection
"ArcGIS Desktop"=ArcGIS Desktop
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card Utility
"Celestia_is1"=Celestia 1.5.1
"CobBackup9"=Cobian Backup 9
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Encom Discover 8.0"=Encom Discover 8.0
"FileZilla Client"=FileZilla Client 3.1.4.1
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"ImgBurn"=ImgBurn
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}"=Wave Support Software
"Mavis Beacon Teaches Typing 16"=Mavis Beacon Teaches Typing 16
"MediaJoin"=MediaJoin
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"numpy-py2.5"=Python 2.5 numpy-1.0.3
"NVIDIA Drivers"=NVIDIA Drivers
"OpenVPN"=OpenVPN 2.0.9-gui-1.0.3
"PrimoPDF4.1.0.9"=PrimoPDF
"PROPLUS"=Microsoft Office Professional Plus 2007
"Python 2.5 numpy-1.0.3"=Python 2.5 numpy-1.0.3
"Python 2.5.1"=Python 2.5.1
"Sam Spade version 1.14_is1"=Sam Spade version 1.14
"VLC media player"=VLC media player 0.9.2
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format Runtime
"WinRAR archiver"=WinRAR archiver
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-12-29 10:36:01 | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

Error - 2008-12-29 14:04:52 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-29 14:04:53 | Computer Name = PRECISION_M4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2008-12-29 14:07:03 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-29 14:07:06 | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

Error - 2008-12-29 16:09:05 | Computer Name = PRECISION_M4400 | Source = FolderSize | ID = 0
Description =

Error - 2008-12-29 18:08:04 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-29 18:08:06 | Computer Name = PRECISION_M4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2008-12-29 18:10:17 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-29 18:10:21 | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

[ System Events ]
Error - 2008-12-29 17:00:00 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 2008-12-29 17:00:00 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At40.job command failed to start due to the following error: %%2147942402

Error - 2008-12-29 17:15:21 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2008-12-29 17:44:48 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 2008-12-29 18:00:00 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At17.job command failed to start due to the following error: %%2147942402

Error - 2008-12-29 18:00:00 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At41.job command failed to start due to the following error: %%2147942402

Error - 2008-12-29 18:06:34 | Computer Name = PRECISION_M4400 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain company due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-12-29 18:08:04 | Computer Name = PRECISION_M4400 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain company due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-12-29 18:08:13 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2008-12-29 18:08:13 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.


< End of report >

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 29 December 2008 - 09:19 PM

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    File::
    c:\windows\system32\83Ilx6T3.dl_
    c:\windows\system32\metefovu.dll
    c:\windows\Tasks\At1.job
    c:\windows\Tasks\At10.job
    c:\windows\Tasks\At11.job
    c:\windows\Tasks\At12.job
    c:\windows\Tasks\At13.job
    c:\windows\Tasks\At14.job
    c:\windows\Tasks\At15.job
    c:\windows\Tasks\At16.job
    c:\windows\Tasks\At17.job
    c:\windows\Tasks\At18.job
    c:\windows\Tasks\At19.job
    c:\windows\Tasks\At2.job
    c:\windows\Tasks\At20.job
    c:\windows\Tasks\At21.job
    c:\windows\Tasks\At22.job
    c:\windows\Tasks\At23.job
    c:\windows\Tasks\At24.job
    c:\windows\Tasks\At25.job
    c:\windows\Tasks\At26.job
    c:\windows\Tasks\At27.job
    c:\windows\Tasks\At28.job
    c:\windows\Tasks\At29.job
    c:\windows\Tasks\At3.job
    c:\windows\Tasks\At30.job
    c:\windows\Tasks\At31.job
    c:\windows\Tasks\At32.job
    c:\windows\Tasks\At33.job
    c:\windows\Tasks\At34.job
    c:\windows\Tasks\At35.job
    c:\windows\Tasks\At36.job
    c:\windows\Tasks\At37.job
    c:\windows\Tasks\At38.job
    c:\windows\Tasks\At39.job
    c:\windows\Tasks\At4.job
    c:\windows\Tasks\At40.job
    c:\windows\Tasks\At41.job
    c:\windows\Tasks\At42.job
    c:\windows\Tasks\At43.job
    c:\windows\Tasks\At44.job
    c:\windows\Tasks\At45.job
    c:\windows\Tasks\At46.job
    c:\windows\Tasks\At47.job
    c:\windows\Tasks\At48.job
    c:\windows\Tasks\At5.job
    c:\windows\Tasks\At6.job
    c:\windows\Tasks\At7.job
    c:\windows\Tasks\At8.job
    c:\windows\Tasks\At9.job
    c:\windows\system32\7I6bMX0N.exe 
    c:\windows\system32\26Gjv0R6.exe
    
    Dirlook::
    C:\WINDOWS\System32\leharuvu
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=""
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)
    Posted Image
    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Please post back with:
-Combofix log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 astronaut

astronaut
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:46 PM

Posted 31 December 2008 - 05:25 PM

Thanks EB, Happy New Years!

Here's my Combofix log and updates OTViewIt logs:


---------------------Combofix Log------------------------


ComboFix 08-12-30.02 - mlintott 2008-12-31 15:46:59.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.3000 [GMT -6:00]
Running from: c:\documents and settings\mlintott.TITANURANIUM\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\mlintott.TITANURANIUM\Desktop\CFScript.txt
AV: eTrust ITM *On-access scanning enabled* (Outdated)
* Created a new restore point

FILE ::
c:\windows\system32\26Gjv0R6.exe
c:\windows\system32\7I6bMX0N.exe
c:\windows\system32\83Ilx6T3.dl_
c:\windows\system32\metefovu.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\83Ilx6T3.dl_
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At25.job
c:\windows\Tasks\At26.job
c:\windows\Tasks\At27.job
c:\windows\Tasks\At28.job
c:\windows\Tasks\At29.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At30.job
c:\windows\Tasks\At31.job
c:\windows\Tasks\At32.job
c:\windows\Tasks\At33.job
c:\windows\Tasks\At34.job
c:\windows\Tasks\At35.job
c:\windows\Tasks\At36.job
c:\windows\Tasks\At37.job
c:\windows\Tasks\At38.job
c:\windows\Tasks\At39.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At40.job
c:\windows\Tasks\At41.job
c:\windows\Tasks\At42.job
c:\windows\Tasks\At43.job
c:\windows\Tasks\At44.job
c:\windows\Tasks\At45.job
c:\windows\Tasks\At46.job
c:\windows\Tasks\At47.job
c:\windows\Tasks\At48.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job

.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-31 )))))))))))))))))))))))))))))))
.

2008-12-29 19:42 . 2008-12-29 19:42 <DIR> d-------- c:\program files\Render Plus Systems
2008-12-29 19:42 . 2002-01-05 05:48 974,848 --a------ c:\windows\system32\mfc70.dll
2008-12-29 19:42 . 2002-12-04 09:57 651,264 --a------ c:\windows\system32\libeay32.dll
2008-12-29 19:42 . 2002-01-05 03:40 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-12-29 19:42 . 2002-12-04 09:57 147,456 --a------ c:\windows\system32\ssleay32.dll
2008-12-29 19:42 . 2002-01-05 04:38 54,784 --a------ c:\windows\system32\msvci70.dll
2008-12-23 09:23 . 2008-12-23 10:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\CA-SupportBridge
2008-12-23 08:32 . 2008-12-23 08:32 <DIR> d-------- c:\program files\CA
2008-12-19 19:16 . 2008-12-20 16:10 <DIR> d-------- c:\documents and settings\mlintott.TITANURANIUM\Application Data\Teleca
2008-12-19 19:16 . 2007-04-24 11:33 108,680 -ra------ c:\windows\system32\drivers\s125mdm.sys
2008-12-19 19:16 . 2007-04-24 11:33 100,488 -ra------ c:\windows\system32\drivers\s125mgmt.sys
2008-12-19 19:16 . 2007-04-24 11:33 98,696 -ra------ c:\windows\system32\drivers\s125obex.sys
2008-12-19 19:16 . 2007-04-24 11:33 83,336 -ra------ c:\windows\system32\drivers\s125bus.sys
2008-12-19 19:16 . 2007-04-24 11:33 15,112 -ra------ c:\windows\system32\drivers\s125mdfl.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125whnt.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125wh.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125cmnt.sys
2008-12-19 19:16 . 2007-04-24 11:33 12,424 -ra------ c:\windows\system32\drivers\s125cm.sys
2008-12-19 19:15 . 2008-12-19 19:15 <DIR> d-------- c:\documents and settings\mlintott.TITANURANIUM\Application Data\Sony Ericsson
2008-12-19 19:14 . 2008-12-20 16:09 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2008-12-16 18:17 . 2008-12-16 18:17 <DIR> d-------- C:\rsit
2008-12-15 09:15 . 2008-12-15 09:15 <DIR> d-------- c:\program files\Trend Micro
2008-12-14 23:10 . 2008-12-14 23:10 <DIR> d-------- c:\program files\Lavasoft
2008-12-14 23:10 . 2008-12-14 23:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-14 23:09 . 2008-12-14 23:09 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-14 22:12 . 2008-12-14 23:34 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-14 22:12 . 2008-12-14 23:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 22:48 . 2008-12-08 08:08 <DIR> d-------- c:\documents and settings\mlintott.TITANURANIUM\Application Data\skypePM
2008-12-07 22:48 . 2008-12-07 22:48 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-12-07 22:45 . 2008-12-07 22:45 <DIR> d-------- c:\program files\Skype
2008-12-07 22:45 . 2008-12-07 22:45 <DIR> d-------- c:\program files\Common Files\Skype
2008-12-07 22:45 . 2008-12-08 11:59 <DIR> d-------- c:\documents and settings\mlintott.TITANURANIUM\Application Data\Skype
2008-12-07 22:45 . 2008-12-07 22:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-12-07 20:10 . 2008-04-14 00:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-12-07 20:10 . 2008-04-14 00:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-28 08:44 . 2008-11-28 09:45 <DIR> d-------- c:\documents and settings\mlintott.TITANURANIUM\Application Data\ImgBurn
2008-11-28 08:42 . 2008-11-28 08:43 <DIR> d-------- c:\program files\ImgBurn
2008-11-17 08:45 . 2008-11-17 08:45 <DIR> d-------- c:\program files\gpsbabel-1.3.6
2008-11-13 11:40 . 2008-11-13 11:40 15,729,152 --a------ c:\windows\18.tmp.msp
2008-11-13 11:40 . 2008-11-13 11:40 0 --a------ c:\windows\18.tmp
2008-11-13 11:34 . 2008-11-13 11:34 98,502,144 --a------ c:\windows\1.tmp.msi
2008-11-13 09:46 . 2008-11-13 09:46 264 --a------ C:\Offline.geosoft_license
2008-11-13 07:40 . 2008-11-13 07:41 36,839,424 --a------ c:\windows\98.tmp.msi
2008-11-13 07:40 . 2008-11-13 07:40 0 --a------ c:\windows\98.tmp
2008-11-12 18:47 . 2008-11-12 18:46 312 --a------ C:\ArcGIS_Transfer.geosoft_license
2008-11-12 13:35 . 2008-11-12 13:35 <DIR> d-------- c:\program files\HawthsTools
2008-11-12 10:32 . 2008-11-12 10:33 98,502,144 --a------ c:\windows\BF.tmp.msi
2008-11-12 10:32 . 2008-11-12 10:32 0 --a------ c:\windows\BF.tmp
2008-11-11 13:42 . 2000-06-01 02:00 61,440 --a------ c:\windows\system32\tsccvid.dll
2008-11-08 14:56 . 2008-11-08 14:56 <DIR> d-------- c:\program files\Blighty Design
2008-11-04 20:47 . 2008-11-04 20:47 <DIR> d-------- c:\windows\Internet Logs
2008-11-04 20:47 . 2008-11-04 20:47 <DIR> d-------- c:\program files\Zone Labs
2008-11-04 11:44 . 2008-11-04 11:44 <DIR> d--h----- c:\windows\system32\GroupPolicy
2008-11-03 11:11 . 2008-11-03 11:11 <DIR> d-------- c:\windows\system32\Debug

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 01:42 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-29 21:53 --------- d-----w c:\program files\Google
2008-12-25 07:17 --------- d-----w c:\documents and settings\mlintott.TITANURANIUM\Application Data\dvdcss
2008-12-24 06:40 --------- d-----w c:\documents and settings\mlintott.TITANURANIUM\Application Data\uTorrent
2008-12-15 21:26 --------- d-----w c:\program files\Microsoft Games
2008-12-12 18:52 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-12 17:22 --------- d-----w c:\documents and settings\mlintott.TITANURANIUM\Application Data\FileZilla
2008-12-09 16:44 --------- d-----w c:\documents and settings\mlintott.TITANURANIUM\Application Data\U3
2008-11-24 19:16 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-01 01:24 --------- d-----w c:\program files\MSXML 4.0
2008-10-29 19:45 --------- d-----w c:\program files\Earth Resource Mapping
2008-10-29 02:49 --------- d-----w c:\program files\Common Files\Adobe
2008-10-28 21:21 --------- d-----w c:\program files\FolderSize
2004-03-11 19:27 40,960 ----a-w c:\program files\Uninstall_CDS.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\windows\System32\leharuvu ----

c:\windows\System32\leharuvu\


((((((((((((((((((((((((((((( snapshot@2008-12-29_16.14.25.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-29 19:41:19 251,596 ----a-w c:\windows\system32\nvModes.dat
+ 2008-12-30 02:08:11 251,596 ----a-w c:\windows\system32\nvModes.dat
- 2008-12-29 18:09:07 74,296 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-31 21:55:57 74,296 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-29 18:09:07 447,700 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-31 21:55:57 447,700 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-01 196608]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-29 442467]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-06-29 466944]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-07 13537280]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-07 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-06-18 2220032]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"nwiz"="nwiz.exe" [2008-08-07 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-08-07 c:\windows\system32\nvhotkey.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1139346280-1970192546-2495151335-1193\Scripts\Logon\0\0]
"Script"=geoserver drive mapping.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2006-10-22 23:24 620152 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ChangeTPMAuth]
--a------ 2008-05-30 08:37 180224 c:\program files\Wave Systems Corp\Common\ChangeTPMAuth.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellConnectionManager]
--a------ 2008-08-25 11:01 1486848 c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellControlPoint]
--a------ 2008-05-30 02:29 593920 c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 18:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
--------- 2008-02-26 09:57 128296 c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2008-04-14 06:00 143360 c:\windows\system32\mobsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 ASFAgent;ASF Agent;c:\program files\Intel\ASF Agent\ASFAgent.exe [4/19/2007 4:56:36 AM 133968]
R2 buttonsvc32;Dell ControlPoint Button Service;"c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe" [6/3/2008 2:28:50 PM 386328]
R2 Credential Vault Host Storage;Credential Vault Host Storage;"c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe" [7/31/2008 8:41:50 PM 21352]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;"c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe" [8/18/2008 9:39:28 AM 455960]
R2 SMManager;Smith Micro Connection Manager Service;"c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe" [8/25/2008 11:04:18 AM 69632]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [9/24/2008 1:05:33 AM 108160]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\Drivers\cvusbdrv.sys [9/24/2008 1:07:48 AM 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y5132.sys [9/24/2008 1:05:41 AM 244368]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\DRIVERS\tap0801.sys [10/1/2006 6:37:02 AM 26624]
S3 Credential Vault Host Control Service;Credential Vault Host Control Service;"c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe" [7/31/2008 8:41:50 PM 808296]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);c:\windows\system32\DRIVERS\s125bus.sys [12/19/2008 7:16:05 PM 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s125mdfl.sys [12/19/2008 7:16:06 PM 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s125mdm.sys [12/19/2008 7:16:06 PM 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s125mgmt.sys [12/19/2008 7:16:12 PM 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s125obex.sys [12/19/2008 7:16:12 PM 98696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{99C6D1BB-7555-474C-91DA-D8FB62A9CC75} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Connection Wizard,ShellNext = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\documents and settings\mlintott.TITANURANIUM\Application Data\Mozilla\Firefox\Profiles\ma8e7x9z.default\
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 16:00:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1192)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\drivers\audio\R190031\stacsv.exe
c:\windows\system32\scardsvr.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\CA\SharedComponents\iTechnology\igateway.exe
c:\program files\CA\eTrustITM\InoRpc.exe
c:\program files\CA\eTrustITM\InoRT.exe
c:\program files\CA\eTrustITM\InoTask.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-31 16:04:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-31 22:03:51
ComboFix2.txt 2008-12-29 22:14:46

Pre-Run: 52,418,211,840 bytes free
Post-Run: 52,417,589,248 bytes free

353







---------------------OTViewIt log------------------------






OTViewIt logfile created on: 2008-12-31 16:18:18 - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\username.company\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.26 Gb Total Space | 48.83 Gb Free Space | 46.39% Space Free | Partition Type: NTFS
Drive D: | 127.51 Gb Total Space | 43.50 Gb Free Space | 34.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRECISION_M4400
Current User Name: username
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2008-06-18 19:20:08 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE
[2008-06-18 19:19:30 | 01,961,984 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\BCMWLTRY.EXE
[2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
[2008-06-29 18:57:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe
[2008-07-31 20:41:50 | 00,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
[2008-08-25 11:04:18 | 00,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
[2008-04-14 06:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
[2007-04-19 04:56:36 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe
[2008-06-03 14:28:50 | 00,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
[2008-08-18 09:39:28 | 00,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
[2007-11-14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
[2008-06-15 05:12:20 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
[2007-02-05 07:57:24 | 00,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
[2007-01-16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe
[2007-01-16 21:27:36 | 00,215,120 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe
[2008-12-23 08:49:32 | 00,386,888 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe
[2008-08-07 16:06:08 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
[2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
[2008-04-14 06:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe
[2008-08-15 07:51:34 | 00,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
[2008-04-14 06:00:00 | 00,111,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe
[2008-07-01 15:22:18 | 00,196,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
[2008-06-29 18:57:30 | 00,442,467 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
[2008-07-01 15:22:16 | 00,046,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
[2008-06-29 18:57:18 | 00,466,944 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
[2008-07-01 15:22:34 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
[2008-07-01 15:22:16 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
[2008-04-14 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008-04-14 06:00:00 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rundll32.exe
[2008-06-15 05:12:18 | 00,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
[2008-06-18 19:20:06 | 02,220,032 | ---- | M] (Dell Inc.) -- C:\WINDOWS\system32\WLTRAY.EXE
[2005-08-18 02:55:00 | 00,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe
[2006-09-11 03:40:32 | 00,218,032 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2008-04-14 06:00:00 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe
[2008-12-27 00:15:06 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe

========== (O23) Win32 Services ==========

[2008-09-10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
[2008-10-01 13:06:14 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [On_Demand | Stopped])
[2007-04-19 04:56:36 | 00,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent [Auto | Running])
[2007-10-24 00:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [On_Demand | Stopped])
[2008-08-15 07:51:34 | 00,342,624 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins [On_Demand | Stopped])
[2008-06-03 14:28:50 | 00,386,328 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32 [Auto | Running])
[2007-10-24 00:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008-07-31 20:41:50 | 00,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service [On_Demand | Stopped])
[2008-07-31 20:41:50 | 00,021,352 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage [Auto | Running])
[2008-08-18 09:39:28 | 00,455,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc [Auto | Running])
[2008-10-10 15:40:51 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
[2007-11-14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize [Auto | Running])
[2006-10-21 03:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2008-10-05 00:42:52 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Disabled | Stopped])
[2008-06-15 05:12:20 | 00,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON [Auto | Running])
[2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006-10-30 09:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
[2007-02-05 07:57:24 | 00,106,496 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe -- (iGateway [Auto | Running])
[2007-01-16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe -- (InoRPC [Auto | Running])
[2007-01-16 21:27:36 | 00,215,120 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRT.exe -- (InoRT [Auto | Running])
[2008-12-23 08:49:32 | 00,386,888 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoTask.exe -- (InoTask [Auto | Running])
[2008-10-01 18:57:00 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
[2006-10-30 09:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2008-08-07 16:06:08 | 00,159,812 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
[2006-10-26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006-10-01 06:37:42 | 00,016,384 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService [On_Demand | Stopped])
[2006-10-26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008-04-25 14:45:40 | 00,638,976 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped])
[2008-08-25 11:04:18 | 00,069,632 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager [Auto | Running])
[2008-06-29 18:57:24 | 00,221,273 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R190031\stacsv.exe -- (STacSV [Auto | Running])
[2007-07-11 08:33:28 | 00,069,632 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
[2008-03-10 14:48:48 | 01,249,280 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Stopped])
[2005-01-28 13:44:28 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
[2008-06-18 19:20:08 | 00,024,064 | ---- | M] () -- C:\WINDOWS\system32\WLTRYSVC.EXE -- (wltrysvc [Auto | Running])

========== Driver Services ==========

[2008-06-29 18:57:16 | 00,108,160 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud [On_Demand | Running])
[2001-08-17 19:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped])
[2008-04-14 06:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\AMDAGP.SYS -- (amdagp [Disabled | Stopped])
[2008-07-01 15:22:14 | 00,170,032 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
[2001-08-17 19:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped])
[2001-08-17 19:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped])
[2008-06-18 19:19:50 | 01,287,552 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX [On_Demand | Running])
[2008-08-18 10:01:14 | 00,991,016 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [On_Demand | Running])
[2008-08-18 09:37:14 | 00,047,272 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
[2001-08-17 19:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped])
[2008-07-31 20:39:26 | 00,032,808 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv [On_Demand | Running])
[2001-08-17 19:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
[2007-07-23 14:04:58 | 00,037,360 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
[2007-07-23 14:04:52 | 00,032,848 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
[2007-07-23 13:49:44 | 00,014,576 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM [Boot | Running])
[2007-07-23 14:05:20 | 00,009,104 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM [Auto | Running])
[2007-07-23 14:04:50 | 00,108,752 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
[2007-07-23 14:04:54 | 00,027,216 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
[2007-07-23 14:04:52 | 00,016,304 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
[2007-07-23 13:49:44 | 00,030,064 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
[2007-07-23 14:04:56 | 00,093,552 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
[2007-07-23 14:04:56 | 00,098,448 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
[2007-07-23 13:55:44 | 00,099,808 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
[2007-07-23 13:43:42 | 00,052,000 | ---- | M] (Roxio) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
[2008-06-30 16:47:30 | 00,244,368 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress [On_Demand | Running])
[2008-04-17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
[2008-04-14 06:00:00 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running])
[2008-08-07 18:55:42 | 00,318,488 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
[2007-08-06 22:07:02 | 00,027,536 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\drivers\ino_flpy.sys -- (INO_FLPY [Boot | Running])
[2007-10-18 21:14:32 | 00,184,080 | ---- | M] (Computer Associates) -- C:\WINDOWS\system32\drivers\ino_fltr.sys -- (INO_FLTR [Auto | Running])
[2008-04-14 06:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running])
[2001-08-17 19:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped])
[2008-02-20 20:19:56 | 00,030,816 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL [On_Demand | Stopped])
[2008-08-07 16:05:32 | 06,591,872 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Running])
[2008-06-04 13:14:00 | 00,026,608 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV [Boot | Running])
[2003-12-05 03:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc [On_Demand | Running])
[2008-04-14 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])
[2007-07-26 02:00:00 | 00,043,872 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running])
[2001-08-17 19:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped])
[2001-08-17 19:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped])
[2001-08-17 19:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped])
[2008-07-01 15:12:18 | 00,039,936 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])
[2007-04-24 11:33:34 | 00,083,336 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125bus.sys -- (s125bus [On_Demand | Stopped])
[2007-04-24 11:33:42 | 00,015,112 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mdfl.sys -- (s125mdfl [On_Demand | Stopped])
[2007-04-24 11:33:44 | 00,108,680 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mdm.sys -- (s125mdm [On_Demand | Stopped])
[2007-04-24 11:33:46 | 00,100,488 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125mgmt.sys -- (s125mgmt [On_Demand | Stopped])
[2007-04-24 11:33:46 | 00,098,696 | R--- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\s125obex.sys -- (s125obex [On_Demand | Stopped])
[2008-04-14 06:00:00 | 00,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])
[2008-04-14 06:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])
[2008-04-14 06:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\SISAGP.SYS -- (sisagp [Disabled | Stopped])
[2001-08-17 20:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped])
[2008-10-15 22:50:16 | 00,717,296 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running])
[2008-06-29 18:57:26 | 01,381,914 | ---- | M] (IDT, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
[2001-08-17 20:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped])
[2001-08-17 20:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped])
[2001-08-17 20:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped])
[2001-08-17 20:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
[2006-10-01 06:37:02 | 00,026,624 | ---- | M] (The OpenVPN Project) -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801 [On_Demand | Running])
[2001-08-17 19:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped])
[2008-07-22 15:27:04 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID [On_Demand | Running])
[2006-11-02 13:22:54 | 00,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys -- (Wdf01000 [On_Demand | Running])
[2008-04-14 06:06:40 | 00,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmiacpi.sys -- (WmiAcpi [System | Running])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
"CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
"Start Page"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\WINDOWS\system32\blank.htm
"Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
"Start Page"=http://www.google.ca/ig/dell?hl=en&client=dell-row-rel&channel=ca&ibd=4080924

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\SearchURL]
"provider"=gogl

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0
"ProxyOverride" = *.local

========== (O1) Hosts File ==========

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
{AE7CD045-E861-484f-8273-0445EE161910} (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" (HKLM) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AESTFltr"=%SystemRoot%\system32\AESTFltr.exe /NoDlg (Andrea Electronics Corporation)
"Apoint"=C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe (Dell Inc.)
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
"NVHotkey"=rundll32.exe nvHotkey.dll,Start (NVIDIA Corporation)
"NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
"nwiz"=nwiz.exe /installquiet ()
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
"SysTrayApp"=%ProgramFiles%\IDT\WDM\sttray.exe (IDT, Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler (Macrovision Corporation)
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)

========== (O4) Startup Folders ==========


========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoWelcomeScreen"=1
"NoCDBurning"=0
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"DisableRegistryTools"=0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145
"NoDriveAutoRun"=67108863

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=145

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006-10-27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007-09-20 10:53:26 | 00,002,773 | ---- | M] ()
Send To Bluetooth: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert link target to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selected links to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert selection to existing PDF: Reg Error: Key does not exist or could not be opened. File not found
Convert to Adobe PDF: Reg Error: Key does not exist or could not be opened. File not found

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\Software\Microsoft\Internet Explorer\MenuExt\]
Append to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF: C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 23:20:26 | 00,321,120 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel: C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [2006-10-27 15:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
Send to &Bluetooth Device...: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm [2007-09-20 10:53:26 | 00,002,773 | ---- | M] ()
Send To Bluetooth: C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java Console -- %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Button: @btrez.dll,-4015 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()
{CCA281CA-C863-46ef-9331-5C8D4460577F}: Menu: @btrez.dll,-12650 -- %ProgramFiles%\WIDCOMM\Bluetooth Software\btsendto_ie.htm [2008-03-27 16:19:40 | 00,005,601 | ---- | M] ()
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}: Menu: @xpsp3res.dll,-20001 -- %SystemRoot%\Network Diagnostic\xpnetdiag.exe [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_05\bin\npjpi160_05.dll [Sun Java Console] -> [2008-02-22 03:25:19 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.)
CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006-10-26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\{CCA281CA-C863-46ef-9331-5C8D4460577F} [HKLM] -> [@btrez.dll,-4015] -> File not found
CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
CmdMapping\\{e2e2dd38-d088-4134-82b7-f2ba38496583} [HKLM] -> %SystemRoot%\Network Diagnostic\xpnetdiag.exe [@xpsp3res.dll,-20001] -> [2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation)
CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-14 11:42:30 | 01,695,232 | ---- | M] (Microsoft Corporation)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
1 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
localhost: http in Local intranet

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
localhost: http in Local intranet

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened.
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_05
{D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object

========== (O17) DNS Name Servers ==========

{60096A34-E7B6-477D-9DA0-ABAD2306703C} (Servers: | Description: 1394 Net Adapter)
{75B2393D-1CF8-49A2-8E02-652ED49B454A} (Servers: | Description: Dell Wireless 1397 WLAN Mini-Card)
{B05B9036-D467-410C-934C-D3D0909B5BD7} (Servers: | Description: Intel® 82567LM Gigabit Network Connection)
{FB8FCB58-C739-49F3-8672-630FD9E89B89} (Servers: | Description: )

========== (O19) User Style Sheets ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles]

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages"=msv1_0,wvauth,
>[2008-06-13 10:16:16 | 00,991,232 | ---- | M] (Wave Systems Corp.) -- C:\WINDOWS\system32\wvauth.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[2008-04-25 15:29:32 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell]
""=AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell\AutoRun]
""=Auto&Play


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{253d32d0-8f18-11dd-b091-00225f15dad7}\Shell\AutoRun\command]
""=G:\LaunchU3.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[7 C:\WINDOWS\*.tmp files]
[2008-12-31 15:41:31 | 00,000,000 | ---D | C] -- C:\ComboFix
[2008-12-30 13:05:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Desktop\recent sales asked Dave about
[2008-12-29 19:44:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username\My Documents\IRender
[2008-12-29 19:42:47 | 00,974,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc70.dll
[2008-12-29 19:42:47 | 00,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2008-12-29 19:42:47 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008-12-29 19:42:47 | 00,054,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvci70.dll
[2008-12-29 19:42:44 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008-12-29 19:42:22 | 00,000,000 | ---D | C] -- C:\Program Files\Render Plus Systems
[2008-12-29 16:01:24 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2008-12-29 16:01:22 | 00,260,272 | ---- | C] () -- C:\cmldr
[2008-12-29 16:01:16 | 00,000,000 | ---D | C] -- C:\cmdcons
[2008-12-29 15:57:49 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2008-12-29 15:57:49 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2008-12-29 15:57:49 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2008-12-29 15:57:49 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2008-12-29 15:57:49 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe
[2008-12-29 15:57:49 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2008-12-29 15:57:49 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008-12-29 15:57:49 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe
[2008-12-29 15:57:49 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008-12-29 15:56:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2008-12-29 15:56:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2008-12-28 00:56:03 | 02,888,154 | R--- | C] () -- C:\Documents and Settings\username.company\Desktop\ComboFix.exe
[2008-12-27 00:15:05 | 00,423,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe
[2008-12-26 21:54:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Desktop\misc
[2008-12-23 09:23:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CA-SupportBridge
[2008-12-23 08:32:27 | 00,000,000 | ---D | C] -- C:\Program Files\CA
[2008-12-19 19:16:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Teleca
[2008-12-19 19:16:12 | 00,100,488 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mgmt.sys
[2008-12-19 19:16:12 | 00,098,696 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125obex.sys
[2008-12-19 19:16:06 | 00,108,680 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mdm.sys
[2008-12-19 19:16:06 | 00,015,112 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125mdfl.sys
[2008-12-19 19:16:06 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125cmnt.sys
[2008-12-19 19:16:06 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125cm.sys
[2008-12-19 19:16:05 | 00,083,336 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125bus.sys
[2008-12-19 19:16:05 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125whnt.sys
[2008-12-19 19:16:05 | 00,012,424 | R--- | C] (MCCI Corporation) -- C:\WINDOWS\System32\drivers\s125wh.sys
[2008-12-19 19:15:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Sony Ericsson
[2008-12-19 19:14:54 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Teleca Shared
[2008-12-16 18:17:07 | 00,000,000 | ---D | C] -- C:\rsit
[2008-12-16 11:36:46 | 00,990,916 | ---- | C] () -- C:\Documents and Settings\username.company\Desktop\Pages from CastleNorthQR.pdf
[2008-12-15 09:17:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Desktop\scanners
[2008-12-15 09:15:42 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2008-12-14 23:10:57 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2008-12-14 23:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008-12-14 23:09:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2008-12-14 22:12:47 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2008-12-14 22:12:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008-12-07 22:48:43 | 00,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-12-07 22:48:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\skypePM
[2008-12-07 22:45:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\username.company\Application Data\Skype
[2008-12-07 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Skype
[2008-12-07 22:45:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2008-12-07 22:45:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2008-12-07 20:10:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008-12-07 20:10:24 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2008-12-31 16:02:45 | 00,530,256 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008-12-31 16:02:45 | 00,447,700 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008-12-31 16:02:45 | 00,074,296 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008-12-31 16:01:19 | 00,984,909 | ---- | M] () -- C:\WINDOWS\System32\nvwsapps.xml
[2008-12-31 16:01:09 | 00,251,596 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2008-12-31 16:01:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2008-12-31 16:00:43 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2008-12-31 15:51:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2008-12-31 15:51:10 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2008-12-31 15:51:00 | 37,454,23360 | -HS- | M] () -- C:\hiberfil.sys
[2008-12-31 15:41:17 | 02,888,154 | R--- | M] () -- C:\Documents and Settings\username.company\Desktop\ComboFix.exe
[2008-12-29 20:08:11 | 00,251,596 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2008-12-29 16:01:24 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2008-12-28 23:09:16 | 00,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2008-12-28 23:09:14 | 00,070,656 | ---- | M] () -- C:\Documents and Settings\username.company\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-12-27 00:46:02 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2008-12-27 00:15:06 | 00,423,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\username.company\Desktop\OTViewIt.exe
[2008-12-24 00:05:51 | 00,006,962 | ---- | M] () -- C:\Documents and Settings\username.company\Application Data\PrimoPDFSet.xml
[2008-12-23 11:41:20 | 00,001,730 | -H-- | M] () -- C:\Documents and Settings\username\My Documents\Default.rdp
[2008-12-23 00:35:01 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\leharuvu
[2008-12-16 11:36:47 | 00,990,916 | ---- | M] () -- C:\Documents and Settings\username.company\Desktop\Pages from CastleNorthQR.pdf
[2008-12-15 17:24:26 | 00,435,760 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008-12-07 22:48:43 | 00,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008-12-03 22:12:19 | 00,000,552 | ---- | M] () -- C:\WINDOWS\win.ini
[2008-12-03 22:12:19 | 00,000,211 | ---- | M] () -- C:\Boot.bak
< End of report >





---------------------OTViewIt Extras log------------------------





OTViewIt Extras logfile created on: 2008-12-31 16:18:28 - Run 3
OTViewIt by OldTimer - Version 1.0.20.1 Folder = C:\Documents and Settings\username.company\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 105.26 Gb Total Space | 48.83 Gb Free Space | 46.39% Space Free | Partition Type: NTFS
Drive D: | 127.51 Gb Total Space | 43.50 Gb Free Space | 34.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PRECISION_M4400
Current User Name: username
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days
"MaxScriptStatements"=

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled"=1
"AntiVirusDisableNotify"=0
"FirewallDisableNotify"=0
"UpdatesDisableNotify"=0
"AntiVirusOverride"=0
"FirewallOverride"=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DoNotAllowExceptions"=0
"DisableNotifications"=0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008-04-14 06:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found -- C:\WINDOWS\instsrv.exe:*:Enabled:eTrust Antivirus Remote Installation Program
[2006-10-27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
[2008-10-16 07:14:10 | 07,024,640 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client
[2008-10-04 14:06:40 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2007-01-16 21:27:36 | 00,198,736 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\InoRpc.exe:*:Enabled:eTrust ITM - RPC Service
[2007-01-16 21:27:58 | 00,407,632 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Realmon.exe:*:Enabled:eTrust ITM - Realtime monitor
[2007-01-16 21:28:02 | 00,358,480 | ---- | M] (CA) -- C:\Program Files\CA\eTrustITM\Shellscn.exe:*:Enabled:eTrust ITM - Shell Scanner

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2008-04-14 06:00:00 | 00,141,312 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
[2008-10-04 14:06:40 | 00,267,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
[2008-10-01 18:57:04 | 14,258,472 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2008-08-29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Disabled:Bonjour
[2006-10-27 15:16:48 | 12,813,096 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Disabled:Microsoft Office Outlook
[2008-04-14 06:00:00 | 00,558,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe:*:Disabled:@xpsp3res.dll,-20000
[2008-11-07 14:31:38 | 21,633,320 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] -- C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
ipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
msdaipp: [HKLM - No CLSID value]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers
[2006-10-26 19:49:48 | 01,011,488 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008-11-07 14:31:38 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006-10-26 21:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}"=CorelDRAW Graphics Suite X3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}"=Adobe XMP DVA Panels CS3
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}"=Roxio Creator Tools
"{041F04B1-F985-44E8-A070-C3EB1A39369F}"=Dell ControlPoint Connection Manager
"{066D25F6-8B8B-433C-88B4-EDF41D604E7E}"=Broadcom USH Host Components
"{07159635-9DFE-4105-BFC0-2817DB540C68}"=Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}"=Wave Support Software
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}"=Adobe Bridge Start Meeting
"{0AACEBB2-1E1A-4774-9EC7-13EB8B1EC005}"=Geosoft Extensions for ArcGIS
"{0D397393-9B50-4C52-84D5-77E344289F87}"=Roxio Creator Data
"{107558C8-458B-45EA-A0FE-7CC10D687DB6}"=CA eTrustITM Agent
"{15095BF3-A3D7-4DDF-B193-3A496881E003}"=Microsoft .NET Framework 3.0
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}"=Adobe WinSoft Linguistics Plugin
"{185D0A67-E066-44AE-926D-F6305813301C}"=Adobe After Effects CS3 Presets
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}"=Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}"=Google Earth
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}"=Multimedia Launcher
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}"=All Day Battery Life Configuration
"{2223FC2F-B862-4F83-BC9E-DDF2DADF2859}"=Intel® Network Connections 13.0.42.0
"{232FDC0C-12DE-41F2-9701-27EFCA18BEF9}"=MediaJoin
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}"=tsp patch
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}"=Adobe Stock Photos CS3
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}"=Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Roxio Update Manager
"{309AFCC1-C343-40A0-B23A-568073036409}"=MapInfo Professional 8.0
"{3248F0A8-6813-11D6-A77B-00B0D0160050}"=Java™ 6 Update 5
"{32A72502-BC2C-4C39-ACEA-BC3D463F0697}"=EN
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP
"{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}"=FontNav
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}"=ArcGIS Desktop
"{51846830-E7B2-4218-8968-B77F0FF475B8}"=Adobe Color EU Extra Settings
"{52D299D8-F84E-497E-B4A4-D8F02782BFAA}"=Dell ControlPoint System Manager
"{54793AA1-5001-42F4-ABB6-C364617C6078}"=Adobe Linguistics CS3
"{558B86E5-CFAC-447C-99EE-5BB1C068706D}"=NTRU TCG Software Stack
"{5C74694C-A687-E3EB-FF18-B018D4A76ECD}"=Adobe Media Player
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}"=Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}"=Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}"=PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}"=Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}"=Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}"=Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}"=AHV content for Acrobat and Flash
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}"=Intel® PRO Alerting Agent
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}"=Adobe Asset Services CS3
"{7162AC2C-733F-4127-ACAD-C5F0F27D123D}"=Adobe Creative Suite 3 Master Collection
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}"=MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}"=Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}"=Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}"=Adobe Dreamweaver CS3
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}"=CorelDRAW Graphics Suite X3
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation
"{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}"=Wave Infrastructure Installer
"{802771A9-A856-4A41-ACF7-1450E523C923}"=Adobe XMP Panels CS3
"{83FFCFC7-88C6-41C6-8752-958A45325C82}"=Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}"=Adobe Video Profiles
"{847501DF-07C0-4691-B04A-893929F108AE}"=CA iTechnology iGateway
"{84814E6B-2581-46EC-926A-823BD1C670F6}"=WIDCOMM Bluetooth Software
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}"=Roxio Creator BDAV Plugin
"{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}"=Adobe Flash Player 9 Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}"=Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}"=Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}"=Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}"=QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}"=Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}"=Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}"=Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}"=Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}"=Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}"=Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}"=Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}"=Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}"=Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}"=Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}"=Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}"=Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}"=Intel® Matrix Storage Manager
"{95655ED4-7CA5-46DF-907F-7144877A32E5}"=Adobe Color NA Recommended Settings
"{9593C6E5-205E-45C3-B785-05CF146CA76A}"=biolsp patch
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}"=Apple Mobile Device Support
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}"=Google SketchUp 6
"{9BA4F9C5-7CB4-492C-9B97-89E36AFA0AB9}"=Adobe Setup
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}"=Adobe Bridge CS3
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}"=Dell Touchpad
"{9FE493AC-8DBC-4E29-9D9B-37F8D23CDD8B}"=IRender_nXt
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}"=Visual Basic for Applications ® Core - English
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}"=Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}"=Adobe Color - Photoshop Specific
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}"=Dell Embassy Trust Suite by Wave Systems
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}"=PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}"=Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}"=Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}"=BioAPI Framework
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}"=Adobe Camera Raw 4.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}"=Google SketchUp 6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B4CCABB9-4A07-49D1-A39A-7495FCB0BABA}"=Geosoft Oasis montaj Viewer
"{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}"=Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}"=Adobe BridgeTalk Plugin CS3
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}"=PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}"=DVD Solution
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}"=Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}"=Adobe Extension Manager CS3
"{BEF106F8-2689-4530-925A-E1117836E8CD}"=Google SketchUp 7
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}"=Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}"=Adobe WAS CS3
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}"=Roxio Creator DE
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}"=VBA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}"=Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}"=Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}"=Adobe Color Common Settings
"{DB93FA95-5F66-4F63-A0DA-7FF0E040804D}"=ER Mapper ArcMap ECW Jpeg 2000 Plug-in
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}"=Adobe Color JA Extra Settings
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}"=iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}"=Ad-Aware
"{E46014D3-25A8-4ACD-94D7-490CB8122A61}"=ER Mapper ArcMap ECW Jpeg 2000 Plug-in
"{E69AE897-9E0B-485C-8552-7841F48D42D8}"=Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}"=Adobe InDesign CS3 Icon Handler
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}"=Gemalto
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}"=Update Manager
"{F6E54214-ECCD-4CCA-BACC-C5213F948240}"=Geosoft Plug-In for ArcGIS
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}"=Visual Basic for Applications ® Core
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}"=Folder Size for Windows
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}"=Dell Security Device Driver Pack
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3"=Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe Acrobat 8 Professional"=Adobe Acrobat 8 Professional
"Adobe AIR"=Adobe AIR
"Adobe Flash Player ActiveX"=Adobe Flash Player ActiveX
"Adobe Flash Player Plugin"=Adobe Flash Player Plugin
"Adobe Photoshop 6.0"=Adobe Photoshop 6.0
"Adobe Shockwave Player"=Adobe Shockwave Player 11
"Adobe_8bb24e071e5922899698c2105557bd2"=Add or Remove Adobe Creative Suite 3 Master Collection
"ArcGIS Desktop"=ArcGIS Desktop
"Broadcom 802.11b Network Adapter"=Dell Wireless WLAN Card Utility
"Celestia_is1"=Celestia 1.5.1
"CobBackup9"=Cobian Backup 9
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1"=Acrobat.com
"Encom Discover 8.0"=Encom Discover 8.0
"FileZilla Client"=FileZilla Client 3.1.4.1
"Google Updater"=Google Updater
"HijackThis"=HijackThis 2.0.2
"ImgBurn"=ImgBurn
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}"=Wave Support Software
"Mavis Beacon Teaches Typing 16"=Mavis Beacon Teaches Typing 16
"MediaJoin"=MediaJoin
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0
"Mozilla Firefox (3.0.5)"=Mozilla Firefox (3.0.5)
"Nero - Burning Rom!UninstallKey"=Nero OEM
"numpy-py2.5"=Python 2.5 numpy-1.0.3
"NVIDIA Drivers"=NVIDIA Drivers
"OpenVPN"=OpenVPN 2.0.9-gui-1.0.3
"PrimoPDF4.1.0.9"=PrimoPDF
"PROPLUS"=Microsoft Office Professional Plus 2007
"Python 2.5 numpy-1.0.3"=Python 2.5 numpy-1.0.3
"Python 2.5.1"=Python 2.5.1
"Sam Spade version 1.14_is1"=Sam Spade version 1.14
"VLC media player"=VLC media player 0.9.2
"Wdf01005"=Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp"=Winamp
"Windows Media Format Runtime"=Windows Media Format Runtime
"WinRAR archiver"=WinRAR archiver
"XpsEPSC"=XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1139346280-1970192546-2495151335-1193\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2008-12-30 10:33:45 | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

Error - 2008-12-30 18:30:46 | Computer Name = PRECISION_M4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2008-12-31 10:49:02 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-31 10:49:02 | Computer Name = PRECISION_M4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2008-12-31 10:50:56 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-31 10:51:00 | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

Error - 2008-12-31 17:51:38 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-31 17:51:39 | Computer Name = PRECISION_M4400 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2008-12-31 18:00:33 | Computer Name = PRECISION_M4400 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2008-12-31 18:00:36 | Computer Name = PRECISION_M4400 | Source = UserInit | ID = 1000
Description = Could not execute the following script geoserver drive mapping.bat.
The system cannot find the file specified. .

[ System Events ]
Error - 2008-12-31 16:21:56 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.

Error - 2008-12-31 16:51:56 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 59 minutes. NtpClient has no source of accurate
time.

Error - 2008-12-31 17:00:00 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At16.job command failed to start due to the following error: %%2147942402

Error - 2008-12-31 17:00:00 | Computer Name = PRECISION_M4400 | Source = Schedule | ID = 7901
Description = The At40.job command failed to start due to the following error: %%2147942402

Error - 2008-12-31 17:50:05 | Computer Name = PRECISION_M4400 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain company due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-12-31 17:51:23 | Computer Name = PRECISION_M4400 | Source = Dhcp | ID = 1002
Description = The IP address lease 216.197.169.97 for the Network Card with network
address 00225F15DAD7 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 2008-12-31 17:51:39 | Computer Name = PRECISION_M4400 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain company due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2008-12-31 17:51:48 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2008-12-31 17:51:48 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2008-12-31 18:06:51 | Computer Name = PRECISION_M4400 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 01 January 2009 - 03:02 PM

Hello again.

Log looks good some house work to do and then an online scan making sure everything is okay :thumbsup:

Happy New Years to you too!!

Update Java to Version 6 Update 11

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 11...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe to install the newest version.
Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please disable your realtime protection software before proceeding. Refer to this page if you are unsure how.
  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Please post back with:
-Kaspersky log
-New OTViewIT logs


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 07 January 2009 - 03:35 PM

Hi.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbsup:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 PM

Posted 08 January 2009 - 03:56 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users