Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot remove ntoskrnl-hook.


  • This topic is locked This topic is locked
8 replies to this topic

#1 dphurley

dphurley

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 02 May 2009 - 05:55 PM

Cannot remove ntoskrnl hook in safe mode using McAffee. McAffee indicates trojan is deleted, but it reappears in subsequent scan. Google redirect seems to be the major symptom.
Viruscan finds and claims to remove ntoskrnl-hook but still find it when I run the scan again.
Sometimes McAffee finds a dll (two instances) with a very long seemingly random string of letters as name.

Thanks in advance.

David Hurley

DDS (Ver_09-03-16.01) - NTFSx86
Run by dhurley at 17:25:33.78 on Sat 05/02/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.656 [GMT -4:00]

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\Array Networks\Common\8,2,0,11\arr_isrv.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Array Networks\Array SSL VPN\8,2,0,11\arr_srvs.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\dldocoms.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\History Explorer\HistoryExplorer.Service.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Program Files\yaTimer\Updates\AutoUpdateService.exe
C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Dell 968 AIO Printer\dldomon.exe
C:\Program Files\Dell 968 AIO Printer\memcard.exe
C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\dhurley\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\CallWave\IAM.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\qmc.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\dhurley\My Documents\Download\dds.scr

============== Pseudo HJT Report ===============

uStart Page = https://salesvpn.organo.com/prx/000/http/localhost/login
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7418E5F5-0E48-4144-8F92-5CA791C82396} - No File
BHO: {789703B2-BD36-4C89-965C-39CE74959113} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {DE713078-8012-4B75-92BA-398D4642A64B} - No File
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: StExBar: {367d8b32-f9fd-474b-8e65-9e521f35de99} - c:\program files\stexbar\StExBar.dll
TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: {F6DFE485-B775-4D9D-ADBC-AF4D52D5C078} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TimeBridge Connector for Outlook] "c:\documents and settings\dhurley\application data\timebridge\timebridge connector for outlook\TimeBridgeConnectorForOutlook.exe"
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [1&1 EasyLogin] c:\program files\1&1\1&1 easylogin\EasyLogin.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [LDTray] c:\program files\livescribe\livescribe desktop\LDTray.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [DNS7reminder] "c:\program files\nuance\naturallyspeaking10\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\nuance\naturallyspeaking10\Ereg.ini
mRun: [dldomon.exe] "c:\program files\dell 968 aio printer\dldomon.exe"
mRun: [MemoryCardManager] "c:\program files\dell 968 aio printer\memcard.exe"
mRun: [Dell 968 AIO Printer Fax Server] "c:\program files\dell 968 aio printer\fm3032.exe" /s
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logitech\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [LVCOMSX] "c:\program files\common files\logitech\lcommgr\LVComSX.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
StartupFolder: c:\docume~1\dhurley\startm~1\programs\startup\evernote.lnk - c:\program files\evernote\evernote3\EvernoteTray.exe
StartupFolder: c:\docume~1\dhurley\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\dhurley\startm~1\programs\startup\quickm~1.lnk - c:\windows\qmc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\callwave.lnk - c:\program files\callwave\IAM.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tabuse~1.lnk - c:\windows\system32\wtablet\TabUserW.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-system: RunLogonScriptSync = 0 (0x0)
IE: &Winamp Search - c:\documents and settings\all users\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Evernote - c:\program files\evernote\evernote3\enbar.dll/2000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Find Visible &Path - c:\program files\visible path\html\VPSearch.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\cade 2.13.16\web\new.htm
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {A573D71B-951B-4BAD-B8CC-708AE84769C9} - {32CA105A-BD6C-4AFC-B4D9-346262E9F483}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {E0B8C461-F8FB-49b4-8373-FE32E9252800} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEE1} - c:\program files\evernote\evernote3\enbar.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228661696578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://salesvpn.organo.com/prx/000/http/localhost/arr_x.cab
DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/1.4/jinstall-14_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} - hxxp://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
TCP: NameServer = 85.255.112.93,85.255.112.15
TCP: {2241AC40-E8C0-4D6F-A4CD-3F052FCE6DDD} = 85.255.112.93,85.255.112.15
TCP: {4F9A2DEF-0092-4A37-A773-F784FEA7243F} = 199.183.39.5,199.183.39.7
TCP: {89FECA5A-C0EF-4DEF-9366-FF6D1E60E0A2} = 85.255.112.93,85.255.112.15
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: Fences: {ec654325-1273-c2a9-2b7c-45a29bce2fbd} - c:\program files\stardock\fences\DesktopDock.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dhurley\applic~1\mozilla\firefox\profiles\sva14j3k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT580691&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\dhurley\application data\mozilla\firefox\profiles\sva14j3k.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\dhurley\application data\mozilla\firefox\profiles\sva14j3k.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit.3.1.dll
FF - component: c:\documents and settings\dhurley\application data\mozilla\firefox\profiles\sva14j3k.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\winnt_x86-msvc\components\outwit.dll
FF - component: c:\documents and settings\dhurley\application data\mozilla\firefox\profiles\sva14j3k.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar3.dll
FF - plugin: c:\documents and settings\dhurley\application data\mozilla\firefox\profiles\sva14j3k.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [2009-4-8 40496]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-23 64160]
R0 RVSDISK;RVSDISK;c:\windows\system32\drivers\RVSDISK.sys [2008-12-30 11904]
R0 RVSYSTEM;RVSYSTEM;c:\windows\system32\drivers\RVSYSTEM.sys [2008-12-30 38272]
R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2008-10-6 31816]
R2 Array_Utility_Service8.2.0.11;Array Utility Service 8,2,0,11;c:\program files\array networks\common\8,2,0,11\arr_isrv.exe [2008-11-24 307260]
R2 ArraySSL_VPN_Service8.2.0.11;Array SSL VPN Service 8,2,0,11;c:\program files\array networks\array ssl vpn\8,2,0,11\arr_srvs.exe [2008-11-24 188476]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 History Explorer Service;History Explorer Service;c:\program files\history explorer\HistoryExplorer.Service.exe [2009-1-15 51200]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2009-1-29 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-3-14 103744]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2008-10-6 144704]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2008-10-6 54608]
R2 MSSQL$PTPROFESSIONAL41;SQL Server (PTPROFESSIONAL41);c:\program files\the monticello corporation\mssql.1\mssql\binn\sqlservr.exe [2007-2-10 29178224]
R2 NBDUpdate;NBD Tech Auto Update;c:\program files\yatimer\updates\AutoUpdateService.exe [2009-4-11 5632]
R2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\neatworks\exec\NeatWorksDatabaseController.exe [2009-1-27 351376]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-5-1 72904]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-5-1 34344]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-5-1 177672]
R3 msvad_simple;SoliCall;c:\windows\system32\drivers\solicall.sys [2006-6-10 205312]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2008-12-10 99568]
S2 gupdate1c98aad45b1eb9e;Google Update Service (gupdate1c98aad45b1eb9e);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S2 UltraMonUtility;UltraMon Utility Driver;\??\c:\program files\common files\realtime soft\ultramonmirrordrv\x32\ultramonutility.sys --> c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [?]
S3 ATP;ArrayNetworks SSL VPN Miniport Driver;c:\windows\system32\drivers\atpdrvr.sys [2008-11-24 16896]
S3 CGY013;CW-K85 Device;c:\windows\system32\drivers\CGY013.sys [2008-12-27 24093]
S3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-11-29 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-11-29 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-11-29 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-11-29 59520]
S3 RMWPService;RMWPService;c:\program files\reference manager 12 demo\webpublisher\thirdparty\apache2\bin\RMWP_Apache_Admin.exe [2004-1-28 20537]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\drivers\SmartpenBus.sys [2008-11-28 38528]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\drivers\SmartpenCom.sys [2008-11-28 35328]

=============== Created Last 30 ================

2009-05-01 15:55 34,344 a------- c:\windows\system32\drivers\mfebopk.sys
2009-05-01 15:55 72,904 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-05-01 15:55 64,488 a------- c:\windows\system32\drivers\mfeapfk.sys
2009-05-01 15:55 177,672 a------- c:\windows\system32\drivers\mfehidk.sys
2009-05-01 15:55 52,136 a------- c:\windows\system32\drivers\mfetdik.sys
2009-04-30 18:29 <DIR> --d----- c:\program files\common files\McAfee
2009-04-29 07:59 <DIR> --d----- c:\program files\Annuaire
2009-04-28 23:46 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-28 23:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-26 10:51 <DIR> --d----- c:\program files\PhatWare
2009-04-26 10:50 <DIR> --d----- c:\docume~1\dhurley\applic~1\PhatWare
2009-04-24 09:49 <DIR> --d----- c:\windows\pss
2009-04-24 06:36 15,688 a------- c:\windows\system32\lsdelete.exe
2009-04-23 15:14 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-04-23 15:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-23 15:13 <DIR> --d----- c:\program files\Lavasoft
2009-04-22 21:08 <DIR> --d----- c:\program files\Belvedere
2009-04-21 17:30 <DIR> --d----- c:\documents and settings\dhurley\.dia
2009-04-21 17:29 <DIR> --d----- c:\program files\Dia
2009-04-21 17:18 <DIR> --d----- c:\program files\CADE 2.13.16
2009-04-20 14:04 <DIR> --d----- c:\program files\Axon Data
2009-04-19 22:17 109,782 a------- c:\windows\CopernicSummarizerUninstall.exe
2009-04-19 22:17 <DIR> --d----- c:\program files\Copernic Summarizer
2009-04-19 18:56 <DIR> --d----- c:\docume~1\dhurley\applic~1\Famundo
2009-04-19 18:55 <DIR> --d----- c:\program files\Famundo
2009-04-19 10:16 <DIR> --d----- c:\program files\SoliCall
2009-04-19 10:09 <DIR> --d----- c:\program files\Zards software
2009-04-19 10:07 <DIR> --d----- c:\program files\Algebrus
2009-04-18 22:47 <DIR> --d----- c:\program files\Cozi Outlook Toolbar
2009-04-18 21:55 <DIR> --d----- c:\documents and settings\dhurley\My Projects
2009-04-18 21:51 <DIR> --d----- c:\docume~1\dhurley\applic~1\Audio Editor Deluxe
2009-04-18 21:51 <DIR> --d----- c:\program files\Audio Editor Deluxe
2009-04-17 23:20 <DIR> --d----- c:\program files\Wondershare
2009-04-17 00:06 <DIR> --d----- c:\program files\WindowTabs
2009-04-16 23:57 <DIR> --d----- c:\program files\Deusty
2009-04-16 22:55 <DIR> --d----- c:\program files\iPod
2009-04-16 22:55 <DIR> --d----- c:\program files\iTunes
2009-04-16 22:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-15 13:46 <DIR> --d----- c:\program files\Procaster
2009-04-15 13:30 <DIR> --d----- c:\program files\TrendingBotLite
2009-04-14 23:22 <DIR> --d----- c:\docume~1\dhurley\applic~1\PlannerTemplates
2009-04-14 23:21 <DIR> --d----- c:\program files\KFTF
2009-04-12 22:30 <DIR> --d----- c:\docume~1\dhurley\applic~1\InfoLayout
2009-04-12 18:59 188,416 -------- c:\windows\system32\PDRVINST.DLL
2009-04-12 18:59 86,016 -------- c:\windows\system32\BrWebIns.dll
2009-04-12 18:59 69,632 -------- c:\windows\system32\BRWEBUP.EXE
2009-04-12 18:58 6,224 -------- c:\windows\CVRPAGE.BMP
2009-04-12 18:58 126,976 -------- c:\windows\system32\BrfxD05a.dll
2009-04-12 18:58 0 a------- c:\windows\brdfxspd.dat
2009-04-12 18:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PrinterOn Corporation
2009-04-12 13:35 <DIR> --d----- c:\documents and settings\dhurley\brother
2009-04-12 11:45 <DIR> --d----- c:\program files\MAPILab Ltd
2009-04-12 11:45 <DIR> --d----- c:\program files\common files\Outlook Security Manager
2009-04-12 10:08 73,728 a------- c:\windows\system32\TOverlay.ax
2009-04-12 10:08 53,248 a------- c:\windows\system32\DSTimeStamp.ax
2009-04-12 10:08 40,960 a------- c:\windows\system32\wavdest.ax
2009-04-12 10:08 692,224 a------- c:\windows\system32\AxisToolBar.ocx
2009-04-12 10:08 188,416 a------- c:\windows\system32\UScreenCapture.ax
2009-04-12 10:08 126,976 a------- c:\windows\system32\ArielColorCtrl.ocx
2009-04-12 10:08 36,864 a------- c:\windows\system32\Sof2FFTPrj.ocx
2009-04-12 10:08 24,576 a------- c:\windows\system32\SpecBarPrj.ocx
2009-04-12 10:08 <DIR> --d----- c:\program files\1AVStreamer
2009-04-12 09:59 <DIR> --d----- c:\program files\Desktop Icon Toy
2009-04-11 23:19 <DIR> --d----- C:\QUARANTINE
2009-04-11 22:46 <DIR> --d----- c:\program files\Menu Inventor
2009-04-11 22:09 <DIR> --d----- c:\program files\Fingertips
2009-04-11 22:01 <DIR> --d----- c:\program files\common files\Brother BrssCom
2009-04-11 22:01 <DIR> --d----- c:\program files\Fingerprint
2009-04-11 20:19 <DIR> --d----- c:\program files\yaTimer
2009-04-11 19:55 <DIR> --d----- c:\program files\TinyGraphs
2009-04-11 14:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\CraigsPal
2009-04-11 00:57 356,352 a------- c:\windows\eSellerateEngine.dll
2009-04-11 00:39 <DIR> --d----- c:\program files\C Software
2009-04-11 00:22 <DIR> --d----- c:\windows\Sparklines
2009-04-11 00:22 <DIR> --d----- c:\program files\Sparklines
2009-04-11 00:15 <DIR> --d----- c:\docume~1\dhurley\applic~1\ndxCards
2009-04-11 00:15 <DIR> --d----- c:\program files\ndxCards
2009-04-11 00:02 <DIR> --d----- c:\program files\common files\iSpring Solutions
2009-04-11 00:02 <DIR> --d----- c:\program files\iSpring
2009-04-08 22:32 40,496 a------- c:\windows\system32\drivers\hotcore3.sys
2009-04-08 22:31 <DIR> --d----- c:\program files\Paragon Software
2009-04-08 17:40 <DIR> --d----- c:\docume~1\dhurley\applic~1\Direct Access
2009-04-08 16:05 <DIR> --d----- C:\Z5Com
2009-04-08 11:31 <DIR> --d----- c:\program files\HowTo-Outlook
2009-04-07 21:03 <DIR> --d----- c:\program files\yWriter5
2009-04-07 14:00 <DIR> --d----- c:\docume~1\dhurley\applic~1\Bump Technologies, Inc
2009-04-07 13:59 <DIR> --d----- c:\program files\BumpTop
2009-04-07 12:46 <DIR> --d----- c:\docume~1\dhurley\applic~1\Clicky Gone
2009-04-07 12:46 <DIR> --d----- c:\program files\Clicky Gone
2009-04-05 14:45 2,364 a------- C:\config.xml
2009-04-05 00:22 <DIR> --d----- c:\program files\DreameeSoft
2009-04-04 19:16 <DIR> --d----- c:\program files\Fortis Software
2009-04-04 11:16 <DIR> --d----- c:\program files\TimeTo
2009-04-04 00:51 <DIR> --d----- c:\documents and settings\dhurley\MindRaider
2009-04-04 00:51 <DIR> --d----- c:\documents and settings\dhurley\.mindraider.profile
2009-04-04 00:47 <DIR> --d----- c:\program files\ShirusuPad
2009-04-04 00:46 <DIR> --d----- c:\program files\mindraider

==================== Find3M ====================

2009-05-01 22:31 12,911 a------- c:\windows\system32\tablet.dat
2009-03-26 16:41 3,073 a------- c:\docume~1\dhurley\applic~1\SAS7_000.DAT
2009-03-22 21:30 11,315 a------- c:\windows\unins001.dat
2009-03-22 21:29 700,250 a------- c:\windows\unins001.exe
2009-03-21 20:28 2,548 a------- c:\windows\unins000.dat
2009-03-21 20:28 701,116 a------- c:\windows\unins000.exe
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-08 16:38 14,971 a---h--- c:\program files\VISTAMETRIX.GID
2009-03-08 16:33 249,856 -------- c:\windows\Setup1.exe
2009-03-08 16:33 73,216 a------- c:\windows\ST6UNST.EXE
2009-03-08 10:49 81,920 a------- c:\docume~1\dhurley\applic~1\ezpinst.exe
2009-03-08 10:49 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-03-08 10:49 47,360 a------- c:\docume~1\dhurley\applic~1\pcouffin.sys
2009-02-14 16:47 6,442 a------- c:\program files\setuplog.txt
2009-02-14 16:47 6,048 a------- c:\program files\uninstal.log
2009-02-06 22:33 249,856 a------- c:\windows\system32\LxrJD31.dll
2009-02-06 22:33 163,840 a------- c:\windows\system32\LxrJD31c.exe
2009-02-06 22:33 146,432 a------- c:\windows\system32\LxrJD31p.exe
2009-02-06 22:33 61,440 a------- c:\windows\system32\LxrJD20Sat.dll
2009-02-06 22:33 71,168 a------- c:\windows\system32\LxrJD31s.exe
2009-02-04 10:45 6 a------- c:\windows\fonts\wfonts.key
2009-02-03 10:42 40,004 a------- c:\windows\system32\wmsctrl.dll
2008-05-07 15:40 4,798 a------- c:\docume~1\dhurley\applic~1\setup.reg
2008-05-07 10:43 4,833 a------- c:\docume~1\dhurley\applic~1\setup.bat
2008-05-04 02:54 1,940 a------- c:\docume~1\dhurley\applic~1\lebendig.reg
2008-04-23 17:23 921,600 a------- c:\program files\VistaMetrix.exe
2008-04-23 17:03 347,014 a------- c:\program files\VISTAMETRIX.HLP
2008-04-23 17:03 2,387 a------- c:\program files\VistaMetrix.CNT
2009-01-21 21:21 88 ---shr-- c:\windows\system32\F60927F702.sys
2007-04-18 12:25 165,204 a--shr-- c:\windows\system32\jiaha.dll
2009-01-21 21:22 2,984 a--sh--- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 17:26:34.03 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:19 AM

Posted 03 May 2009 - 11:04 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 dphurley

dphurley
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 03 May 2009 - 12:53 PM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report

  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.
=============


Thanks Sam,

Here is the OTListIt2 log:

OTListIt logfile created on: 5/3/2009 1:36:58 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.3 Folder = C:\Documents and Settings\dhurley\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 43.46% Memory free
3.84 Gb Paging File | 2.86 Gb Available in Paging File | 74.49% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.44 Gb Total Space | 24.53 Gb Free Space | 32.96% Space Free | Partition Type: NTFS
Drive D: | 13.08 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGYV0QH1
Current User Name: dhurley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007/07/25 18:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2009/04/27 15:19:56 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2007/02/06 18:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
PRC - [2005/09/09 04:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/12/19 16:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/04 15:56:18 | 01,123,608 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007/10/05 09:30:34 | 00,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldocoms.exe
PRC - [2007/07/25 18:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2009/01/06 10:56:12 | 00,051,200 | ---- | M] (Exendo) -- C:\Program Files\History Explorer\HistoryExplorer.Service.exe
PRC - [2009/01/29 00:11:22 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/02/06 22:33:43 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe
PRC - [2008/03/14 05:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/10/06 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/10/06 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/02/10 09:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/01/31 10:33:16 | 00,005,632 | ---- | M] () -- C:\Program Files\yaTimer\Updates\AutoUpdateService.exe
PRC - [2008/03/14 05:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009/01/27 19:25:06 | 00,351,376 | ---- | M] (The Neat Company) -- C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe
PRC - [2008/02/22 14:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007/07/25 18:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/02/10 09:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/12/05 19:24:44 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe
PRC - [2005/06/17 16:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe
PRC - [2007/11/09 00:50:10 | 01,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
PRC - [2007/09/07 19:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2007/09/28 18:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/07/25 18:32:34 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2004/08/04 07:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008/04/14 06:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/04/14 06:42:20 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/01/25 04:34:22 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/05/18 13:45:32 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/05/18 13:45:34 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/05/18 13:45:36 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2008/02/22 14:43:38 | 01,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/07/25 18:32:50 | 00,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2007/07/25 18:30:36 | 00,974,848 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2007/09/10 11:55:04 | 00,092,160 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
PRC - [2007/09/14 12:53:16 | 00,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/01/29 06:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/12/05 19:24:46 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
PRC - [2008/02/26 12:57:28 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/09/08 02:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/02/27 12:14:26 | 00,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
PRC - [2008/03/14 05:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\udaterui.exe
PRC - [2006/09/08 02:10:22 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2008/11/21 15:10:42 | 00,413,696 | ---- | M] () -- C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe
PRC - [2008/03/14 05:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/10/05 09:30:18 | 00,455,920 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe
PRC - [2007/10/05 09:30:26 | 00,410,864 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\memcard.exe
PRC - [2006/08/03 10:44:52 | 00,529,968 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe
PRC - [2007/02/08 02:13:48 | 00,774,168 | ---- | M] () -- C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
PRC - [2006/08/03 14:29:02 | 00,244,520 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2006/06/28 08:46:30 | 00,622,592 | ---- | M] () -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2005/02/16 17:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2008/10/06 20:50:00 | 00,111,952 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
PRC - [2009/01/09 09:23:24 | 00,032,768 | ---- | M] (TimeBridge) -- C:\Documents and Settings\dhurley\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe
PRC - [2006/11/13 13:39:52 | 01,289,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
PRC - [2006/05/08 19:52:04 | 00,204,800 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2009/03/19 08:59:42 | 02,200,064 | ---- | M] (1&1 Internet Inc) -- C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2009/04/30 21:22:40 | 02,329,936 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2006/11/13 13:39:34 | 00,199,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft ActiveSync\rapimgr.exe
PRC - [2008/02/22 12:04:42 | 02,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008/11/25 20:41:58 | 01,940,280 | ---- | M] (CallWave, Inc.) -- C:\Program Files\CallWave\IAM.exe
PRC - [2006/11/03 20:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2005/06/17 16:35:50 | 00,114,688 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\WTablet\TabUserW.exe
PRC - [2008/05/26 23:19:14 | 00,123,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Desktop Search\WindowsSearch.exe
PRC - [2009/03/25 22:10:58 | 00,350,656 | ---- | M] (Evernote Corporation) -- C:\Program Files\Evernote\Evernote3\EvernoteTray.exe
PRC - [2007/08/24 05:45:42 | 00,101,784 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/08/21 21:14:36 | 00,429,003 | ---- | M] () -- C:\WINDOWS\qmc.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/10/29 16:30:14 | 00,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/02/08 02:12:20 | 00,230,936 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2007/10/04 20:39:42 | 00,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2006/12/04 18:00:10 | 00,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
PRC - [2008/01/22 22:13:08 | 00,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2008/01/09 12:38:44 | 00,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/08/23 13:55:06 | 00,311,296 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
PRC - [2008/02/22 17:29:24 | 02,572,288 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
PRC - [2007/07/25 18:26:14 | 00,491,520 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2009/05/02 23:58:03 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/02/09 07:55:09 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe
PRC - [2008/04/14 06:42:42 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2009/05/03 13:34:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dhurley\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (AcrSch2Svc [Auto | Stopped])
SRV - [2005/09/09 04:24:30 | 00,102,400 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor4.0 [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2006/12/19 16:21:48 | 00,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon [Auto | Running])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/04/04 15:56:18 | 01,123,608 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper [Auto | Running])
SRV - [2007/10/05 09:30:46 | 00,099,568 | ---- | M] () -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\dldoserv.exe -- (dldoCATSCustConnectService [Auto | Stopped])
SRV - [2007/10/05 09:30:34 | 00,595,184 | ---- | M] ( ) -- C:\WINDOWS\system32\dldocoms.exe -- (dldo_device [Auto | Running])
SRV - [2007/07/25 18:41:42 | 00,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/11/13 00:12:08 | 00,651,720 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/09 07:55:09 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c98aad45b1eb9e [Auto | Stopped])
SRV - [2009/03/24 21:23:05 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/14 06:42:04 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/01/06 10:56:12 | 00,051,200 | ---- | M] (Exendo) -- C:\Program Files\History Explorer\HistoryExplorer.Service.exe -- (History Explorer Service [Auto | Running])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/29 00:11:22 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/04/27 15:19:56 | 00,953,168 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2007/02/06 18:45:26 | 00,109,344 | ---- | M] (Logitech Inc.) -- c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2007/02/06 18:47:12 | 00,105,248 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher [Auto | Stopped])
SRV - [2009/02/06 22:33:43 | 00,071,168 | ---- | M] () -- C:\WINDOWS\system32\LxrJD31s.exe -- (LxrJD31s [Auto | Running])
SRV - [2008/03/14 05:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework [Unknown | Running])
SRV - [2008/10/06 20:50:00 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2008/10/06 20:50:00 | 00,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager [Unknown | Running])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/02/10 06:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$NR2007 [On_Demand | Stopped])
SRV - [2007/02/10 09:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PTPROFESSIONAL41 [Auto | Running])
SRV - [2005/10/14 06:50:19 | 00,045,272 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2009/01/31 10:33:16 | 00,005,632 | ---- | M] () -- C:\Program Files\yaTimer\Updates\AutoUpdateService.exe -- (NBDUpdate [Auto | Running])
SRV - [2009/01/27 19:25:06 | 00,351,376 | ---- | M] (The Neat Company) -- C:\Program Files\NeatWorks\exec\NeatWorksDatabaseController.exe -- (NeatWorksDatabaseController [Auto | Running])
SRV - [2006/11/08 17:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2008/02/22 14:40:20 | 00,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 17:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2006/11/02 21:40:12 | 00,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing [Auto | Running])
SRV - [2007/07/25 18:22:44 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2004/01/28 19:25:24 | 00,020,537 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe -- (RMWPService [On_Demand | Stopped])
SRV - [2007/07/25 18:29:38 | 00,987,136 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/08/31 19:39:18 | 00,486,400 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService [On_Demand | Stopped])
SRV - [2007/02/10 09:29:47 | 00,242,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2007/12/05 19:24:44 | 00,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\StacSV.exe -- (STacSV [Auto | Running])
SRV - [2005/06/17 16:00:46 | 00,749,568 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Tablet.exe -- (TabletService [Auto | Running])
SRV - [2007/11/09 00:50:10 | 01,552,384 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Running])
SRV - [2007/09/07 19:29:04 | 00,737,280 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService [Auto | Running])
SRV - [2007/09/28 18:05:16 | 00,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service [Auto | Running])
SRV - [2007/09/13 16:31:44 | 00,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService [On_Demand | Stopped])
SRV - [2007/07/25 18:32:34 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2008/11/12 23:44:42 | 00,021,393 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/14 01:06:40 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2007/02/17 08:00:42 | 00,132,608 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\system32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2005/08/12 18:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/08/09 03:11:58 | 00,016,896 | ---- | M] (Array Networks, Inc.) -- C:\WINDOWS\system32\DRIVERS\atpdrvr.sys -- (ATP [On_Demand | Stopped])
DRV - [2007/03/13 01:26:06 | 00,160,256 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\b57xp32.sys -- (b57w2k [On_Demand | Running])
DRV - [2006/12/19 16:21:52 | 00,010,480 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND [Auto | Running])
DRV - [2004/10/08 12:59:12 | 00,326,656 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\Camdrl.sys -- (CamDrL [On_Demand | Stopped])
DRV - [2006/03/14 01:00:00 | 00,024,093 | ---- | M] (CASIO COMPUTER CO.,LTD.) -- C:\WINDOWS\system32\DRIVERS\CGY013.sys -- (CGY013 [On_Demand | Stopped])
DRV - [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/11/02 14:32:32 | 00,097,536 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec01.sys -- (DXEC01 [On_Demand | Running])
DRV - [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2007/02/03 14:32:58 | 00,022,560 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2009/03/19 16:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/11/28 18:18:24 | 00,062,208 | ---- | M] (O2Micro) -- C:\WINDOWS\System32\Drivers\oz776.sys -- (guardian2 [On_Demand | Running])
DRV - [2008/04/13 23:06:06 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2008/12/13 14:47:38 | 00,040,496 | ---- | M] (Paragon Software Group) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3 [Boot | Running])
DRV - [2008/06/15 21:35:00 | 00,210,688 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2008/06/15 21:35:02 | 00,985,472 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/05/18 13:45:40 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2009/04/27 15:20:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2007/02/06 18:42:40 | 01,691,808 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVcKap.sys -- (LVcKap [On_Demand | Stopped])
DRV - [2007/02/06 18:44:36 | 01,964,064 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys -- (LVMVDrv [On_Demand | Stopped])
DRV - [2007/02/03 14:30:57 | 01,507,232 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
DRV - [2007/02/06 18:45:04 | 00,025,632 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2007/02/03 14:32:34 | 00,041,504 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2007/02/03 14:32:45 | 01,939,360 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
DRV - [2009/02/06 22:33:43 | 00,069,824 | ---- | M] () -- C:\WINDOWS\system32\Drivers\LxrJD31d.sys -- (LxrJD31d [Auto | Running])
DRV - [2008/01/14 06:06:32 | 00,021,632 | ---- | M] (ManyCam LLC.) -- C:\WINDOWS\system32\DRIVERS\ManyCam.sys -- (ManyCam [On_Demand | Running])
DRV - [2008/06/15 21:35:02 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2008/10/06 20:50:00 | 00,064,488 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk [On_Demand | Running])
DRV - [2008/10/06 20:50:00 | 00,072,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2008/10/06 20:50:00 | 00,034,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk [On_Demand | Running])
DRV - [2008/10/06 20:50:00 | 00,177,672 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk [On_Demand | Running])
DRV - [2008/10/06 20:50:00 | 00,031,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk [System | Running])
DRV - [2008/10/06 20:50:00 | 00,052,136 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik [System | Running])
DRV - [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2006/06/10 16:19:20 | 00,205,312 | ---- | M] (SoliCall) -- C:\WINDOWS\system32\drivers\solicall.sys -- (msvad_simple [On_Demand | Running])
DRV - [2007/08/12 20:05:34 | 02,211,456 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
DRV - [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2007/09/07 11:57:14 | 00,026,608 | ---- | M] (Dell Inc) -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV [Boot | Running])
DRV - [2009/03/08 10:49:37 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Running])
DRV - [2001/04/09 16:45:00 | 00,008,138 | ---- | M] (Wacom Technology Corporation) -- C:\WINDOWS\system32\Drivers\PenClass.sys -- (PenClass [Boot | Running])
DRV - [2007/08/17 21:56:34 | 00,029,952 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDMBus.sys -- (PTDMBus [On_Demand | Stopped])
DRV - [2007/08/17 21:56:38 | 00,041,856 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDMMdm.sys -- (PTDMMdm [On_Demand | Stopped])
DRV - [2007/08/17 21:56:40 | 00,039,936 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDMVsp.sys -- (PTDMVsp [On_Demand | Stopped])
DRV - [2007/08/17 21:56:46 | 00,059,520 | ---- | M] (DEVGURU Co,LTD.) -- C:\WINDOWS\system32\DRIVERS\PTDMWWAN.sys -- (PTDMWWAN [On_Demand | Stopped])
DRV - [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 19:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2008/12/30 07:58:45 | 00,011,904 | ---- | M] () -- C:\WINDOWS\system32\Drivers\RVSDISK.sys -- (RVSDISK [Boot | Running])
DRV - [2008/12/30 07:58:44 | 00,038,272 | ---- | M] (Returnil SIA) -- C:\WINDOWS\system32\Drivers\RVSYSTEM.sys -- (RVSYSTEM [Boot | Running])
DRV - [2007/05/29 17:29:30 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 06:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/14 01:06:40 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2008/09/02 12:37:12 | 00,038,528 | ---- | M] (Livescribe) -- C:\WINDOWS\system32\DRIVERS\SmartpenBus.sys -- (SmartpenBus [On_Demand | Stopped])
DRV - [2008/09/02 12:37:12 | 00,035,328 | ---- | M] (Livescribe) -- C:\WINDOWS\system32\DRIVERS\SmartpenCom.sys -- (SmartpenCom [On_Demand | Stopped])
DRV - [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/12/05 19:24:44 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Running])
DRV - [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2008/04/01 16:22:20 | 00,003,712 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\drivers\Toshidpt.sys -- (toshidpt [On_Demand | Running])
DRV - [2008/04/01 16:22:22 | 00,041,600 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\DRIVERS\tosporte.sys -- (tosporte [On_Demand | Running])
DRV - [2008/04/01 16:22:24 | 00,131,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\DRIVERS\tosrfbd.sys -- (tosrfbd [On_Demand | Running])
DRV - [2008/04/01 16:22:26 | 00,036,608 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfbnp.sys -- (tosrfbnp [On_Demand | Running])
DRV - [2008/04/01 16:22:26 | 00,064,128 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys -- (Tosrfcom [System | Running])
DRV - [2008/04/01 16:22:28 | 00,074,240 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys -- (Tosrfhid [On_Demand | Running])
DRV - [2008/04/01 16:22:30 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) -- C:\WINDOWS\system32\DRIVERS\tosrfnds.sys -- (tosrfnds [On_Demand | Running])
DRV - [2008/04/01 16:22:34 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) -- C:\WINDOWS\system32\DRIVERS\tosrfusb.sys -- (Tosrfusb [On_Demand | Running])
DRV - [2008/12/15 21:31:15 | 00,215,872 | ---- | M] (TrueCrypt Foundation) -- C:\WINDOWS\System32\drivers\truecrypt.sys -- (truecrypt [System | Running])
DRV - [2008/12/13 14:47:38 | 00,032,056 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\DRIVERS\UimBus.sys -- (UimBus [System | Running])
DRV - [2008/12/13 14:47:38 | 00,129,896 | ---- | M] (Paragon) -- C:\WINDOWS\System32\Drivers\Uim_IM.sys -- (Uim_IM [System | Running])
DRV - [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/11/07 15:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2008/04/14 01:15:14 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/09/06 11:18:40 | 00,018,176 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\WINDOWS\system32\DRIVERS\WaveFDE.sys -- (WaveFDE [On_Demand | Running])
DRV - [2007/09/10 11:55:00 | 00,161,280 | ---- | M] (Wave Systems Corp.) -- C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys -- (WavxDMgr [Auto | Running])
DRV - [2006/11/06 19:04:56 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])
DRV - [2008/06/15 21:35:00 | 00,731,264 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-1399521631-187898335-924725345-4656\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4081113
IE - HKU\S-1-5-21-1399521631-187898335-924725345-4656\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKU\S-1-5-21-1399521631-187898335-924725345-4656\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1399521631-187898335-924725345-4656\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1399521631-187898335-924725345-4656\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://salesvpn.organo.com/prx/000/http/localhost/login
IE - HKU\S-1-5-21-1399521631-187898335-924725345-4656\S-1-5-21-1399521631-187898335-924725345-4656\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultEngine: "Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-cneta&type=experimentalscene_10869286"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-cneta&type=experimentalscene_10869286"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: abhere2@moztw.org:3.1.20081205
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.93
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: asf@mangaheart.org:0.9.2
FF - prefs.js..extensions.enabledItems: bookmarkpreviews@mozdev.org:0.8.0
FF - prefs.js..extensions.enabledItems: closeforget@addons.mozilla.org:0.6.6
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.3
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.5
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.46749
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.22b
FF - prefs.js..extensions.enabledItems: artur.dubovoy@gmail.com:1.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {840A0A20-20B3-4fa0-AC8D-BAD773E12885}:0.4
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.0
FF - prefs.js..extensions.enabledItems: {398e77b8-2304-11dc-8314-0800200c9a66}:0.3.12
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: netNotes@blueimp.net:0.0.2.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.2.4
FF - prefs.js..extensions.enabledItems: {aba3f5c2-35d5-4960-bdfc-de9c162e39ce}:2.0.1.1
FF - prefs.js..extensions.enabledItems: outwit-docs@outwit.com:0.1.0.20
FF - prefs.js..extensions.enabledItems: base-outfit@outwit.com:0.6.1.1
FF - prefs.js..extensions.enabledItems: outwit-images@outwit.com:0.1.1.1
FF - prefs.js..extensions.enabledItems: {5fb1186a-3398-4c47-b579-0f2eee222ad1}:0.8.3.1
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.1.0.2
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:0.9941
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.3.9
FF - prefs.js..extensions.enabledItems: {DA144265-8D9B-4380-B8F7-9F85E2C37D05}:0.7.2.70
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009050101
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: TabSidebar@blueprintit.co.uk:2.0.1
FF - prefs.js..extensions.enabledItems: twitternotifier@naan.net:1.7.7.1
FF - prefs.js..extensions.enabledItems: UnsortedBookmarksMenu@alice:1.6
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.5.1.1
FF - prefs.js..extensions.enabledItems: zotero@chnm.gmu.edu:1.0.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT580691&q="

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [2008/12/22 12:19:31 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/01/05 17:17:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2008/12/07 16:39:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/24 17:04:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/02 23:58:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/02 23:58:06 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0b2\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD 3 BETA 1\COMPONENTS [2009/03/29 08:04:27 | 00,000,000 | ---D | M]

[2008/12/15 16:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Extensions
[2008/12/15 16:30:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2008/11/25 10:00:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/03 12:57:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions
[2009/02/11 13:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}(2)
[2009/03/19 14:40:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2008/12/30 00:35:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2008/12/28 13:51:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{10853dc2-7a27-4e4f-a444-1518b76ab2ec}
[2009/05/01 19:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d}
[2009/04/07 10:32:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/04/27 07:51:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{398e77b8-2304-11dc-8314-0800200c9a66}
[2009/04/11 22:44:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2009/04/15 09:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}
[2009/05/01 19:38:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/12/20 17:12:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{840A0A20-20B3-4fa0-AC8D-BAD773E12885}
[2008/12/22 12:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2009/04/09 22:26:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009/04/16 12:19:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/04/08 13:43:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{DA144265-8D9B-4380-B8F7-9F85E2C37D05}
[2009/01/29 19:19:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/04/04 11:32:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2009/02/11 13:52:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}(2)
[2009/02/22 18:11:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/12/22 12:43:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\abhere2@moztw.org
[2009/03/17 21:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\artur.dubovoy@gmail.com
[2009/03/12 01:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\asf@mangaheart.org
[2009/04/15 09:10:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\base-outfit@outwit.com
[2009/02/11 13:52:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\bookmarkpreviews@mozdev.org
[2009/04/27 00:04:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\closeforget@addons.mozilla.org
[2009/01/23 17:37:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\fastdial@telega.phpnet.us
[2009/01/10 00:29:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\gmailthis@lazyrussian.com
[2009/04/17 09:45:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\isreaditlater@ideashower.com
[2009/04/07 10:39:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\morningCoffee@shaneliesegang
[2009/04/07 20:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\moveplayer@movenetworks.com
[2009/02/01 10:15:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\netNotes@blueimp.net
[2009/04/15 09:10:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\outwit-docs@outwit.com
[2009/04/15 09:10:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\outwit-images@outwit.com
[2009/02/23 18:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\smartbookmarksbar@remy.juteau
[2009/04/07 10:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\TabSidebar@blueprintit.co.uk
[2009/04/07 10:33:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\twitternotifier@naan.net
[2008/12/22 12:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\UnsortedBookmarksMenu@alice
[2008/12/23 12:11:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\dhurley\Application Data\mozilla\Firefox\Profiles\sva14j3k.default\extensions\zotero@chnm.gmu.edu
[2008/12/28 14:37:22 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\dhurley\Application Data\Mozilla\FireFox\Profiles\sva14j3k.default\searchplugins\conduit.xml
[2009/01/06 12:20:01 | 00,001,447 | ---- | M] () -- C:\Documents and Settings\dhurley\Application Data\Mozilla\FireFox\Profiles\sva14j3k.default\searchplugins\userlogos.xml
[2008/12/30 07:55:21 | 00,001,196 | ---- | M] () -- C:\Documents and Settings\dhurley\Application Data\Mozilla\FireFox\Profiles\sva14j3k.default\searchplugins\winamp-search.xml
[2009/05/03 13:34:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/02 23:58:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/17 10:35:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2009/03/06 08:40:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/31 12:11:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/02 23:58:00 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/02 23:58:00 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/02 23:58:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/02 23:58:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/02 23:58:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/02 23:58:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/05/02 23:58:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/02 23:58:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/02 23:58:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SnagIt Toolbar Loader) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7418E5F5-0E48-4144-8F92-5CA791C82396} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {789703B2-BD36-4C89-965C-39CE74959113} - Reg Error: Key error. File not found
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {DE713078-8012-4B75-92BA-398D4642A64B} - Reg Error: Key error. File not found
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (StExBar) - {367D8B32-F9FD-474b-8E65-9E521F35DE99} - C:\Program Files\StExBar\StExBar.dll (tools.tortoisesvn.net)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKLM\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-1399521631-187898335-924725345-4656\..\Toolbar\ShellBrowser: (no name) - {367D8B32-F9FD-474B-8E65-9E521F35DE99} - C:\Program Files\StExBar\StExBar.dll (tools.tortoisesvn.net)
O3 - HKU\S-1-5-21-1399521631-187898335-924725345-4656\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1399521631-187898335-924725345-4656\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-1399521631-187898335-924725345-4656\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-1399521631-187898335-924725345-4656\..\Toolbar\WebBrowser: (no name) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN ()
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] "C:\Program Files\Dell 968 AIO Printer\fm3032.exe" /s ()
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4 - HKLM..\Run: [dldomon.exe] "C:\Program Files\Dell 968 AIO Printer\dldomon.exe" ()
O4 - HKLM..\Run: [DNS7reminder] "C:\Program Files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (InstallShield Software Corporation)
O4 - HKLM..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LDTray] C:\Program Files\Livescribe\Livescribe Desktop\LDTray.exe ()
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" (Logitech Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide ()
O4 - HKLM..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" (Logitech Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey (McAfee, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] "C:\Program Files\Dell 968 AIO Printer\memcard.exe" ()
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE (McAfee, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\S-1-5-21-1399521631-187898335-924725345-4656..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet Inc)
O4 - HKU\S-1-5-21-1399521631-187898335-924725345-4656..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup (IObit)
O4 - HKU\S-1-5-21-1399521631-187898335-924725345-4656..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" (Microsoft Corporation)
O4 - HKU\S-1-5-21-1399521631-187898335-924725345-4656..\Run: [TimeBridge Connector for Outlook] "C:\Documents and Settings\dhurley\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe" (TimeBridge)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CallWave.lnk = C:\Program Files\CallWave\IAM.exe (CallWave, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe (Wacom Technology, Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\dhurley\Start Menu\Programs\Startup\Evernote.lnk = C:\Program Files\Evernote\Evernote3\EvernoteTray.exe (Evernote Corporation)
O4 - Startup: C:\Documents and Settings\dhurley\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\dhurley\Start Menu\Programs\Startup\QuickMonth Calendar.lnk = C:\WINDOWS\qmc.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1399521631-187898335-924725345-4656\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Evernote - res://C:\Program Files\Evernote\Evernote3\enbar.dll/2000 (Evernote Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html File not found
O8 - Extra context menu item: Find Visible &Path - C:\Program Files\Visible Path\html\VPSearch.html ()
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: CADE - {605E5D27-BFA0-471F-87ED-98A2623D633C} - C:\Program Files\CADE 2.13.16\Web\new.htm ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E9252800} - C:\Program Files\Evernote\Evernote3\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1228661696578 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {B6648EB8-2460-484F-9255-9654454C4C70} https://salesvpn.organo.com/prx/000/http/localhost/arr_x.cab (ArrVPNAX Control)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E...04/clearadj.cab (CTAdjust Class)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Organo.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{2241AC40-E8C0-4D6F-A4CD-3F052FCE6DDD}\\NameServer = 85.255.112.93,85.255.112.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{4F9A2DEF-0092-4A37-A773-F784FEA7243F}\\NameServer = 199.183.39.5,199.183.39.7
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Interfaces\{89FECA5A-C0EF-4DEF-9366-FF6D1E60E0A2}\\NameServer = 85.255.112.93,85.255.112.15
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45A29BCE2FBD} - Fences - C:\Program Files\Stardock\Fences\DesktopDock.dll (Stardock)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/28 09:47:54 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{389e073e-d435-11dd-9487-002186cc6a42}\Shell - "" = Autorun
O33 - MountPoints2\{389e073e-d435-11dd-9487-002186cc6a42}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{389e073e-d435-11dd-9487-002186cc6a42}\Shell\Open\command - "" = F:\RECYCLER\S-6-5-68-100004663-100018427-100003795-8448.com -- File not found
O33 - MountPoints2\{ac67bb8e-f48b-11dd-94b4-002186cc6a42}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\dhurley\Application Data\*.tmp files]
[2009/05/03 13:34:55 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\dhurley\Desktop\OTListIt2.exe
[2009/05/03 09:48:48 | 00,000,847 | ---- | C] () -- C:\WINDOWS\ST4UNST.002
[2009/05/03 07:49:34 | 15,066,3814 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\050309backup.reg
[2009/05/03 07:22:08 | 00,000,000 | ---D | C] -- C:\Program Files\Vizual Einstein ME
[2009/05/03 07:20:36 | 00,000,847 | ---- | C] () -- C:\WINDOWS\ST4UNST.001
[2009/05/03 07:20:26 | 00,000,863 | ---- | C] () -- C:\WINDOWS\ST4UNST.000
[2009/05/03 07:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\AAD CONSULTING
[2009/05/03 07:17:57 | 00,000,000 | ---D | C] -- C:\Program Files\My Whiteboard
[2009/05/03 07:17:07 | 00,000,000 | ---D | C] -- C:\Program Files\Access DASHBOARD® v2.0.1
[2009/05/03 07:11:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
[2009/05/03 07:11:26 | 00,000,712 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Seesmic Desktop.lnk
[2009/05/03 07:11:25 | 00,000,000 | ---D | C] -- C:\Program Files\Seesmic Desktop
[2009/05/02 21:30:47 | 01,277,952 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\TenTableTypes.accdb
[2009/05/02 21:30:18 | 00,312,917 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\30002143.accdt
[2009/05/02 21:29:01 | 02,490,368 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\Customer Service.accdb
[2009/05/02 21:28:35 | 01,321,541 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\10206879.accdt
[2009/05/02 21:19:28 | 00,483,328 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\Meeting Tracker.accdb
[2009/05/02 21:17:45 | 00,087,317 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\30001674.accdt
[2009/05/02 18:55:46 | 00,005,639 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\Attach.zip
[2009/05/02 11:13:50 | 57,733,120 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\OI Customer Service.accdb
[2009/05/02 11:12:55 | 01,593,484 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\10206880.accdt
[2009/05/01 22:29:26 | 21,369,61024 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/01 21:37:40 | 09,924,040 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\dhurley\Desktop\windows-kb890830-v2.9.exe
[2009/05/01 15:55:54 | 00,034,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2009/05/01 15:55:53 | 00,072,904 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2009/05/01 15:55:53 | 00,064,488 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2009/05/01 15:55:52 | 00,177,672 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2009/05/01 15:55:52 | 00,052,136 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdik.sys
[2009/05/01 14:26:19 | 00,104,448 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\ESR ClinicalMedical_04_2009_DRAFT.doc
[2009/04/30 18:29:46 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\McAfee
[2009/04/30 14:46:35 | 15,706,6278 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\NW_Backup_4-30-2009.nrbak
[2009/04/30 13:29:30 | 01,174,016 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\Summary_KOL profiling FINAL (032408)- Working Version.xls
[2009/04/29 07:59:34 | 00,000,000 | ---D | C] -- C:\Program Files\Annuaire
[2009/04/28 23:46:04 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/04/28 23:46:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/04/27 07:56:42 | 00,000,770 | ---- | C] () -- C:\Documents and Settings\dhurley\Start Menu\Programs\Startup\Evernote.lnk
[2009/04/26 10:51:47 | 00,000,000 | ---D | C] -- C:\Program Files\PhatWare
[2009/04/26 10:50:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\PhatWare
[2009/04/24 09:49:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/04/24 06:36:01 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/23 15:14:58 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/23 15:14:29 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/23 15:13:43 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/04/23 15:13:31 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/04/23 15:13:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/04/22 21:08:58 | 00,000,000 | ---D | C] -- C:\Program Files\Belvedere
[2009/04/22 13:36:58 | 00,030,338 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\Author form.pdf
[2009/04/21 17:29:56 | 00,000,000 | ---D | C] -- C:\Program Files\Dia
[2009/04/21 17:18:34 | 00,000,000 | ---D | C] -- C:\Program Files\CADE 2.13.16
[2009/04/21 16:35:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Desktop\New Folder
[2009/04/20 17:22:15 | 00,493,035 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\C
[2009/04/20 14:04:29 | 00,000,000 | ---D | C] -- C:\Program Files\Axon Data
[2009/04/20 13:50:27 | 00,000,804 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\Actual Window Manager.lnk
[2009/04/19 22:17:10 | 00,109,782 | ---- | C] () -- C:\WINDOWS\CopernicSummarizerUninstall.exe
[2009/04/19 22:17:09 | 00,000,000 | ---D | C] -- C:\Program Files\Copernic Summarizer
[2009/04/19 18:56:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\Famundo
[2009/04/19 18:55:14 | 00,000,000 | ---D | C] -- C:\Program Files\Famundo
[2009/04/19 10:16:54 | 00,000,000 | ---D | C] -- C:\Program Files\SoliCall
[2009/04/19 10:09:07 | 00,000,000 | ---D | C] -- C:\Program Files\Zards software
[2009/04/19 10:07:28 | 00,000,000 | ---D | C] -- C:\Program Files\Algebrus
[2009/04/18 22:47:07 | 00,000,000 | ---D | C] -- C:\Program Files\Cozi Outlook Toolbar
[2009/04/18 21:51:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\Audio Editor Deluxe
[2009/04/18 21:51:13 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTWMAFile2.dll
[2009/04/18 21:51:13 | 00,113,486 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx
[2009/04/18 21:51:12 | 00,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioTransform2.dll
[2009/04/18 21:51:12 | 00,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioVisualization2.dll
[2009/04/18 21:51:12 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioRecord2.dll
[2009/04/18 21:51:12 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioPlayer2.dll
[2009/04/18 21:51:11 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\NCTAudioFile2.dll
[2009/04/18 21:51:11 | 01,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioInformation2.dll
[2009/04/18 21:51:10 | 02,084,864 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDesign2.dll
[2009/04/18 21:51:10 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioEditor2.dll
[2009/04/18 21:51:10 | 00,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\WINDOWS\System32\NCTAudioDisplay2.dll
[2009/04/18 21:51:09 | 00,835,584 | ---- | C] (NCT) -- C:\WINDOWS\System32\NCTAudioCDGrabber2.dll
[2009/04/18 21:51:09 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70.dll
[2009/04/18 21:51:06 | 00,000,000 | ---D | C] -- C:\Program Files\Audio Editor Deluxe
[2009/04/17 23:21:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\Wondershare Video Converter Platinum
[2009/04/17 23:20:57 | 00,000,000 | ---D | C] -- C:\Program Files\Wondershare
[2009/04/17 00:06:01 | 00,000,000 | ---D | C] -- C:\Program Files\WindowTabs
[2009/04/16 23:57:00 | 00,000,000 | ---D | C] -- C:\Program Files\Deusty
[2009/04/16 22:56:43 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/16 22:55:29 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/04/16 22:55:23 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/04/16 22:55:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/04/15 13:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\Procaster
[2009/04/15 13:30:19 | 00,000,000 | ---D | C] -- C:\Program Files\TrendingBotLite
[2009/04/14 23:22:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\PlannerTemplates
[2009/04/14 23:21:56 | 00,000,000 | ---D | C] -- C:\Program Files\KFTF
[2009/04/14 16:50:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Local Settings\Apps
[2009/04/13 01:50:13 | 01,026,484 | ---- | C] () -- C:\Documents and Settings\dhurley\Desktop\2009-04-10 - Damien Bates - Presenation - DASH 040909 (dh comments).pptx
[2009/04/12 22:32:49 | 00,034,816 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\Laptop Catalog.xtdb
[2009/04/12 22:30:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\InfoLayout
[2009/04/12 22:29:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\My InfoLayout Catalogs
[2009/04/12 18:59:06 | 00,188,416 | ---- | C] (brother) -- C:\WINDOWS\System32\PDRVINST.DLL
[2009/04/12 18:59:06 | 00,086,016 | ---- | C] (brother) -- C:\WINDOWS\System32\BrWebIns.dll
[2009/04/12 18:59:06 | 00,069,632 | ---- | C] (brother) -- C:\WINDOWS\System32\BRWEBUP.EXE
[2009/04/12 18:58:54 | 00,006,224 | ---- | C] () -- C:\WINDOWS\CVRPAGE.BMP
[2009/04/12 18:58:51 | 00,126,976 | ---- | C] (Brother Industries,LTD) -- C:\WINDOWS\System32\BrfxD05a.dll
[2009/04/12 18:58:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/04/12 18:01:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrinterOn Corporation
[2009/04/12 11:45:19 | 00,000,000 | ---D | C] -- C:\Program Files\MAPILab Ltd
[2009/04/12 11:45:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Outlook Security Manager
[2009/04/12 10:08:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\1AVStreamer
[2009/04/12 10:08:24 | 00,073,728 | ---- | C] (PCWinSoft Systems Ltd) -- C:\WINDOWS\System32\TOverlay.ax
[2009/04/12 10:08:24 | 00,053,248 | ---- | C] (DeskShare) -- C:\WINDOWS\System32\DSTimeStamp.ax
[2009/04/12 10:08:24 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\wavdest.ax
[2009/04/12 10:08:23 | 00,692,224 | ---- | C] (Axis) -- C:\WINDOWS\System32\AxisToolBar.ocx
[2009/04/12 10:08:23 | 00,188,416 | ---- | C] (Unreal Streaming Technologies Group.) -- C:\WINDOWS\System32\UScreenCapture.ax
[2009/04/12 10:08:23 | 00,126,976 | ---- | C] (Ariel Systems) -- C:\WINDOWS\System32\ArielColorCtrl.ocx
[2009/04/12 10:08:23 | 00,036,864 | ---- | C] (Axis) -- C:\WINDOWS\System32\Sof2FFTPrj.ocx
[2009/04/12 10:08:23 | 00,024,576 | ---- | C] (Axis) -- C:\WINDOWS\System32\SpecBarPrj.ocx
[2009/04/12 10:08:19 | 00,000,000 | ---D | C] -- C:\Program Files\1AVStreamer
[2009/04/12 09:59:59 | 00,000,000 | ---D | C] -- C:\Program Files\Desktop Icon Toy
[2009/04/11 23:19:09 | 00,000,000 | ---D | C] -- C:\QUARANTINE
[2009/04/11 22:46:34 | 00,000,000 | ---D | C] -- C:\Program Files\Menu Inventor
[2009/04/11 22:09:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\Fingertips
[2009/04/11 22:09:42 | 00,000,000 | ---D | C] -- C:\Program Files\Fingertips
[2009/04/11 22:02:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\MyBrother
[2009/04/11 22:01:50 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Brother BrssCom
[2009/04/11 22:01:10 | 00,000,000 | ---D | C] -- C:\Program Files\Fingerprint
[2009/04/11 20:19:20 | 00,000,000 | ---D | C] -- C:\Program Files\yaTimer
[2009/04/11 19:55:33 | 00,000,000 | ---D | C] -- C:\Program Files\TinyGraphs
[2009/04/11 14:16:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CraigsPal
[2009/04/11 00:57:31 | 00,356,352 | ---- | C] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/04/11 00:41:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\YearPlanner
[2009/04/11 00:39:46 | 00,000,000 | ---D | C] -- C:\Program Files\C Software
[2009/04/11 00:22:07 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sparklines
[2009/04/11 00:22:07 | 00,000,000 | ---D | C] -- C:\Program Files\Sparklines
[2009/04/11 00:15:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\ndxCards
[2009/04/11 00:15:20 | 00,000,000 | ---D | C] -- C:\Program Files\ndxCards
[2009/04/11 00:11:41 | 00,000,915 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\TPP.dss
[2009/04/11 00:05:10 | 00,000,332 | -H-- | C] () -- C:\Documents and Settings\dhurley\Application Data\92a53abd262fdbcf36854f2537e126f6c812355b
[2009/04/11 00:05:10 | 00,000,332 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\92a53abd262fdbcf36854f2537e126f6c812355b
[2009/04/11 00:02:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iSpring Solutions
[2009/04/11 00:02:55 | 00,000,000 | ---D | C] -- C:\Program Files\iSpring
[2009/04/10 12:31:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\TurboTax
[2009/04/08 22:32:20 | 00,040,496 | ---- | C] (Paragon Software Group) -- C:\WINDOWS\System32\drivers\hotcore3.sys
[2009/04/08 22:31:16 | 00,000,000 | ---D | C] -- C:\Program Files\Paragon Software
[2009/04/08 17:40:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\Direct Access
[2009/04/08 16:05:53 | 00,000,000 | ---D | C] -- C:\Z5Com
[2009/04/08 11:47:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\Adverse Events
[2009/04/08 11:31:05 | 00,000,000 | ---D | C] -- C:\Program Files\HowTo-Outlook
[2009/04/07 21:03:49 | 00,000,000 | ---D | C] -- C:\Program Files\yWriter5
[2009/04/07 20:57:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\Move Networks
[2009/04/07 17:35:01 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\dhurley\My Documents\NP_Allam Poster_V2_kbg 07Apr2009.docx
[2009/04/07 14:00:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\Bump Technologies, Inc
[2009/04/07 13:59:20 | 00,000,000 | ---D | C] -- C:\Program Files\BumpTop
[2009/04/07 13:47:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\My Documents\Professional
[2009/04/07 12:46:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\dhurley\Application Data\Clicky Gone
[2009/04/07 12:46:32 | 00,000,000 | ---D | C] -- C:\Program Files\Clicky Gone
[2009/04/05 14:45:24 | 00,002,364 | ---- | C] () -- C:\config.xml
[2009/04/05 00:22:24 | 00,000,000 | ---D | C] -- C:\Program Files\DreameeSoft
[2009/04/04 19:16:08 | 00,000,000 | ---D | C] -- C:\Program Files\Fortis Software
[2009/04/04 11:16:39 | 00,000,000 | ---D | C] -- C:\Program Files\TimeTo
[2009/04/04 00:47:28 | 00,000,000 | ---D | C] -- C:\Program Files\ShirusuPad
[2009/04/04 00:46:27 | 00,000,000 | ---D | C] -- C:\Program Files\mindraider
[2009/03/25 08:38:11 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2009/03/12 22:29:39 | 00,000,150 | ---- | C] () -- C:\WINDOWS\PathMaker.INI
[2009/03/08 10:49:29 | 00,742,220 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/08 10:49:29 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/03 10:13:58 | 00,000,085 | ---- | C] () -- C:\WINDOWS\winrbsys0805.ini
[2009/02/20 16:00:11 | 00,167,936 | R--- | C] () -- C:\WINDOWS\System32\GBInf.dll
[2009/02/06 22:33:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\JDSecure31.INI
[2009/02/06 22:33:44 | 00,249,856 | ---- | C] () -- C:\WINDOWS\System32\LxrJD31.dll
[2009/02/06 22:33:44 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\LxrJD20Sat.dll
[2009/02/06 22:33:43 | 00,069,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrJD31d.sys
[2009/01/26 15:46:29 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\WIN.INI
[2009/01/26 15:46:29 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM.INI
[2009/01/26 15:46:29 | 00,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2009/01/23 15:30:01 | 00,040,004 | ---- | C] () -- C:\WINDOWS\System32\wmsctrl.dll
[2009/01/21 19:33:44 | 00,110,080 | ---- | C] () -- C:\WINDOWS\System32\W32mkrc.dll
[2009/01/11 09:31:48 | 00,000,056 | ---- | C] () -- C:\WINDOWS\azzCardfile Settings.ini
[2008/12/30 07:58:45 | 00,011,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\RVSDISK.sys
[2008/12/29 16:25:27 | 00,015,360 | ---- | C] () -- C:\WINDOWS\System32\GetInst32.dll
[2008/12/29 00:15:24 | 00,000,140 | ---- | C] () -- C:\WINDOWS\System32\09wutili.sys
[2008/12/27 17:20:01 | 00,000,168 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/12/27 16:24:58 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\TaskKeyHook.dll
[2008/12/27 16:19:52 | 00,015,744 | ---- | C] () -- C:\WINDOWS\System32\Wintab.dll
[2008/12/27 16:03:35 | 00,057,344 | R--- | C] () -- C:\WINDOWS\System32\PT21F.DLL
[2008/12/27 16:03:35 | 00,001,112 | R--- | C] () -- C:\WINDOWS\System32\PT21L.INI
[2008/12/10 15:35:09 | 00,002,984 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/10 15:35:09 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\F60927F702.sys
[2008/12/10 15:19:00 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dldovs.dll
[2008/12/10 15:18:56 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldocoin.dll
[2008/12/10 15:15:42 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMON.DLL
[2008/12/10 15:15:42 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\DLDOFXPU.DLL
[2008/12/10 15:15:21 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\dldooem.dll
[2008/12/10 15:15:21 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DLDOPMRC.DLL
[2008/12/10 15:13:47 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\dldoinst.dll
[2008/12/10 15:13:46 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohcp.dll
[2008/12/10 15:13:46 | 00,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoinpa.dll
[2008/12/10 15:13:46 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoiesc.dll
[2008/12/10 15:13:45 | 01,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoserv.dll
[2008/12/10 15:13:45 | 00,954,368 | ---- | C] ( ) -- C:\WINDOWS\System32\dldousb1.dll
[2008/12/10 15:13:45 | 00,503,808 | ---- | C] () -- C:\WINDOWS\System32\dldoutil.dll
[2008/12/10 15:13:44 | 00,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dldopmui.dll
[2008/12/10 15:13:44 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\dldolmpm.dll
[2008/12/10 15:13:44 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoinsb.dll
[2008/12/10 15:13:44 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dldojswr.dll
[2008/12/10 15:13:44 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\dldoprox.dll
[2008/12/10 15:13:43 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\dldohbn3.dll
[2008/12/10 15:13:43 | 00,176,128 | ---- | C] () -- C:\WINDOWS\System32\dldoins.dll
[2008/12/10 15:13:43 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\dldoinsr.dll
[2008/12/10 15:13:42 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\dldogrd.dll
[2008/12/10 15:13:42 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\dldocub.dll
[2008/12/10 15:13:41 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomc.dll
[2008/12/10 15:13:41 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\dldocomm.dll
[2008/12/10 15:13:41 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\dldocu.dll
[2008/12/10 15:13:41 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\dldocur.dll
[2008/12/04 22:32:49 | 00,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS4O.DLL
[2008/11/29 09:24:15 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/11/29 08:43:14 | 00,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2008/11/29 08:43:14 | 00,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/11/29 08:42:45 | 00,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2008/11/29 08:42:45 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2008/11/29 08:41:22 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2008/11/28 23:16:34 | 00,050,127 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/11/24 12:25:09 | 00,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/11/13 00:22:47 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/11/13 00:20:04 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/11/12 23:52:04 | 00,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/11/12 23:49:28 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2008/11/12 23:49:28 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2008/11/12 23:14:57 | 00,910,304 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008/11/12 23:14:57 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4831.dll
[2008/11/12 23:13:09 | 00,001,120 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/05/21 14:05:14 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\iebar.dll
[2007/12/21 18:46:32 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007/09/27 11:51:02 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/13 16:42:30 | 00,499,712 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2007/09/13 16:42:30 | 00,471,040 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2007/09/13 16:42:28 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2007/09/13 16:42:28 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2007/09/13 16:42:28 | 00,462,848 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2007/09/13 16:42:28 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2007/09/13 16:42:26 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2007/09/13 16:42:26 | 00,487,424 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2007/09/13 16:42:26 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2007/09/13 16:42:26 | 00,434,176 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2007/09/13 16:36:24 | 00,438,272 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2007/09/12 17:05:08 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2007/09/12 17:04:46 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2007/09/12 17:04:26 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2007/09/12 17:04:06 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2007/09/12 17:03:44 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2007/09/12 17:03:24 | 00,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2007/09/12 17:03:04 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2007/09/12 17:02:44 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2007/09/12 17:02:22 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2007/09/12 17:02:02 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2007/09/10 11:53:26 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2007/09/06 16:40:36 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\dldodrs.dll
[2007/08/31 14:51:11 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\dldocaps.dll
[2007/08/01 04:15:51 | 00,077,906 | ---- | C] () -- C:\WINDOWS\System32\dldocfg.dll
[2007/06/15 12:19:20 | 00,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/06/14 16:45:05 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dldocnv4.dll
[2007/04/18 12:25:36 | 00,165,204 | RHS- | C] () -- C:\WINDOWS\System32\jiaha.dll
[2007/02/06 18:45:04 | 00,025,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007/02/06 18:42:40 | 01,691,808 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2006/08/14 13:02:10 | 00,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/12 10:01:16 | 00,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2006/06/04 23:08:23 | 01,798,144 | R--- | C] () -- C:\WINDOWS\System32\ltmm_n.dll
[2005/10/14 17:09:48 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/07/22 23:30:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/10/17 15:42:48 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\see32.dll
[2004/09/10 15:34:00 | 00,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 15:34:00 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll
[2004/08/11 19:24:19 | 00,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 19:11:31 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 19:00:37 | 00,002,461 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/11 19:00:35 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2000/03/24 11:34:42 | 00,043,008 | ---- | C] () -- C:\WINDOWS\System32\f90SQLDVF.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\Documents and Settings\dhurley\Application Data\*.tmp files]
[2009/05/03 13:34:56 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\dhurley\Desktop\OTListIt2.exe
[2009/05/03 10:21:43 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/03 10:21:21 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\dhurley\Local Settings\desktop.ini
[2009/05/03 10:05:19 | 00,012,911 | ---- | M] () -- C:\WINDOWS\System32\tablet.dat
[2009/05/03 10:03:47 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/03 10:03:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/03 10:03:44 | 21,369,61024 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/03 09:48:58 | 00,000,847 | ---- | M] () -- C:\WINDOWS\ST4UNST.002
[2009/05/03 07:50:37 | 15,066,3814 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\050309backup.reg
[2009/05/03 07:22:03 | 00,286,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Setup1.exe
[2009/05/03 07:20:38 | 00,000,847 | ---- | M] () -- C:\WINDOWS\ST4UNST.001
[2009/05/03 07:20:32 | 00,000,863 | ---- | M] () -- C:\WINDOWS\ST4UNST.000
[2009/05/03 07:20:09 | 00,171,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\setup132.exe
[2009/05/03 07:20:09 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ST4UNST.EXE
[2009/05/03 07:20:09 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\stkit432.dll
[2009/05/03 07:11:26 | 00,000,712 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Seesmic Desktop.lnk
[2009/05/03 00:04:05 | 00,064,258 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\ThinkingRock 12-10-08.trx
[2009/05/02 21:33:32 | 00,483,328 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\Meeting Tracker.accdb
[2009/05/02 21:33:29 | 01,277,952 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\TenTableTypes.accdb
[2009/05/02 21:29:51 | 02,490,368 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\Customer Service.accdb
[2009/05/02 21:18:28 | 57,733,120 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\OI Customer Service.accdb
[2009/05/02 18:55:46 | 00,005,639 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\Attach.zip
[2009/05/01 14:26:20 | 00,104,448 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\ESR ClinicalMedical_04_2009_DRAFT.doc
[2009/05/01 12:06:05 | 00,000,332 | -H-- | M] () -- C:\Documents and Settings\dhurley\Application Data\92a53abd262fdbcf36854f2537e126f6c812355b
[2009/05/01 12:06:05 | 00,000,332 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\92a53abd262fdbcf36854f2537e126f6c812355b
[2009/04/30 19:07:15 | 09,924,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\dhurley\Desktop\windows-kb890830-v2.9.exe
[2009/04/30 15:14:59 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/04/30 14:49:25 | 15,706,6278 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\NW_Backup_4-30-2009.nrbak
[2009/04/30 13:29:30 | 01,174,016 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\Summary_KOL profiling FINAL (032408)- Working Version.xls
[2009/04/29 19:54:20 | 00,057,856 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\KOL Management Plan DRAFT 042309.xls
[2009/04/29 02:00:32 | 00,000,518 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Language Model Optimization.job
[2009/04/28 23:54:23 | 00,000,316 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/04/28 10:49:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/27 15:21:27 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/04/27 15:20:47 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/04/27 07:56:42 | 00,000,770 | ---- | M] () -- C:\Documents and Settings\dhurley\Start Menu\Programs\Startup\Evernote.lnk
[2009/04/24 16:00:01 | 00,000,680 | ---- | M] () -- C:\WINDOWS\tasks\ABF Outlook Backup 3 - Backup Task.job
[2009/04/24 10:03:56 | 00,002,461 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/24 10:03:56 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/24 10:03:56 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/04/24 09:40:35 | 00,000,085 | ---- | M] () -- C:\WINDOWS\winrbsys0805.ini
[2009/04/23 02:05:27 | 00,000,494 | ---- | M] () -- C:\WINDOWS\tasks\NatSpeak Periodic Acoustic Optimization.job
[2009/04/21 17:48:30 | 00,002,515 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\Microsoft Office Word 2007.lnk
[2009/04/21 14:01:46 | 00,002,473 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\Microsoft Office Excel 2007.lnk
[2009/04/21 08:41:06 | 00,002,521 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\Microsoft Office Outlook 2007.lnk
[2009/04/20 13:50:27 | 00,000,804 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\Actual Window Manager.lnk
[2009/04/17 21:53:30 | 00,064,258 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\ThinkingRock 12-10-08.bak.trx
[2009/04/16 23:46:33 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/04/13 01:50:14 | 01,026,484 | ---- | M] () -- C:\Documents and Settings\dhurley\Desktop\2009-04-10 - Damien Bates - Presenation - DASH 040909 (dh comments).pptx
[2009/04/12 22:32:49 | 00,034,816 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\Laptop Catalog.xtdb
[2009/04/12 19:00:39 | 00,000,419 | ---- | M] () -- C:\WINDOWS\BRWMARK.INI
[2009/04/12 19:00:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\BRPP2KA.INI
[2009/04/12 19:00:00 | 00,000,225 | ---- | M] () -- C:\WINDOWS\Brpfx04a.ini
[2009/04/12 19:00:00 | 00,000,093 | ---- | M] () -- C:\WINDOWS\brpcfx.ini
[2009/04/12 19:00:00 | 00,000,050 | ---- | M] () -- C:\WINDOWS\System32\bridf06a.dat
[2009/04/12 10:21:40 | 00,392,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/11 00:57:31 | 00,356,352 | ---- | M] (eSellerate Inc.) -- C:\WINDOWS\eSellerateEngine.dll
[2009/04/11 00:11:41 | 00,000,915 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\TPP.dss
[2009/04/07 17:35:01 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\dhurley\My Documents\NP_Allam Poster_V2_kbg 07Apr2009.docx
[2009/04/06 08:35:00 | 00,073,728 | ---- | M] (PCWinSoft Systems Ltd) -- C:\WINDOWS\System32\TOverlay.ax
[2009/04/06 08:34:40 | 00,692,224 | ---- | M] (Axis) -- C:\WINDOWS\System32\AxisToolBar.ocx
[2009/04/06 07:57:26 | 24,921,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/04/05 14:45:24 | 00,002,364 | ---- | M] () -- C:\config.xml

========== Alternate Data Streams ==========

@Alternate Data Stream - 296 bytes -> C:\Documents and Settings\dhurley\My Documents\C:SummaryInformation
@Alternate Data Stream - 231 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CD8ADF87
@Alternate Data Stream - 222 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:313B6626
@Alternate Data Stream - 166 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F0FFA06
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ED3F622D
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9931BC8C
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:87F27901
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85551434
< End of report >


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.



#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:19 AM

Posted 04 May 2009 - 08:31 AM

Do you have the log from Gmer?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 dphurley

dphurley
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 04 May 2009 - 08:48 AM

Do you have the log from Gmer?



Sorry Sam,

I was away from my computer for awhile.

I ran the scan and it asked if I wanted to run a full scan and I said no and copied the log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-04 09:48:42
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA73031AD]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA73031D7]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA7303141]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA730316D]
Code 8A7BD3B0 ZwEnumerateKey
Code 8A5E8128 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA7303201]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA7303117]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA73031C1]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA7303157]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA7303199]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA7303217]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA73031EB]
Code 8A99AD16 IofCallDriver
Code 8A9222CE IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxctqgvrrfuvmknelryntpjlpaltowxuqij.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

#6 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:19 AM

Posted 04 May 2009 - 09:36 AM

That's just what I needed to see! :thumbup2:




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#7 dphurley

dphurley
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 04 May 2009 - 10:53 AM

Sam,

Here is the ComboFix Log:

ComboFix 09-05-02.4 - dhurley 05/04/2009 11:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1452 [GMT -4:00]
Running from: c:\documents and settings\dhurley\My Documents\Download\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated)
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-8-19-100015644-100022055-100030331-1331.com
c:\windows\system32\drivers\gxvxcqiallfilysibskxninfiemkbjnpbbmsq.sys
c:\windows\system32\drivers\gxvxctqgvrrfuvmknelryntpjlpaltowxuqij.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcyacsinyrydwjvyemkpcuflnqlknadnol.dll
c:\windows\system32\x64
c:\windows\system32\zip32.dll

----- BITS: Possible infected sites -----

hxxp://app.timebridge.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-04 to 2009-05-04 )))))))))))))))))))))))))))))))
.

2009-05-03 11:22 . 2009-05-03 13:46 -------- d-----w c:\program files\Vizual Einstein ME
2009-05-03 11:19 . 2009-05-03 11:19 -------- d-----w c:\program files\AAD CONSULTING
2009-05-03 11:17 . 2009-05-03 11:17 -------- d-----w c:\program files\My Whiteboard
2009-05-03 11:17 . 2009-05-03 15:27 -------- d-----w c:\program files\Access DASHBOARD® v2.0.1
2009-05-03 11:11 . 2009-05-03 11:11 -------- d-----w c:\documents and settings\dhurley\Application Data\com.seesmic.desktop.client.D89F32799270693BEF34AAA36E9B2632B59240FA.1
2009-05-03 11:11 . 2009-05-03 11:11 -------- d-----w c:\program files\Seesmic Desktop
2009-05-01 20:21 . 2009-05-01 20:21 -------- d-----w c:\documents and settings\administrator.OI_NT_DOMAIN\Application Data\ArcticLine
2009-05-01 19:55 . 2008-10-07 00:50 34344 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-05-01 19:55 . 2008-10-07 00:50 64488 ----a-w c:\windows\system32\drivers\mfeapfk.sys
2009-05-01 19:55 . 2008-10-07 00:50 72904 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-05-01 19:55 . 2008-10-07 00:50 52136 ----a-w c:\windows\system32\drivers\mfetdik.sys
2009-05-01 19:55 . 2008-10-07 00:50 177672 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-04-30 22:29 . 2009-04-30 22:29 -------- d-----w c:\program files\Common Files\McAfee
2009-04-29 12:01 . 2009-04-29 12:15 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\Runscanner.net
2009-04-29 11:59 . 2009-04-29 11:59 -------- d-----w c:\program files\Annuaire
2009-04-29 03:46 . 2009-04-29 13:02 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-29 03:46 . 2009-04-30 13:02 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-26 14:51 . 2009-04-26 14:51 -------- d-----w c:\program files\PhatWare
2009-04-26 14:50 . 2009-04-26 14:50 -------- d-----w c:\documents and settings\dhurley\Application Data\PhatWare
2009-04-26 03:26 . 2009-04-26 03:26 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-24 10:36 . 2009-04-27 19:21 15688 ----a-w c:\windows\system32\lsdelete.exe
2009-04-23 19:14 . 2009-04-27 19:20 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-23 19:13 . 2009-04-23 19:13 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-23 19:13 . 2009-04-23 19:13 -------- d-----w c:\program files\Lavasoft
2009-04-23 19:13 . 2009-04-23 19:14 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-23 01:08 . 2009-04-23 01:09 -------- d-----w c:\program files\Belvedere
2009-04-21 21:30 . 2009-04-26 15:01 -------- d-----w c:\documents and settings\dhurley\.dia
2009-04-21 21:29 . 2009-04-21 21:40 -------- d-----w c:\program files\Dia
2009-04-21 21:18 . 2009-04-21 21:18 -------- d-----w c:\program files\CADE 2.13.16
2009-04-20 18:04 . 2009-04-20 18:04 -------- d-----w c:\program files\Axon Data
2009-04-20 17:45 . 2009-04-20 17:45 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\NTRU Cryptosystems
2009-04-20 17:45 . 2009-04-20 17:45 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\Wave Systems Corp
2009-04-20 02:17 . 2001-07-11 19:09 109782 ----a-w c:\windows\CopernicSummarizerUninstall.exe
2009-04-20 02:17 . 2009-04-20 14:54 -------- d-----w c:\program files\Copernic Summarizer
2009-04-19 22:56 . 2009-04-19 22:56 -------- d-----w c:\documents and settings\dhurley\Application Data\Famundo
2009-04-19 22:55 . 2009-04-19 22:55 -------- d-----w c:\program files\Famundo
2009-04-19 15:00 . 2009-04-19 15:00 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\Cozi
2009-04-19 14:16 . 2009-04-19 14:16 -------- d-----w c:\program files\SoliCall
2009-04-19 14:09 . 2009-04-19 14:09 -------- d-----w c:\program files\Zards software
2009-04-19 14:07 . 2009-04-19 14:07 -------- d-----w c:\program files\Algebrus
2009-04-19 02:47 . 2009-04-19 02:47 -------- d-----w c:\program files\Cozi Outlook Toolbar
2009-04-19 01:55 . 2009-04-19 01:55 -------- d-----w c:\documents and settings\dhurley\My Projects
2009-04-18 03:20 . 2009-04-18 03:20 -------- d-----w c:\program files\Wondershare
2009-04-17 04:06 . 2009-04-17 04:06 -------- d-----w c:\program files\WindowTabs
2009-04-17 03:57 . 2009-04-17 03:57 -------- d-----w c:\program files\Deusty
2009-04-17 03:52 . 2009-04-17 03:52 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\Deusty
2009-04-17 02:55 . 2009-04-17 02:55 -------- d-----w c:\program files\iPod
2009-04-17 02:55 . 2009-04-17 02:56 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-17 02:55 . 2009-04-17 02:56 -------- d-----w c:\program files\iTunes
2009-04-15 17:46 . 2009-04-17 02:03 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\procaster
2009-04-15 17:46 . 2009-04-15 17:46 -------- d-----w c:\program files\Procaster
2009-04-15 17:30 . 2009-04-15 17:34 -------- d-----w c:\program files\TrendingBotLite
2009-04-15 03:22 . 2009-04-19 01:55 -------- d-----w c:\documents and settings\dhurley\Application Data\PlannerTemplates
2009-04-15 03:21 . 2009-04-15 03:21 -------- d-----w c:\program files\KFTF
2009-04-14 20:50 . 2009-04-14 20:50 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\Deployment
2009-04-13 02:30 . 2009-04-19 01:14 -------- d-----w c:\documents and settings\dhurley\Application Data\InfoLayout
2009-04-12 22:59 . 2004-12-03 05:26 188416 ------w c:\windows\system32\PDRVINST.DLL
2009-04-12 22:59 . 2005-06-02 05:09 86016 ------w c:\windows\system32\BrWebIns.dll
2009-04-12 22:59 . 2005-06-02 05:08 69632 ------w c:\windows\system32\BRWEBUP.EXE
2009-04-12 22:58 . 2006-01-17 05:03 126976 ------w c:\windows\system32\BrfxD05a.dll
2009-04-12 22:58 . 2003-11-28 22:57 0 ----a-w c:\windows\brdfxspd.dat
2009-04-12 22:01 . 2009-04-12 22:01 -------- d-----w c:\documents and settings\All Users\Application Data\PrinterOn Corporation
2009-04-12 17:35 . 2009-04-12 17:35 -------- d-----w c:\documents and settings\dhurley\brother
2009-04-12 15:45 . 2009-04-12 15:45 -------- d-----w c:\program files\Common Files\Outlook Security Manager
2009-04-12 15:45 . 2009-04-12 15:45 -------- d-----w c:\program files\MAPILab Ltd
2009-04-12 14:08 . 2009-04-12 14:54 -------- d-----w c:\program files\1AVStreamer
2009-04-12 13:59 . 2009-04-12 14:00 -------- d-----w c:\program files\Desktop Icon Toy
2009-04-12 03:19 . 2009-05-04 15:21 -------- d-----w C:\QUARANTINE
2009-04-12 02:46 . 2009-04-12 02:46 -------- d-----w c:\program files\Menu Inventor
2009-04-12 02:09 . 2009-04-12 02:09 -------- d-----w c:\program files\Fingertips
2009-04-12 02:01 . 2009-04-12 02:01 -------- d-----w c:\program files\Common Files\Brother BrssCom
2009-04-12 02:01 . 2009-04-12 02:01 -------- d-----w c:\program files\Fingerprint
2009-04-12 00:19 . 2009-04-12 00:19 -------- d-----w c:\program files\yaTimer
2009-04-11 23:55 . 2009-04-11 23:55 -------- d-----w c:\program files\TinyGraphs
2009-04-11 18:16 . 2009-04-11 23:59 -------- d-----w c:\documents and settings\All Users\Application Data\CraigsPal
2009-04-11 04:57 . 2009-04-11 04:57 356352 ----a-w c:\windows\eSellerateEngine.dll
2009-04-11 04:39 . 2009-04-11 04:39 -------- d-----w c:\program files\C Software
2009-04-11 04:22 . 2009-04-11 04:22 -------- d-----w c:\windows\Sparklines
2009-04-11 04:22 . 2009-04-15 18:34 -------- d-----w c:\program files\Sparklines
2009-04-11 04:15 . 2009-04-24 13:44 -------- d-----w c:\documents and settings\dhurley\Application Data\ndxCards
2009-04-11 04:15 . 2009-04-11 04:15 -------- d-----w c:\program files\ndxCards
2009-04-11 04:02 . 2009-04-11 04:03 -------- d-----w c:\program files\Common Files\iSpring Solutions
2009-04-11 04:02 . 2009-04-11 04:02 -------- d-----w c:\program files\iSpring
2009-04-10 16:18 . 2009-04-10 16:18 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\Intuit
2009-04-09 02:32 . 2008-12-13 18:47 40496 ----a-w c:\windows\system32\drivers\hotcore3.sys
2009-04-09 02:31 . 2009-04-09 02:31 -------- d-----w c:\program files\Paragon Software
2009-04-08 21:40 . 2009-04-09 20:18 -------- d-----w c:\documents and settings\dhurley\Application Data\Direct Access
2009-04-08 20:05 . 2009-04-08 20:05 -------- d-----w C:\Z5Com
2009-04-08 15:31 . 2009-04-08 15:31 -------- d-----w c:\program files\HowTo-Outlook
2009-04-08 01:03 . 2009-04-08 01:03 -------- d-----w c:\program files\yWriter5
2009-04-08 00:57 . 2009-04-08 00:57 -------- d-----w c:\documents and settings\dhurley\Application Data\Move Networks
2009-04-07 18:01 . 2009-04-07 18:01 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\Bump Technologies, Inc
2009-04-07 18:00 . 2009-04-07 18:00 -------- d-----w c:\documents and settings\dhurley\Application Data\Bump Technologies, Inc
2009-04-07 17:59 . 2009-04-07 17:59 -------- d-----w c:\program files\BumpTop
2009-04-07 16:46 . 2009-04-07 16:46 -------- d-----w c:\documents and settings\dhurley\Application Data\Clicky Gone
2009-04-07 16:46 . 2009-04-07 16:46 -------- d-----w c:\program files\Clicky Gone
2009-04-05 04:22 . 2009-04-05 04:22 -------- d-----w c:\program files\DreameeSoft
2009-04-04 23:16 . 2009-04-04 23:16 -------- d-----w c:\program files\Fortis Software
2009-04-04 15:39 . 2009-04-12 22:02 -------- d-----w c:\documents and settings\dhurley\Local Settings\Application Data\PrinterOn Corporation

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-04 15:34 . 2008-11-24 20:23 0 ----a-w c:\documents and settings\dhurley\Local Settings\Application Data\WavXMapDrive.bat
2009-05-04 15:31 . 2008-12-27 20:20 12911 ----a-w c:\windows\system32\tablet.dat
2009-05-04 15:31 . 2004-08-11 23:20 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-04 12:59 . 2008-12-15 20:30 -------- d-----w c:\program files\Mozilla Thunderbird 3 Beta 1
2009-05-03 11:22 . 2009-02-21 03:55 286720 ------w c:\windows\Setup1.exe
2009-05-03 11:20 . 2002-05-28 00:00 60416 ----a-w c:\windows\ST4UNST.EXE
2009-05-03 11:20 . 2002-05-28 00:00 171520 ----a-w c:\windows\setup132.exe
2009-05-01 20:20 . 2008-11-26 00:43 -------- d-----w c:\program files\CallWave
2009-05-01 19:55 . 2008-11-24 16:24 -------- d-----w c:\program files\McAfee
2009-05-01 19:52 . 2009-04-30 21:44 0 ----a-w c:\documents and settings\administrator.OI_NT_DOMAIN\Local Settings\Application Data\WavXMapDrive.bat
2009-05-01 16:06 . 2009-04-11 04:05 66 ----a-w c:\documents and settings\dhurley\Application Data\ispro4_0.tmp
2009-04-30 19:14 . 2009-04-23 19:14 472 ----a-w c:\windows\Tasks\Ad-Aware Update (Weekly).job
2009-04-29 06:00 . 2009-03-26 20:40 518 ----a-w c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
2009-04-29 03:54 . 2009-02-21 04:14 316 ----a-w c:\windows\Tasks\GlaryInitialize.job
2009-04-28 14:49 . 2008-12-03 16:53 284 ----a-w c:\windows\Tasks\AppleSoftwareUpdate.job
2009-04-26 18:43 . 2009-01-23 18:50 -------- d-----w c:\program files\Pocket Informant
2009-04-26 14:54 . 2008-12-16 01:28 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-24 20:00 . 2008-12-28 18:25 680 ----a-w c:\windows\Tasks\ABF Outlook Backup 3 - Backup Task.job
2009-04-24 13:53 . 2009-03-03 14:13 -------- d-----w c:\program files\RoboBasket 1.1.22
2009-04-24 13:38 . 2009-02-02 04:12 -------- d-----w c:\program files\Taskbar Shuffle
2009-04-23 06:05 . 2009-03-26 20:40 494 ----a-w c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
2009-04-19 14:04 . 2009-01-25 17:16 -------- d-----w c:\program files\TaggedFrog
2009-04-19 01:51 . 2009-04-19 01:51 -------- d-----w c:\program files\Audio Editor Deluxe
2009-04-17 02:55 . 2008-12-03 16:52 -------- d-----w c:\program files\Common Files\Apple
2009-04-17 02:18 . 2008-12-30 04:12 -------- d-----w c:\program files\Moyea
2009-04-15 17:54 . 2008-12-26 04:00 -------- d-----w c:\program files\ooVoo
2009-04-12 23:00 . 2008-11-29 12:42 50 ----a-w c:\windows\system32\bridf06a.dat
2009-04-12 22:59 . 2008-11-13 03:43 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-12 22:58 . 2008-11-13 03:43 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-12 22:16 . 2008-12-22 16:08 -------- d-----w c:\program files\PrinterOn Corporation
2009-04-12 21:10 . 2008-11-29 12:41 -------- d-----w c:\program files\Brother
2009-04-12 14:22 . 2008-11-13 03:57 100112 ----a-w c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-12 12:50 . 2008-11-13 04:15 100112 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-09 01:02 . 2009-04-04 15:16 -------- d-----w c:\program files\TimeTo
2009-04-04 04:59 . 2009-04-04 04:47 -------- d-----w c:\program files\ShirusuPad
2009-04-04 04:47 . 2009-04-04 04:46 -------- d-----w c:\program files\mindraider
2009-04-01 14:19 . 2009-04-01 14:19 513 ----a-w c:\windows\Tasks\MessageSave Task for dhurley.job
2009-03-31 21:42 . 2009-03-31 21:42 -------- d-----w c:\program files\Blue Onion Software
2009-03-31 16:10 . 2008-11-13 03:38 -------- d-----w c:\program files\Java
2009-03-31 15:41 . 2008-12-19 13:30 -------- d-----w c:\program files\DesktopTakeover
2009-03-30 13:34 . 2009-03-30 13:34 -------- d-----w c:\program files\temp
2009-03-28 19:25 . 2009-03-28 19:25 -------- d-----w c:\program files\KonoLive
2009-03-28 19:16 . 2009-03-23 01:18 -------- d-----w c:\program files\VS Revo Group
2009-03-28 18:50 . 2009-03-28 18:16 -------- d-----w c:\program files\XWindowsDock
2009-03-27 04:35 . 2009-03-27 04:35 -------- d-----w c:\program files\kalmstrom.com
2009-03-26 20:41 . 2009-03-26 20:41 3073 ----a-w c:\documents and settings\dhurley\Application Data\SAS7_000.DAT
2009-03-24 16:35 . 2009-03-12 00:09 -------- d-----w c:\program files\Piconote
2009-03-24 15:54 . 2009-03-23 01:34 -------- d-----w c:\program files\ArtRingtoneMaker
2009-03-23 02:04 . 2008-12-07 20:42 -------- d-----w c:\program files\Decision Oven
2009-03-23 01:54 . 2009-03-23 01:54 -------- d-----w c:\program files\Microsoft Recite
2009-03-23 01:46 . 2008-11-13 04:08 -------- d-----w c:\program files\Google
2009-03-23 01:30 . 2009-03-23 01:30 11315 ----a-w c:\windows\unins001.dat
2009-03-23 01:29 . 2009-03-23 01:30 700250 ----a-w c:\windows\unins001.exe
2009-03-23 01:28 . 2009-03-23 01:28 -------- d-----w c:\program files\CADEMIA
2009-03-23 01:24 . 2009-03-23 01:24 -------- d-----w c:\program files\Avery
2009-03-22 14:39 . 2009-03-22 14:39 -------- d-----w c:\program files\PhotoFiltre
2009-03-22 11:27 . 2009-03-22 11:27 -------- d-----w c:\program files\wisco
2009-03-22 00:43 . 2009-03-22 00:43 -------- d-----w c:\program files\TaskSwitchXP
2009-03-22 00:28 . 2009-03-22 00:28 2548 ----a-w c:\windows\unins000.dat
2009-03-22 00:28 . 2009-03-22 00:28 701116 ----a-w c:\windows\unins000.exe
2009-03-20 02:12 . 2009-03-20 02:12 -------- d-----w c:\program files\Brain Workshop
2009-03-19 20:32 . 2008-12-03 16:55 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 19:29 . 2009-02-10 16:05 -------- d-----w c:\program files\Smead Viewables
2009-03-18 00:41 . 2009-03-18 00:41 -------- d-----w c:\program files\LoquiSoft
2009-03-18 00:40 . 2009-03-16 01:31 -------- d-----w c:\program files\Axonic
2009-03-17 20:27 . 2009-03-17 20:27 -------- d-----w c:\program files\AlertThingy
2009-03-17 13:00 . 2009-03-15 02:29 -------- d-----w c:\program files\LittleShoot-0.61
2009-03-16 01:31 . 2009-03-16 01:31 -------- d-----w c:\program files\Common Files\Redemption
2009-03-15 02:31 . 2009-03-15 02:31 -------- d-----w c:\program files\Iconix eMailID
2009-03-15 02:28 . 2009-03-15 02:28 -------- d-----w c:\program files\PhotoScape
2009-03-13 21:50 . 2009-03-13 21:50 -------- d-----w c:\program files\Spaz
2009-03-13 21:42 . 2009-03-13 21:42 -------- d-----w c:\program files\TweetDeck
2009-03-13 17:35 . 2009-03-13 17:35 -------- d-----w c:\program files\twhirl
2009-03-13 17:35 . 2008-12-12 22:04 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-13 02:30 . 2009-03-13 02:30 -------- d-----w c:\program files\Common Files\Software FX Shared
2009-03-13 02:29 . 2009-03-13 02:29 -------- d-----w c:\program files\SkyMark
2009-03-12 17:24 . 2009-03-12 17:24 -------- d-----w c:\program files\WebIS
2009-03-12 17:22 . 2009-03-12 17:22 -------- d-----w c:\program files\FranklinCovey
2009-03-12 00:25 . 2009-03-12 00:24 -------- d-----w c:\program files\Texter
2009-03-12 00:22 . 2009-03-12 00:22 -------- d-----w c:\program files\Consideo
2009-03-12 00:19 . 2009-03-12 00:19 -------- d-----w c:\program files\IMBT
2009-03-12 00:16 . 2009-03-12 00:16 -------- d-----w c:\program files\AWicons Pro
2009-03-10 06:12 . 2008-12-14 22:44 -------- d-----w c:\program files\MPlayer for Windows
2009-03-09 09:19 . 2008-11-24 21:04 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 20:38 . 2009-02-25 17:29 -------- d-----w c:\program files\Protege_4.0_beta
2009-03-08 20:38 . 2009-03-08 20:37 14971 ---ha-w c:\program files\VISTAMETRIX.GID
2009-03-08 20:33 . 2009-02-21 03:55 73216 ------w c:\windows\ST6UNST.EXE
2009-03-08 20:32 . 2009-02-25 18:35 -------- d-----w c:\program files\MindModel
2009-03-08 14:49 . 2009-03-08 14:49 81920 ----a-w c:\documents and settings\dhurley\Application Data\ezpinst.exe
2009-03-08 14:49 . 2009-03-08 14:49 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-03-08 14:49 . 2009-03-08 14:49 47360 ----a-w c:\documents and settings\dhurley\Application Data\pcouffin.sys
2009-03-08 14:49 . 2009-03-08 14:49 -------- d-----w c:\program files\Extra DVD Tools
2009-03-08 14:43 . 2009-03-08 14:43 -------- d-----w c:\program files\CD-Door Guard
2009-03-07 15:12 . 2009-03-07 15:12 -------- d-----w c:\program files\GUESS
2009-03-06 13:06 . 2009-03-06 13:05 -------- d-----w c:\program files\IHMC CmapTools
2009-03-06 12:51 . 2009-03-06 12:51 -------- d-----w c:\program files\VUE
2009-03-06 12:21 . 2009-03-06 12:21 -------- d-----w c:\program files\Driver Magician
2009-03-06 03:48 . 2008-11-25 18:43 -------- d-----w c:\program files\TechHit.com
2009-03-05 14:53 . 2008-12-28 18:35 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-02-20 18:55 . 2009-02-20 18:55 8057970 ----a-w c:\documents and settings\All Users\SPL7F.tmp
2009-01-22 01:21 . 2008-12-10 19:35 88 --sh--r c:\windows\system32\F60927F702.sys
2007-04-18 16:25 . 2007-04-18 16:25 165204 --sha-r c:\windows\system32\jiaha.dll
2009-01-22 01:22 . 2008-12-10 19:35 2984 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-08-22 12:48 233472 ------w c:\program files\sos online backup\CtxMenu_1_0_0_9.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"TimeBridge Connector for Outlook"="c:\documents and settings\dhurley\Application Data\TimeBridge\TimeBridge Connector for Outlook\TimeBridgeConnectorForOutlook.exe" [2009-01-09 32768]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"1&1 EasyLogin"="c:\program files\1&1\1&1 EasyLogin\EasyLogin.exe" [2009-03-19 2200064]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-05-01 2329936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-25 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-05-18 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-05-18 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-05-18 138008]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2008-02-22 1245184]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-12-05 405504]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"LDTray"="c:\program files\Livescribe\Livescribe Desktop\LDTray.exe" [2008-11-21 413696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" [2007-04-16 259624]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-08-03 529968]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-10-07 111952]

c:\documents and settings\dhurley\Start Menu\Programs\Startup\
Evernote.lnk - c:\program files\Evernote\Evernote3\EvernoteTray.exe [2008-11-25 350656]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-8-24 101784]
QuickMonth Calendar.lnk - c:\windows\qmc.exe [2009-3-21 429003]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
CallWave.lnk - c:\program files\CallWave\IAM.exe [2008-11-25 1940280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-11-12 50688]
TabUserW.exe.lnk - c:\windows\system32\WTablet\TabUserW.exe [2008-12-27 114688]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"= "c:\program files\Stardock\Fences\DesktopDock.dll" [2009-02-04 513384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-27 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= DrvTrNTm.dll
"mixer"= DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ListProAlarms.lnk]
backup=c:\windows\pss\ListProAlarms.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Process Manager for Windows 1.6.192.lnk]
backup=c:\windows\pss\Process Manager for Windows 1.6.192.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^dhurley^Start Menu^Programs^Startup^eFax 4.4.lnk]
backup=c:\windows\pss\eFax 4.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dhurley^Start Menu^Programs^Startup^RoboBasket.lnk]
backup=c:\windows\pss\RoboBasket.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dhurley^Start Menu^Programs^Startup^Stickies.lnk]
backup=c:\windows\pss\Stickies.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dhurley^Start Menu^Programs^Startup^WindowTabs.lnk]
backup=c:\windows\pss\WindowTabs.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dhurley^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
backup=c:\windows\pss\Yahoo! Widgets.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^dhurley^Start Menu^Programs^Startup^Yankee Clipper X.lnk]
backup=c:\windows\pss\Yankee Clipper X.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bywifi

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"KADxMain"=c:\windows\system32\KADxMain.exe
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldomon.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Deusty\\Mojo\\Mojo.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\CollanosWorkplace\\phone\\CollanosPhone.exe"=
"c:\\Program Files\\CollanosWorkplace\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\ooVoo\\ooVoo.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Accomplice\\AccompliceApp.exe"=
"c:\\Program Files\\NEO Find\\NeoFind.exe"=
"c:\\Program Files\\Reference Manager 12 Demo\\WebPublisher\\thirdparty\\Apache2\\bin\\RMWP_Apache.exe"=
"c:\\Program Files\\PhraseExpress\\PhraseExpress.exe"=
"c:\\Documents and Settings\\dhurley\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"=
"c:\\Program Files\\loadngo\\Task\\Task.exe"=
"c:\\Program Files\\VUE\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\X2Net\\X2Net OneStore\\x2netOneStore.exe"=
"c:\\Program Files\\LittleShoot-0.61\\LittleShoot.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Dell 968 AIO Printer\\dldoafcn.exe"=
"c:\\Program Files\\Dell 968 AIO Printer\\dldoaiox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"49300:TCP"= 49300:TCP:PrintWhere.49300
"49301:TCP"= 49301:TCP:PrintWhere.49301
"49302:TCP"= 49302:TCP:PrintWhere.49302
"49303:TCP"= 49303:TCP:PrintWhere.49303
"49304:TCP"= 49304:TCP:PrintWhere.49304
"50300:TCP"= 50300:TCP:PrintWhere.50300
"50301:TCP"= 50301:TCP:PrintWhere.50301
"50302:TCP"= 50302:TCP:PrintWhere.50302
"50303:TCP"= 50303:TCP:PrintWhere.50303
"50304:TCP"= 50304:TCP:PrintWhere.50304
"48300:TCP"= 48300:TCP:PrintWhere.48300
"48301:TCP"= 48301:TCP:PrintWhere.48301
"48302:TCP"= 48302:TCP:PrintWhere.48302
"48303:TCP"= 48303:TCP:PrintWhere.48303
"48304:TCP"= 48304:TCP:PrintWhere.48304

R2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R2 gupdate1c98aad45b1eb9e;Google Update Service (gupdate1c98aad45b1eb9e);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 133104]
R2 UltraMonUtility;UltraMon Utility Driver; [x]
R3 ATP;ArrayNetworks SSL VPN Miniport Driver;c:\windows\system32\DRIVERS\atpdrvr.sys [2007-08-09 16896]
R3 CGY013;CW-K85 Device;c:\windows\system32\DRIVERS\CGY013.sys [2006-03-14 24093]
R3 MSSQL$NR2007;SQL Server (NR2007);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\DRIVERS\PTDMBus.sys [2007-08-18 29952]
R3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\DRIVERS\PTDMMdm.sys [2007-08-18 41856]
R3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\DRIVERS\PTDMVsp.sys [2007-08-18 39936]
R3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\DRIVERS\PTDMWWAN.sys [2007-08-18 59520]
R3 RMWPService;RMWPService;c:\program files\Reference Manager 12 Demo\WebPublisher\thirdparty\Apache2\bin\RMWP_Apache_Admin.exe [2004-01-28 20537]
R3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys [2008-09-02 38528]
R3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys [2008-09-02 35328]
S0 hotcore3;Hotcore helper;c:\windows\system32\DRIVERS\hotcore3.sys [2008-12-13 40496]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-27 64160]
S0 RVSDISK;RVSDISK;c:\windows\system32\Drivers\RVSDISK.sys [2008-12-30 11904]
S0 RVSYSTEM;RVSYSTEM;c:\windows\system32\Drivers\RVSYSTEM.sys [2008-12-30 38272]
S2 Array_Utility_Service8.2.0.11;Array Utility Service 8,2,0,11;c:\program files\Array Networks\Common\8,2,0,11\arr_isrv.exe [2007-09-20 307260]
S2 ArraySSL_VPN_Service8.2.0.11;Array SSL VPN Service 8,2,0,11;c:\program files\Array Networks\Array SSL VPN\8,2,0,11\arr_srvs.exe [2007-09-20 188476]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 History Explorer Service;History Explorer Service;c:\program files\History Explorer\HistoryExplorer.Service.exe [2009-01-06 51200]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2009-01-29 13088]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-27 953168]
S2 MSSQL$PTPROFESSIONAL41;SQL Server (PTPROFESSIONAL41);c:\program files\The Monticello Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
S2 NBDUpdate;NBD Tech Auto Update;c:\program files\yaTimer\Updates\AutoUpdateService.exe [2009-01-31 5632]
S2 NeatWorksDatabaseController;NeatWorks Database Controller;c:\program files\NeatWorks\exec\NeatWorksDatabaseController.exe [2009-01-27 351376]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-04-14 5120]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 msvad_simple;SoliCall;c:\windows\system32\drivers\solicall.sys [2006-06-10 205312]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
rddwxyl

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ac67bb8e-f48b-11dd-94b4-002186cc6a42}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Neat ADF Scanner 2008]
reg copy "HKLM\Software\The Neat Company\Neat ADF Scanner 2008" "HKCU\Software\The Neat Company\Neat ADF Scanner 2008" /s /f
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\ABF Outlook Backup 3 - Backup Task.job
- c:\program files\ABF software\ABF Outlook Backup\3.0\abfOutlookBackup.exe [2008-11-25 08:11]

2009-04-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:20]

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-29 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-02-21 22:10]

2009-04-01 c:\windows\Tasks\MessageSave Task for dhurley.job
- c:\program files\TechHit.com\MessageSave\MessageSaveTask.exe [2008-11-21 21:36]

2009-04-23 c:\windows\Tasks\NatSpeak Periodic Acoustic Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-07-28 01:21]

2009-04-29 c:\windows\Tasks\NatSpeak Periodic Language Model Optimization.job
- c:\program files\Nuance\NaturallySpeaking10\Program\schedmgr.exe [2008-07-28 01:21]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = https://salesvpn.organo.com/prx/000/http/localhost/login
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Evernote - c:\program files\Evernote\Evernote3\enbar.dll/2000
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Find Visible &Path - c:\program files\Visible Path\html\VPSearch.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: {{605E5D27-BFA0-471F-87ED-98A2623D633C} - c:\program files\CADE 2.13.16\Web\new.htm
TCP: {4F9A2DEF-0092-4A37-A773-F784FEA7243F} = 199.183.39.5,199.183.39.7
DPF: {B6648EB8-2460-484F-9255-9654454C4C70} - hxxps://salesvpn.organo.com/prx/000/http/localhost/arr_x.cab
FF - ProfilePath - c:\documents and settings\dhurley\Application Data\Mozilla\Firefox\Profiles\sva14j3k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT580691&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\dhurley\Application Data\Mozilla\Firefox\Profiles\sva14j3k.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\dhurley\Application Data\Mozilla\Firefox\Profiles\sva14j3k.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.3.1.dll
FF - component: c:\documents and settings\dhurley\Application Data\Mozilla\Firefox\Profiles\sva14j3k.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}\platform\WINNT_x86-msvc\components\outwit.dll
FF - component: c:\documents and settings\dhurley\Application Data\Mozilla\Firefox\Profiles\sva14j3k.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}\platform\WINNT_x86-msvc\components\enbar3.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\dhurley\Application Data\Mozilla\Firefox\Profiles\sva14j3k.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-04 11:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LDTray = c:\program files\Livescribe\Livescribe Desktop\LDTray.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1399521631-187898335-924725345-4656\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{EC11EB4D-179C-FA9E-8DEE-03BCCE7F87DD}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pahjlgbmlbbldddpciailligfodiiaoe"=hex:6a,61,64,67,6f,6d,64,64,6c,62,62,6f,6b,
6c,68,62,6f,61,65,61,00,00
"oanibmeofaodihdbooiaohekalejgg"=hex:6a,61,64,67,6f,6d,64,64,6c,62,62,6f,6b,6c,
68,62,6f,61,65,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1052)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(9756)
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\sos online backup\CtxMenu_1_0_0_9.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\program files\CallWave\CWIdle.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Stardock\Fences\DesktopDock.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\scardsvr.exe
c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\LxrJD31s.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\stacsv.exe
c:\windows\system32\Tablet.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Apoint\ApMsgFwd.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\Apoint\hidfind.exe
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Brother\Brmfcmon\BrMfimon.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\McAfee\VirusScan Enterprise\mcconsol.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtBty.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\McAfee\Common Framework\McScript_InUse.exe
.
**************************************************************************
.
Completion time: 2009-05-04 11:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-04 15:45

Pre-Run: 26,176,143,360 bytes free
Post-Run: 26,237,566,976 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

583 --- E O F --- 2008-11-24 20:38





That's just what I needed to see! :thumbup2:




Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.



#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:19 AM

Posted 05 May 2009 - 08:57 AM

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.


==============


Please do an online scan with Kaspersky WebScanner.
  • Please visit the Kaspersky Online Scanner website.
  • Click on the Accept button and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:05:19 AM

Posted 25 May 2009 - 10:06 AM

Unfortunately there has been no response. :thumbup2:
This thread will now be closed.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users