DDS (Version 1.1.0) - NTFSx86
Run by user at 21:32:21.98 on 2008-12-27
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1023.289 [GMT -8:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lvcomsx.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TextPad 4\TextPad.exe
C:\Program Files\Outlook Express\msimn.exe
E:\Bill\downloads\ComboFix\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = proxy.library.ubc.ca:8000
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {99567d8b-320a-4262-bf6a-12d89eb28989} - No File
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [REGSHAVE] "c:\program files\regshave\REGSHAVE.EXE" /AUTORUN
mRun: [Ptipbmf] "rundll32.exe" ptipbmf.dll,SetWriteCacheMode
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [nwiz] nwiz.exe /install
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [LogitechVideo[inspector]] "c:\program files\logitech\video\InstallHelper.exe" /inspect
mRun: [LogitechCameraAssistant] "c:\program files\logitech\video\CameraAssistant.exe"
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [IntelliType] "c:\program files\microsoft hardware\keyboard\type32.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [CTHelper] CTHELPER.EXE
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08c5 -f video -m logitech -d 10.5.1.2023
StartupFolder: c:\docume~1\user\startm~1\programs\startup\taskmgr.lnk - c:\windows\system32\taskmgr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\3m4y1xwp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\program files\mozilla firefox\\components\jar50.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\mozilla firefox\\greprefs\all.js - pref("general.useragent.contentlocale", "chrome://navigator-region/locale/region.properties");
c:\program files\mozilla firefox\\greprefs\all.js - pref("backups.number_of_prefs_copies", 1);
c:\program files\mozilla firefox\\greprefs\all.js - pref("accessibility.typeaheadfind.soundURL", "default");
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.tabs.loadInBackground", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.middleclick", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.urlbar", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.windowopen", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.tabs.opentabfor.bookmarks", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.tabs.loadGroup", 1);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.tabs.loadOnNewTab", 0);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.windows.loadOnNewWindow", 1);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.link.open_external", 1);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.link.open_newwindow", 2);
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.link.open_newwindow.ui", 3); // prefs UI version
c:\program files\mozilla firefox\\greprefs\all.js - pref("browser.link.open_newwindow.restriction", 0); // values from GlobalWindow
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.close.get", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.HTMLDocument.open.get", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Location.reload.get", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.closed", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.Components", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.document", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.frames", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.history", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.length", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.opener", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.parent", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.self", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.top", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.default.Window.window", "allAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromString", "noAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("capability.policy.mailnews.DOMParser,parseFromStream", "noAccess");
c:\program files\mozilla firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.resizable", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("dom.disable_window_open_feature.status", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("advanced.always_load_images", true);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.protocol-handler.external.help", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.http.max-connections", 24);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.http.max-connections-per-server", 8);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-server", 2);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.http.max-persistent-connections-per-proxy", 4);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.http.connect.timeout", 30); // in seconds
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.http.request.timeout", 120); // in seconds
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.http.accept.default", "text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5");
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.IDN_show_punycode", true);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.dns.ipv4OnlyDomains", ".doubleclick.net");
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.standard-url.encode-utf8", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.image.imageBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.image.warnAboutImages", false);
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.proxy.autoconfig_url", "");
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.cookie.cookieBehavior", 3); // 0-Accept, 1-dontAcceptForeign, 2-dontUse, 3-p3p
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.cookie.p3p", "ffffaaaa");
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\mozilla firefox\\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\mozilla firefox\\greprefs\all.js - pref("ui.key.generalAccessKey", 18);
c:\program files\mozilla firefox\\greprefs\all.js - pref("dom.max_script_run_time", 5);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.enable_ssl2", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_128", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_128", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_ede3_192", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl2.des_64", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc4_40", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl2.rc2_40", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_fips_des_sha", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_des_sha", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_rc4_56_sha", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_1024_des_cbc_sha", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc4_40_md5", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.rsa_rc2_40_md5", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_rsa_des_sha", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ssl3.dhe_dss_des_sha", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.default_personal_cert", "Select Automatically");
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.warn_entering_secure", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.warn_leaving_secure", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.warn_submit_insecure", true);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.OCSP.enabled", 0);
c:\program files\mozilla firefox\\greprefs\security-prefs.js - pref("security.ui.enable", true);
c:\program files\mozilla firefox\\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.skin", "chrome://mozapps/content/extensions/extensions.xul?type=themes");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.chrome", "chrome://mozapps/content/extensions/extensions.xul?type=extensions");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager-themes");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager-extensions");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.id", "{ec8030f7-c20a-464f-9b0e-13a3a9e97384}");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.version",
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.extensions.version", "1.0");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.build_id",
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.update.autoUpdateEnabled", true); // Whether or not background app updates
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.update.url", "chrome://mozapps/locale/update/update.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.update.updatesAvailable", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.update.interval", 86400000); // Check for updates to Firefox every day
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.update.lastUpdateDate", 0); // UTC offset when last App update was
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("app.update.performed", false); // Whether or not an update has been
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdateEnabled", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.update.url", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.update.autoUpdate", false); // Automatically download and install
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.update.interval", 604800000); // Check for updates to Extensions and
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.update.lastUpdateDate", 0); // UTC offset when last Extension/Theme
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.getMoreExtensionsURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.getMoreThemesURL", "chrome://mozapps/locale/extensions/extensions.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.update.severity.threshold", 5);// The number of pending Extension/Theme
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("extensions.update.count", 0); // The number of extension/theme/etc
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("update.interval", 3600000); // Check each of the above intervals
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("update.showSlidingNotification", true); // Windows-only slide-up taskbar
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("update.severity", 0);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "update.mozilla.org,addons.mozilla.org");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("keyword.URL", "http://www.google.com/search?btnI=I%27m+Feeling+Lucky&ie=UTF-8&oe=UTF-8&q=");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("general.useragent.vendor", "Firefox");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("general.useragent.vendorSub",
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage", "resource:/browserconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage_reset", "resource:/browserconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.update.resetHomepage", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.startup.homepage_override.1", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.turbo.enabled", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.defaulturl", "chrome://browser-region/locale/region.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.1", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo.2", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.order.Yahoo", "chrome://browser/content/searchconfig.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.search.basic.min_ver", "0.0");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.tabs.opentabfor.urlbar", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.tabs.showSingleWindowModePrefs", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.related.enabled", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.related.autoload", 1); // 0 = Always, 1 = After first use, 2 = Never
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.related.provider", "http://www-rl.netscape.com/wtgn?");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.related.disabledForDomains", "");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.goBrowsing.enabled", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("dom.disable_window_open_feature.location", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.trim_user_and_password", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("network.cookie.enableForCurrentSessionOnly", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.throbber.url","chrome://browser-region/locale/region.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("alerts.height", 50);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("update_notifications.enabled", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("update_notifications.provider.0.frequency", 7); // number of days
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("update_notifications.provider.0.datasource", "chrome://browser-region/locale/region.properties");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("browser.xul.error_pages.enabled", false);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("signon.SignonFileName", "signons.txt");
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("security.warn_entering_secure.show_once", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("security.warn_leaving_secure.show_once", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("security.warn_submit_insecure.show_once", true);
c:\program files\mozilla firefox\\defaults\pref\firefox.js - pref("pfs.datasource.url", "chrome://mozapps/locale/plugins/plugins.properties");
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;\??\c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;\??\c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R2 ccEvtMgr;Symantec Event Manager;"c:\program files\common files\symantec shared\ccEvtMgr.exe" [2005-10-4 185968]
R2 ccSetMgr;Symantec Settings Manager;"c:\program files\common files\symantec shared\ccSetMgr.exe" [2005-10-4 177776]
R2 Symantec AntiVirus;Symantec AntiVirus;"c:\program files\symantec antivirus\Rtvscan.exe" [2005-11-15 1756912]
R2 WinDefend;Windows Defender;"c:\program files\windows defender\MsMpEng.exe" [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-2 99376]
R3 NAVENG;NAVENG;\??\c:\progra~1\common~1\symant~1\virusd~1\20081227.002\naveng.sys [2008-12-27 89104]
R3 NAVEX15;NAVEX15;\??\c:\progra~1\common~1\symant~1\virusd~1\20081227.002\navex15.sys [2008-12-27 876112]
S3 ccPwdSvc;Symantec Password Validation;"c:\program files\common files\symantec shared\ccPwdSvc.exe" [2005-10-4 83568]
S3 SavRoam;SAVRoam;"c:\program files\symantec antivirus\SavRoam.exe" [2005-11-15 169200]
S3 vsdatant;vsdatant;\??\c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;c:\windows\system32\drivers\yukonx86.sys [2005-4-1 176256]
S4 aawservice;Lavasoft Ad-Aware Service;"c:\program files\lavasoft\ad-aware\aawservice.exe" [2008-9-10 611664]
=============== Created Last 30 ================
2008-12-27 13:31 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 12:52 <DIR> a-dshr-- C:\cmdcons
2008-12-27 12:50 161,792 a------- c:\windows\SWREG.exe
2008-12-27 12:50 98,816 a------- c:\windows\sed.exe
2008-12-27 00:50 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-27 00:50 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-25 12:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\2DBoy
2008-12-25 12:04 <DIR> --d----- c:\program files\WorldOfGoo
2008-12-24 06:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrevxCSI
2008-12-23 22:35 327 a------- c:\windows\wininit.ini
2008-12-21 18:27 <DIR> --d----- c:\docume~1\user\applic~1\World-LooM
2008-12-21 17:15 <DIR> --d----- c:\windows\Fix-it-up - Kates Adventure
2008-12-21 17:15 <DIR> --d----- c:\program files\Fix-it-up - Kates Adventure
2008-12-09 21:37 <DIR> --d----- c:\windows\Top Chef
2008-12-09 21:37 <DIR> --d----- c:\program files\Top Chef
2008-12-02 00:20 0 a------- c:\windows\iplayer.INI
==================== Find3M ====================
2008-12-27 20:56 0 a------- c:\windows\system32\drivers\lvuvc.hs
2008-11-24 20:58 18,816 a------- c:\windows\system32\drivers\dvd43llh.sys
2008-10-23 04:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 12:38 826,368 a------- c:\windows\system32\wininet.dll
2008-10-03 02:02 247,326 a------- c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 a------- c:\windows\system32\msxml4.dll
2008-03-16 12:28 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2007-11-17 18:36 47,360 a------- c:\docume~1\user\applic~1\pcouffin.sys
2007-07-15 08:47 72 a------- c:\program files\UNWISE.INI
2005-09-26 00:51 32 a----r-- c:\documents and settings\all users\hash.dat
1999-06-25 09:55 149,504 a------- c:\program files\UNWISE.EXE
2008-09-27 11:25 49,152 a--sh--- c:\windows\system32\losamine.dll
2008-09-25 11:53 33,792 a--sh--- c:\windows\system32\zadimeve.dll
2008-07-19 19:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008071920080720\index.dat
============= FINISH: 21:33:04.12 ===============