Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problems Remaining After Using Windows Police Pro Removal Guide


  • This topic is locked This topic is locked
9 replies to this topic

#1 Hfabry

Hfabry

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 07 September 2009 - 10:28 PM

A few of days ago I noted that I was getting a pop-up window title Windows Police Pro indicating that my computer was infected and other pop-ups suggesting I purchase the program to get rid of the infections. I immediately felt that was the work of a virus, so I did not elect to make any purchase or try to use the program, but rather to end it. After conferring with a local computer repair shop, I found a solution on this website. Using the Windows Police Pro removal guide, I was finally, after a struggle, apparently able to get rid of Windows Police Pro.

Now, I am left with at least two nagging issues:

I get a pop-up whenever a program attempts to start up indicating Bad Image in the Title Bar and a message as follows:

---------------------------
WINWORD.EXE - Bad Image
---------------------------
The application or DLL globalroot\systemroot\system32\kbiwkmyhwyflqj.dll is not a valid Windows image. Please check this against your installation diskette.
---------------------------
OK
---------------------------

In addition to that, I am getting WinPatrol pop-up Messages as follows:

-----------------------------
WinPatrol File Type Change Alert
-----------------------------
Scotty the Windows Watchdog is on patrol and has detected a change in one of your file associations. .REG

The program currently associated with this file type is:

Notepad
Microsoft Corporation
NOTEPAD.EXE %1

A change was made to use the following program for this file type.
Registry Editor
Microsoft Corporation
regedit.exe %1

Is this change ok?

Yes No

******************************************
After clicking "No" on that, I immediately get another WinPatrol pop-up as follows:
-----------------------------------
WinPatrol File Type Change Alert
-----------------------------
Scotty the Windows Watchdog is on patrol and has detected a change in one of your file associations. .SCR

The program currently associated with this file type is:

Notepad
Microsoft Corporation
NOTEPAD.EXE %1

A change was made to use the following program for this file type.
Name
Company name
%1 /S

Is this change ok?

Yes No
****************************************

So far I have clicked "no" to that message as well.

These pop-ups are really annoying and slowing down anything I can do with the computer. I tried to eliminate them using Malwarebytes Anti-Malware, McAfee Security Center, and today I replaced McAfee with Norton 360 version 3.0, but the problems persist. Any help you can provide to get my laptop virus free again will be sincerely appreciated.

I also encountered a problem trying to get Windows XP to start-up in Safe Mode when I was trying to get rid of Windows Police Pro. I am not sure that has been resolved to date.

Thank you for your assistance.






DDS (Ver_09-07-30.01) - NTFSx86
Run by Hoddy at 20:17:05.42 on Mon 09/07/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1013 [GMT -4:00]

AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Nuance\PDF Professional 6\PDFProFiltSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\rpcnet.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Nuance\PDF Professional 6\pdfpro6hook.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Finance\Program Files\Quicken 07\bagent.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Utilities\Program Files\PowerArchiver\PASTARTER.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Publishing\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Publishing\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Publishing\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Nova Development\Greeting Card Factory Deluxe 7.0\ReminderApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hoddy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070910
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=22847
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: PlusIEEventHelper Class: {551a852f-39a6-44a7-9c13-afbec9185a9d} - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\3.0.0.135\IPSBHO.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Nuance PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\nuance\pdf professional 6\bin\ZeonIEFavClient.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\3.0.0.135\coIEPlg.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
EB: ClipMate ClipBar 7: {f60c63ce-52af-4915-aac9-f100fcde270f} - c:\progra~1\clipma~1\CLIPMA~1.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [QuickenScheduledUpdates] c:\finance\program files\quicken 07\bagent.exe
uRun: [PowerArchiver Tray] c:\utilities\program files\powerarchiver\PASTARTER.EXE
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatchTray11.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PDFHook] c:\program files\nuance\pdf professional 6\pdfpro6hook.exe
mRun: [PDF6 Registry Controller] c:\program files\nuance\pdf professional 6\RegistryController.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [CPMonitor] "c:\program files\roxio creator 2009 special edition\5.0\CPMonitor.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [Picasa Media Detector] c:\photo programs\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\publishing\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\intel\wireless\bin\iFrmewrk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\nuance\pdf professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Open with Nuance PDF Converter 6.0 - c:\program files\nuance\pdf professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\nuance\pdf professional 6\bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Yahoo! Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\system32\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system32\iejava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemyfios.verizon.net/sdcCommon/download/FIOS/tgctlcm.cab
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxps://support.dell.com/systemprofiler/SysPro.CAB
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxp://reports.longandfoster.com/ScriptX/ScriptX.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {25365FF3-2746-4230-9DA7-163CCA318309} - hxxp://inst.c-wss.com/117p/html/gtdownlr.cab
DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} - hxxp://dlmanager.akamaitools.com.edgesuite.net/dlmanager/versions/activex/dlm-activex-2.0.3.3.cab
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - hxxp://download.yahoo.com/dl/installs/yinst0401.cab
DPF: {32564D57-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8ax.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www.costcophotocenter.com/CostcoActivia.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126568048813
DPF: {700EF03F-A472-4D26-8ACB-300F4D04FD96} - hxxps://www.lojackforlaptops.com/ctmweb/testoc.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - hxxp://toolbar.google.com/data/GoogleActivate.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} - hxxp://www.costcophotocenter.com/CostcoUpload.cab
DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} - hxxp://www.installengine.com/engine/isetup.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37887.3108912037
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxps://www-secure.symantec.com/techsupp/activedata/SymAData.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - hxxp://216.249.24.149/code/iPIX-ImageWell-ipix.cab
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6009\SiteAdv.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360\engine\3.0.0.135\CoIEPlg.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
AppInit_DLLs: wxvault.dll c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hoddy\applic~1\mozilla\firefox\profiles\4uwbov9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/?reload=true|http://www.huffingtonpost.com/|http://www.msnbc.msn.com/|http://nytimes.com/?adxnnl=1&adxnnlx=1232462628-PVT535YtWh3v7xeOulq/Yg
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=2&q=
FF - component: c:\documents and settings\hoddy\application data\mozilla\firefox\profiles\4uwbov9f.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\hoddy\application data\mozilla\firefox\profiles\4uwbov9f.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - component: c:\program files\siteadvisor\6009\ff\components\FFHook.dll
FF - plugin: c:\documents and settings\hoddy\application data\mozilla\firefox\profiles\4uwbov9f.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\hoddy\application data\mozilla\firefox\profiles\4uwbov9f.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\photo programs\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\microsoft research\hdview for firefox\nphdview.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: c:\program files\nuance\pdf professional 6\bin\nppdf.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\utilities\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\utilities\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\utilities\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\utilities\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\utilities\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\utilities\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\utilities\program files\quicktime\plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0300000.087\SymEFA.sys [2009-9-7 310320]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-8-10 902592]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0300000.087\BHDrvx86.sys [2009-9-7 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0300000.087\cchpx86.sys [2009-9-7 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090904.002\IDSXpx86.sys [2009-9-7 276344]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-10 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2008-11-10 600944]
R2 N360;Norton 360;c:\program files\norton 360\engine\3.0.0.135\ccSvcHst.exe [2009-9-7 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\nuance\pdf professional 6\PDFProFiltSrv.exe [2009-6-30 134944]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-4 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-9-7 102448]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.002\NAVENG.SYS [2009-9-7 84912]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090907.002\NAVEX15.SYS [2009-9-7 1323568]
S0 esra931;esra931;\SystemRoot\\SystemRoot\System32\drivers\esra931.sys --> \SystemRoot\\SystemRoot\System32\drivers\esra931.sys [?]
S1 b06ac918.sys;b06ac918.sys;\??\c:\windows\system32\drivers\b06ac918.sys --> c:\windows\system32\drivers\b06ac918.sys [?]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\roxio creator 2009 special edition\digital home 11\RoxioUpnpService11.exe [2008-8-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxLiveShare11.exe [2008-8-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxWatch11.exe [2008-8-14 170480]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [2006-7-31 580992]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [2005-8-3 4736]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-24 29263712]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [2005-8-3 8960]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\roxio creator 2009 special edition\digital home 11\RoxioUPnPRenderer11.exe [2008-8-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\common files\roxio shared\11.0\sharedcom\RoxMediaDB11.exe [2009-3-3 1122304]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-09-07 17:19 <DIR> --dsh--- c:\documents and settings\hoddy\IECompatCache
2009-09-07 14:12 <DIR> --d----- c:\program files\Norton Support
2009-09-07 14:01 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-07 14:00 36,400 a----r-- c:\windows\system32\drivers\SymIM.sys
2009-09-07 14:00 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-07 14:00 7,386 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-07 14:00 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-07 13:58 <DIR> --d----- c:\windows\system32\drivers\N360
2009-09-07 13:58 <DIR> --d----- c:\program files\Norton 360
2009-09-07 13:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Norton
2009-09-07 13:46 <DIR> --d----- c:\program files\NortonInstaller
2009-09-07 13:46 <DIR> --d----- c:\docume~1\alluse~1\applic~1\NortonInstaller
2009-09-04 14:10 116,224 ac------ c:\windows\system32\dllcache\xrxwiadr.dll
2009-09-04 14:10 23,040 ac------ c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-04 14:10 18,944 ac------ c:\windows\system32\dllcache\xrxscnui.dll
2009-09-04 14:10 27,648 ac------ c:\windows\system32\dllcache\xrxftplt.exe
2009-09-04 14:10 4,608 ac------ c:\windows\system32\dllcache\xrxflnch.exe
2009-09-04 14:09 99,865 ac------ c:\windows\system32\dllcache\xlog.exe
2009-09-04 14:09 16,970 ac------ c:\windows\system32\dllcache\xem336n5.sys
2009-09-04 14:09 19,455 ac------ c:\windows\system32\dllcache\wvchntxx.sys
2009-09-04 14:09 12,063 ac------ c:\windows\system32\dllcache\wsiintxx.sys
2009-09-04 14:09 8,192 ac------ c:\windows\system32\dllcache\wshirda.dll
2009-09-04 14:08 154,624 ac------ c:\windows\system32\dllcache\wlluc48.sys
2009-09-04 14:08 34,890 ac------ c:\windows\system32\dllcache\wlandrv2.sys
2009-09-04 14:08 771,581 ac------ c:\windows\system32\dllcache\winacisa.sys
2009-09-04 14:06 687,999 ac------ c:\windows\system32\dllcache\usrwdxjs.sys
2009-09-04 14:05 166,784 ac------ c:\windows\system32\dllcache\tridxpm.sys
2009-09-04 14:05 525,568 ac------ c:\windows\system32\dllcache\tridxp.dll
2009-09-04 14:05 159,232 ac------ c:\windows\system32\dllcache\tridkbm.sys
2009-09-04 14:05 440,576 ac------ c:\windows\system32\dllcache\tridkb.dll
2009-09-04 14:05 222,336 ac------ c:\windows\system32\dllcache\trid3dm.sys
2009-09-04 14:05 315,520 ac------ c:\windows\system32\dllcache\trid3d.dll
2009-09-04 14:05 34,375 ac------ c:\windows\system32\dllcache\tpro4.sys
2009-09-04 14:05 42,496 ac------ c:\windows\system32\dllcache\tp4res.dll
2009-09-04 14:05 82,944 ac------ c:\windows\system32\dllcache\tp4mon.exe
2009-09-04 14:05 31,744 ac------ c:\windows\system32\dllcache\tp4.dll
2009-09-04 14:05 230,912 ac------ c:\windows\system32\dllcache\tosdvd03.sys
2009-09-04 14:05 241,664 ac------ c:\windows\system32\dllcache\tosdvd02.sys
2009-09-04 14:05 28,232 ac------ c:\windows\system32\dllcache\tos4mo.sys
2009-09-04 14:04 123,995 ac------ c:\windows\system32\dllcache\tjisdn.sys
2009-09-04 14:04 138,528 ac------ c:\windows\system32\dllcache\tgiulnt5.sys
2009-09-04 14:04 81,408 ac------ c:\windows\system32\dllcache\tgiul50.dll
2009-09-04 14:04 149,376 ac------ c:\windows\system32\dllcache\tffsport.sys
2009-09-04 14:04 17,129 ac------ c:\windows\system32\dllcache\tdkcd31.sys
2009-09-04 14:04 37,961 ac------ c:\windows\system32\dllcache\tdk100b.sys
2009-09-04 14:03 30,464 ac------ c:\windows\system32\dllcache\tbatm155.sys
2009-09-04 14:03 7,040 ac------ c:\windows\system32\dllcache\tandqic.sys
2009-09-04 14:03 36,640 ac------ c:\windows\system32\dllcache\t2r4mini.sys
2009-09-04 14:03 172,768 ac------ c:\windows\system32\dllcache\t2r4disp.dll
2009-09-04 14:03 94,293 ac------ c:\windows\system32\dllcache\sxports.dll
2009-09-04 14:03 103,936 ac------ c:\windows\system32\dllcache\sx.sys
2009-09-04 14:02 3,968 ac------ c:\windows\system32\dllcache\swusbflt.sys
2009-09-04 14:02 10,240 ac------ c:\windows\system32\dllcache\swpidflt.dll
2009-09-04 14:02 10,240 ac------ c:\windows\system32\dllcache\swpdflt2.dll
2009-09-04 14:02 53,760 ac------ c:\windows\system32\dllcache\sw_wheel.dll
2009-09-04 14:02 41,472 ac------ c:\windows\system32\dllcache\sw_effct.dll
2009-09-04 14:02 155,648 ac------ c:\windows\system32\dllcache\stlnprop.dll
2009-09-04 14:01 53,248 ac------ c:\windows\system32\dllcache\stlncoin.dll
2009-09-04 14:01 285,760 ac------ c:\windows\system32\dllcache\stlnata.sys
2009-09-04 14:01 16,896 ac------ c:\windows\system32\dllcache\stcusb.sys
2009-09-04 14:01 48,736 ac------ c:\windows\system32\dllcache\srwlnd5.sys
2009-09-04 14:01 99,328 ac------ c:\windows\system32\dllcache\srusd.dll
2009-09-04 14:01 24,660 ac------ c:\windows\system32\dllcache\spxupchk.dll
2009-09-04 14:01 61,824 ac------ c:\windows\system32\dllcache\speed.sys
2009-09-04 14:01 106,584 ac------ c:\windows\system32\dllcache\spdports.dll
2009-09-04 14:01 7,552 ac------ c:\windows\system32\dllcache\sonypvu1.sys
2009-09-04 13:59 91,294 ac------ c:\windows\system32\dllcache\skfpwin.sys
2009-09-04 13:58 11,648 ac------ c:\windows\system32\dllcache\scsiprnt.sys
2009-09-04 13:57 9,216 ac------ c:\windows\system32\dllcache\rsmgrstr.dll
2009-09-04 13:56 17,792 ac------ c:\windows\system32\dllcache\ppa.sys
2009-09-04 13:55 30,282 ac------ c:\windows\system32\dllcache\pcntn5hl.sys
2009-09-04 13:55 26,153 ac------ c:\windows\system32\dllcache\pcmlm56.sys
2009-09-04 13:55 29,502 ac------ c:\windows\system32\dllcache\pca200e.sys
2009-09-04 13:55 30,495 ac------ c:\windows\system32\dllcache\pc100nds.sys
2009-09-04 13:55 41,984 ac------ c:\windows\system32\dllcache\ovui2rc.dll
2009-09-04 13:55 44,544 ac------ c:\windows\system32\dllcache\ovui2.dll
2009-09-04 13:55 25,216 ac------ c:\windows\system32\dllcache\ovsound2.sys
2009-09-04 13:55 39,424 ac------ c:\windows\system32\dllcache\ovcoms.exe
2009-09-04 13:55 20,480 ac------ c:\windows\system32\dllcache\ovcomc.dll
2009-09-04 13:54 351,616 ac------ c:\windows\system32\dllcache\ovcodek2.sys
2009-09-04 13:54 116,736 ac------ c:\windows\system32\dllcache\ovcodec2.dll
2009-09-04 13:54 31,872 ac------ c:\windows\system32\dllcache\ovce.sys
2009-09-04 13:54 28,032 ac------ c:\windows\system32\dllcache\ovcd.sys
2009-09-04 13:54 48,000 ac------ c:\windows\system32\dllcache\ovcam2.sys
2009-09-04 13:54 25,088 ac------ c:\windows\system32\dllcache\ovca.sys
2009-09-04 13:54 54,186 ac------ c:\windows\system32\dllcache\otcsercb.sys
2009-09-04 13:54 43,689 ac------ c:\windows\system32\dllcache\otceth5.sys
2009-09-04 13:53 27,209 ac------ c:\windows\system32\dllcache\otc06x5.sys
2009-09-04 13:53 54,528 ac------ c:\windows\system32\dllcache\opl3sax.sys
2009-09-04 13:53 198,144 ac------ c:\windows\system32\dllcache\nv3.sys
2009-09-04 13:53 123,776 ac------ c:\windows\system32\dllcache\nv3.dll
2009-09-04 13:53 51,552 ac------ c:\windows\system32\dllcache\ntgrip.sys
2009-09-04 13:53 9,344 ac------ c:\windows\system32\dllcache\ntapm.sys
2009-09-04 13:53 7,552 ac------ c:\windows\system32\dllcache\nsmmc.sys
2009-09-04 13:53 28,672 ac------ c:\windows\system32\dllcache\nscirda.sys
2009-09-04 13:53 87,040 ac------ c:\windows\system32\dllcache\nm6wdm.sys
2009-09-04 13:53 126,080 ac------ c:\windows\system32\dllcache\nm5a2wdm.sys
2009-09-04 13:51 103,296 ac------ c:\windows\system32\dllcache\mtxvideo.sys
2009-09-04 13:50 8,320 ac------ c:\windows\system32\dllcache\memcard.sys
2009-09-04 13:49 8,192 ac------ c:\windows\system32\dllcache\kbdkor.dll
2009-09-04 13:48 372,824 ac------ c:\windows\system32\dllcache\iconf32.dll
2009-09-04 13:47 488,383 ac------ c:\windows\system32\dllcache\hsf_v124.sys
2009-09-04 13:46 5,760 ac------ c:\windows\system32\dllcache\hpt4qic.sys
2009-09-04 13:46 13,312 ac------ c:\windows\system32\dllcache\hpsjmcro.dll
2009-09-04 13:46 32,768 ac------ c:\windows\system32\dllcache\hpgtmcro.dll
2009-09-04 13:46 68,608 ac------ c:\windows\system32\dllcache\hpgt53tk.dll
2009-09-04 13:46 165,888 ac------ c:\windows\system32\dllcache\hpgt53.dll
2009-09-04 13:46 31,232 ac------ c:\windows\system32\dllcache\hpgt42tk.dll
2009-09-04 13:46 93,696 ac------ c:\windows\system32\dllcache\hpgt42.dll
2009-09-04 13:46 126,976 ac------ c:\windows\system32\dllcache\hpgt34tk.dll
2009-09-04 13:46 101,376 ac------ c:\windows\system32\dllcache\hpgt34.dll
2009-09-04 13:46 48,128 ac------ c:\windows\system32\dllcache\hpgt33tk.dll
2009-09-04 13:44 322,432 ac------ c:\windows\system32\dllcache\g400m.sys
2009-09-04 13:43 16,074 ac------ c:\windows\system32\dllcache\fa312nd5.sys
2009-09-04 13:42 44,103 ac------ c:\windows\system32\dllcache\el515.sys
2009-09-04 13:41 3,072 ac------ c:\windows\system32\dllcache\cwbmidi.sys
2009-09-04 13:40 13,824 ac------ c:\windows\system32\dllcache\bulltlp3.sys
2009-09-04 13:39 98,304 ac------ c:\windows\system32\dllcache\a3d.dll
2009-09-04 13:39 48,128 ac------ c:\windows\system32\dllcache\61883.sys
2009-09-04 13:39 38,400 ac------ c:\windows\system32\dllcache\8514a.dll
2009-09-04 13:39 12,288 ac------ c:\windows\system32\dllcache\4mmdat.sys
2009-09-04 13:39 762,780 ac------ c:\windows\system32\dllcache\3cwmcru.sys
2009-09-04 13:39 689,216 ac------ c:\windows\system32\dllcache\3dfxvs.dll
2009-09-04 13:39 148,352 ac------ c:\windows\system32\dllcache\3dfxvsm.sys
2009-09-04 13:39 11,264 ac------ c:\windows\system32\dllcache\1394vdbg.sys
2009-09-04 13:39 66,048 ac------ c:\windows\system32\dllcache\s3legacy.dll
2009-09-04 12:48 <DIR> --d----- c:\docume~1\hoddy\applic~1\FLEXnet
2009-09-03 11:04 <DIR> --d----- c:\docume~1\hoddy\applic~1\Malwarebytes
2009-09-03 11:04 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-03 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-03 11:04 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-09-03 11:04 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-02 03:17 <DIR> a-d----- c:\windows\system32\images
2009-09-02 02:24 45,344 a------- c:\windows\system32\drivers\esra931.sys
2009-09-01 13:41 391 a------- c:\windows\MAXLINK.INI
2009-08-17 11:24 1,016 a------- c:\windows\SGViewer.ini
2009-08-17 10:59 <DIR> --d----- c:\program files\PowerArchiver
2009-08-15 12:02 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-08-15 03:12 <DIR> --d----- C:\51ec706c874074fd799a
2009-08-12 18:09 <DIR> --d----- c:\docume~1\hoddy\applic~1\WinPatrol
2009-08-12 18:08 <DIR> --d----- c:\program files\BillP Studios
2009-08-10 21:30 902,592 a------- c:\windows\system32\drivers\tdrpm228.sys
2009-08-10 21:30 138,208 a------- c:\windows\system32\drivers\snapman.sys

==================== Find3M ====================

2009-09-07 19:11 17,408 a------- c:\windows\system32\rpcnetp.dll
2009-09-07 19:11 56,680 a------- c:\windows\system32\rpcnet.dll
2009-09-07 19:04 17,408 a------- c:\windows\system32\rpcnetp.exe
2009-09-07 14:00 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-08-31 12:26 97,079 a------- c:\windows\system32\nvModes.dat
2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
2009-07-11 12:52 10,434 a--sh--- c:\windows\system32\KGyGaAvL.sys
2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-14 12:12 1,392,304 a------- c:\windows\system32\AutoPartNt.exe
2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
2009-06-09 17:02 70,984 a------- c:\documents and settings\hoddy\g2mdlhlpx.exe
2007-11-28 15:54 60,968 a------- c:\documents and settings\hoddy\GoToAssistDownloadHelper.exe
2007-07-15 14:16 3,474 a------- c:\docume~1\hoddy\applic~1\SAS7_000.DAT
2006-08-09 13:42 3,198,976 a------- c:\program files\ViewSonicregistration.exe
2006-02-27 16:14 5,451 a------- c:\documents and settings\hoddy\USR5461_backup(2).dat
2003-08-27 14:19 36,963 a------- c:\program files\common files\SM1updtr.dll
2002-10-19 12:48 23,357 a---h--- c:\program files\folder.htt
2002-10-19 12:48 271 ---sh--- c:\program files\desktop.ini
2002-09-11 10:26 63,730 a------- c:\program files\viewsonicinstruct_xp.pdf
2001-08-22 13:15 245,760 a------- c:\windows\inf\i386\viceo.dll
2001-08-22 13:13 32,768 a------- c:\windows\inf\i386\Pmicro.dll
2001-08-22 13:13 61,440 a------- c:\windows\inf\i386\gl.dll
2001-08-03 18:29 13,824 a------- c:\windows\inf\i386\Usbscan.sys
2008-03-27 08:52 8 ---shr-- c:\windows\system32\3EB6C4644A.sys
2006-03-29 12:49 8 a--shr-- c:\windows\system32\C022CA5E3C.sys
2006-10-21 16:46 8 a--shr-- c:\windows\system32\FDBABA2037.sys
2008-05-28 19:54 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052820080529\index.dat

============= FINISH: 20:29:10.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:19 AM

Posted 08 September 2009 - 09:53 AM

Hi Hfabry,

Welcome to BC HijackThis forum and sorry for the delay. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • I see on the log Ask Toolbar is installed on your computer:

    This program is known to be bundled with adware/spyware. You may read more about Ask Toolbars here:
    http://www.benedelman.org/spyware/ask-toolbars/

    You may go to Add/Remove Programs and uninstall Ask Toolbar

    Also remove the folder in bold (if present) only after uninstalling the toolbar:
    C:\Program Files\AskBar
    c:\program files\askbardis

  • You have the program Winpatrol installed on your machine and that is good. If Winpatrol is running we need to disable Winpatrol so it does not interfere with the fixes we are about to do:

    Right-click the Winpatrol icon on the right-hand of taskbar (System Tray or Notification Area) and select Exit Program.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#3 Hfabry

Hfabry
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 08 September 2009 - 08:20 PM

Hi Farbar,

Thanks for helping me. I was unable to uninstall Ask Toolbar using Add/Remove Programs. I got a pop-up RUNDLL error message: Error loading C:\PROGR~1\bar\1.bin\AskSBar.dll; The specified module could not be found.

I also tried running Revo Uninstaller to see if that would work, but got the same error message, and when I asked Revo to see what it could find, The leftover Register items depicted in the attached doc file were noted. Since the regular process to remove the Ask Toolbar did not work, I did not Delete the leftover registry items, so presumably they are still there.

I went ahead and followed your instructions for downloading and running ComboFix. Although when it ran I was asked if I wanted to download the updated version, I did not do that since I was not sure that was legitimate, and also had a lot of trouble getting that far because of the nearly constant pop-up of bad image error messages. However, it did finally run, and apparently found 5 Rootkit files, which, according to the ComboFix log were deleted. I think the bad image error messages have finally stopped!

I'll attach the doc files I mentioned and paste the ComboFix log below and attach it as well.

ComboFix 09-09-08.02 - Hoddy 09/08/2009 20:17.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1512 [GMT -4:00]
Running from: c:\documents and settings\Hoddy\Desktop\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AegisP.inf
c:\windows\command
c:\windows\Installer\10697107.msp
c:\windows\Installer\1069710a.msp
c:\windows\Installer\109cb0.msp
c:\windows\Installer\1124b57.msp
c:\windows\Installer\11d7c45d.msp
c:\windows\Installer\122aaf9c.msp
c:\windows\Installer\17b85fe5.msp
c:\windows\Installer\1acc8f.msp
c:\windows\Installer\1b62d8a6.msp
c:\windows\Installer\1b62d97f.msp
c:\windows\Installer\1b62da58.msp
c:\windows\Installer\1bf2339.msp
c:\windows\Installer\1bf233c.msp
c:\windows\Installer\206210ef.msp
c:\windows\Installer\208ebb.msp
c:\windows\Installer\208f2d.msp
c:\windows\Installer\20ebd18d.msp
c:\windows\Installer\20ebd1b3.msp
c:\windows\Installer\2200c045.msp
c:\windows\Installer\2200c06b.msp
c:\windows\Installer\2200c0d3.msp
c:\windows\Installer\2200c0f9.msp
c:\windows\Installer\2200c11f.msp
c:\windows\Installer\2200c145.msp
c:\windows\Installer\2472361.msp
c:\windows\Installer\2472364.msp
c:\windows\Installer\2472367.msp
c:\windows\Installer\2472369.msp
c:\windows\Installer\26b83.msp
c:\windows\Installer\276da.msp
c:\windows\Installer\2793062.msp
c:\windows\Installer\28e6e70.msp
c:\windows\Installer\29251f7.msp
c:\windows\Installer\295992dc.msp
c:\windows\Installer\29650cc3.msp
c:\windows\Installer\29650cc6.msp
c:\windows\Installer\2a12604.msp
c:\windows\Installer\2a1262a.msp
c:\windows\Installer\2ab80f8.msi
c:\windows\Installer\2bada5.msp
c:\windows\Installer\2bde4279.msp
c:\windows\Installer\2d27412.msp
c:\windows\Installer\2db1d.msp
c:\windows\Installer\339114f.msi
c:\windows\Installer\33d2bbe4.msp
c:\windows\Installer\33d51.msp
c:\windows\Installer\340af.msi
c:\windows\Installer\3433e72.msp
c:\windows\Installer\3433e75.msp
c:\windows\Installer\35f795c.msp
c:\windows\Installer\3602b.msp
c:\windows\Installer\391a0.msp
c:\windows\Installer\391e1.msp
c:\windows\Installer\39ce94f5.msp
c:\windows\Installer\39ce951b.msp
c:\windows\Installer\39ce9546.msp
c:\windows\Installer\3a96c.msp
c:\windows\Installer\3a9cd.msp
c:\windows\Installer\3a9cf.msp
c:\windows\Installer\3a9e9.msp
c:\windows\Installer\3a9eb.msp
c:\windows\Installer\3aa005f.msp
c:\windows\Installer\3aa03.msp
c:\windows\Installer\3aa05.msp
c:\windows\Installer\3aa1d.msp
c:\windows\Installer\3aa1f.msp
c:\windows\Installer\3aa39.msp
c:\windows\Installer\3aa3b.msp
c:\windows\Installer\3aa54.msp
c:\windows\Installer\3f76ac.msp
c:\windows\Installer\4137908.msp
c:\windows\Installer\46f7c23e.msp
c:\windows\Installer\471c96.msi
c:\windows\Installer\471e5c.msp
c:\windows\Installer\485361.msi
c:\windows\Installer\4a2e9.msi
c:\windows\Installer\52590.msp
c:\windows\Installer\52599.msp
c:\windows\Installer\5be758.msp
c:\windows\Installer\5e9540d.msp
c:\windows\Installer\60de92.msp
c:\windows\Installer\610ad.msp
c:\windows\Installer\755dd12.msi
c:\windows\Installer\755dd24.msi
c:\windows\Installer\755dd36.msi
c:\windows\Installer\755dd47.msi
c:\windows\Installer\755dd5e.msi
c:\windows\Installer\771f0a3.msp
c:\windows\Installer\771f0c9.msp
c:\windows\Installer\78a61.msp
c:\windows\Installer\78a62.msp
c:\windows\Installer\78a65.msp
c:\windows\Installer\78a66.msp
c:\windows\Installer\78e4ca6.msp
c:\windows\Installer\7acab42.msp
c:\windows\Installer\7b93bfa9.msp
c:\windows\Installer\8bb6b08.msp
c:\windows\Installer\8bb6b2e.msp
c:\windows\Installer\8bb6b7a.msp
c:\windows\Installer\8bb6ba0.msp
c:\windows\Installer\8bb6bc6.msp
c:\windows\Installer\8f90ccd.msp
c:\windows\Installer\9b8b5.msp
c:\windows\Installer\a39ac63.msp
c:\windows\Installer\b3cb61.msp
c:\windows\Installer\b83bcf8.msp
c:\windows\Installer\b83bd1e.msp
c:\windows\Installer\b83bd44.msp
c:\windows\Installer\c05f660.msp
c:\windows\Installer\c09b059.msp
c:\windows\Installer\c57d694.msi
c:\windows\Installer\d1e14.msp
c:\windows\Installer\d1eb9.msp
c:\windows\Installer\d1f5e.msp
c:\windows\Installer\dbb5e91.msp
c:\windows\Installer\dbb5eb7.msp
c:\windows\Installer\ddff4.msi
c:\windows\Installer\e9c8be7.msp
c:\windows\Installer\fe16a.msp
c:\windows\Installer\fe44.msi
c:\windows\MailSwitch.ocx
c:\windows\system32\drivers\kbiwkmhtcddkmi.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kbiwkmdvwkyepy.dat
c:\windows\system32\kbiwkmqlqqphoj.dat
c:\windows\system32\kbiwkmsygcuftx.dll
c:\windows\system32\kbiwkmyhwyflqj.dll
c:\windows\system32\twain.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_kbiwkmiwkcbwuc
-------\Legacy_kbiwkmiwkcbwuc


((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-07 21:19 . 2009-09-07 21:19 -------- d-sh--w- c:\documents and settings\Hoddy\IECompatCache
2009-09-07 18:12 . 2009-09-07 18:12 -------- d-----w- c:\program files\Norton Support
2009-09-07 18:01 . 2009-09-07 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-07 18:00 . 2009-03-12 23:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-09-07 18:00 . 2009-09-07 18:00 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-07 17:58 . 2009-09-07 18:01 -------- d-----w- c:\windows\system32\drivers\N360
2009-09-07 17:58 . 2009-09-07 17:59 -------- d-----w- c:\program files\Norton 360
2009-09-07 17:47 . 2009-09-07 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-07 17:46 . 2009-09-07 20:17 -------- d-----w- c:\program files\NortonInstaller
2009-09-07 17:46 . 2009-09-07 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-04 18:10 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-09-04 18:10 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-04 18:10 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-09-04 18:10 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-09-04 18:10 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-09-04 18:09 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-09-04 18:09 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-09-04 18:09 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-09-04 18:09 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-09-04 18:09 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-09-04 18:08 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-09-04 18:08 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-09-04 18:08 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-09-04 18:06 . 2001-08-17 17:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-09-04 18:05 . 2001-08-17 16:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-09-04 18:05 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-09-04 18:05 . 2001-08-17 16:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-09-04 18:05 . 2001-08-17 18:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-09-04 18:05 . 2001-08-17 16:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-09-04 18:05 . 2001-08-17 18:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-09-04 18:05 . 2001-08-17 16:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-09-04 18:05 . 2001-08-18 02:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-09-04 18:05 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-09-04 18:05 . 2001-08-18 02:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2009-09-04 18:05 . 2001-08-17 18:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-09-04 18:05 . 2001-08-17 18:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-09-04 18:05 . 2001-08-17 16:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-09-04 18:04 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-09-04 18:04 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-09-04 18:04 . 2001-08-17 18:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-09-04 18:04 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-09-04 18:04 . 2001-08-17 16:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-09-04 18:04 . 2001-08-17 16:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-09-04 18:03 . 2001-08-17 17:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-09-04 18:03 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-09-04 18:03 . 2001-08-17 16:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-09-04 18:03 . 2001-08-17 18:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-09-04 18:03 . 2001-08-18 02:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-09-04 18:03 . 2001-08-17 17:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2009-09-04 18:02 . 2001-08-17 18:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-09-04 18:02 . 2001-08-18 02:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-09-04 18:02 . 2001-08-18 02:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-09-04 18:02 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-09-04 18:02 . 2001-08-18 02:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-09-04 18:02 . 2001-08-18 02:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-09-04 18:01 . 2001-08-18 02:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-09-04 18:01 . 2001-08-17 16:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2009-09-04 18:01 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-09-04 18:01 . 2001-08-17 16:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-09-04 18:01 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-09-04 18:01 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-09-04 18:01 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-09-04 18:01 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-09-04 18:01 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-09-04 17:59 . 2001-08-17 16:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2009-09-04 17:58 . 2001-08-17 17:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-09-04 17:57 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-09-04 17:56 . 2001-08-17 17:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2009-09-04 17:55 . 2001-08-17 16:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2009-09-04 17:55 . 2001-08-17 16:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2009-09-04 17:55 . 2004-08-04 02:31 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2009-09-04 17:55 . 2001-08-17 16:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2009-09-04 17:55 . 2001-08-18 02:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-09-04 17:55 . 2001-08-18 02:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2009-09-04 17:55 . 2001-08-17 18:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-09-04 17:55 . 2001-08-18 02:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2009-09-04 17:55 . 2001-08-18 02:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2009-09-04 17:54 . 2001-08-17 18:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2009-09-04 17:54 . 2001-08-18 02:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2009-09-04 17:54 . 2001-08-17 18:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2009-09-04 17:54 . 2001-08-17 18:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2009-09-04 17:54 . 2001-08-17 18:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2009-09-04 17:54 . 2001-08-17 18:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2009-09-04 17:54 . 2001-08-17 17:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-09-04 17:54 . 2001-08-17 16:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2009-09-04 17:53 . 2001-08-17 16:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-09-04 17:53 . 2001-08-17 16:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-09-04 17:53 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-09-04 17:53 . 2001-08-18 02:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-09-04 17:53 . 2001-08-17 16:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-09-04 17:53 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-09-04 17:53 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-09-04 17:53 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-09-04 17:53 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-09-04 17:53 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-09-04 17:51 . 2001-08-17 16:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-09-04 17:50 . 2001-08-17 17:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-09-04 17:49 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-09-04 17:48 . 2001-08-18 02:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-09-04 17:47 . 2001-08-17 17:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-09-04 17:46 . 2001-08-17 17:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2009-09-04 17:46 . 2001-08-18 02:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2009-09-04 17:46 . 2001-08-18 02:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2009-09-04 17:46 . 2001-08-18 02:36 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2009-09-04 17:46 . 2001-08-18 02:36 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2009-09-04 17:46 . 2001-08-18 02:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2009-09-04 17:46 . 2001-08-18 02:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2009-09-04 17:46 . 2001-08-18 02:36 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2009-09-04 17:46 . 2001-08-18 02:36 101376 -c--a-w- c:\windows\system32\dllcache\hpgt34.dll
2009-09-04 17:46 . 2001-08-18 02:36 48128 -c--a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2009-09-04 17:44 . 2001-08-17 16:49 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2009-09-04 17:43 . 2001-08-17 16:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2009-09-04 17:42 . 2001-08-17 16:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2009-09-04 17:41 . 2001-08-17 16:19 3072 -c--a-w- c:\windows\system32\dllcache\cwbmidi.sys
2009-09-04 17:40 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-09-04 17:39 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-09-04 17:39 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-09-04 17:39 . 2001-08-18 02:36 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2009-09-04 17:39 . 2001-08-17 18:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2009-09-04 17:39 . 2001-08-17 18:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2009-09-04 17:39 . 2001-08-17 18:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2009-09-04 17:39 . 2001-08-17 17:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2009-09-04 17:39 . 2001-08-17 16:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2009-09-04 17:39 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-09-04 16:48 . 2009-09-04 16:48 -------- d-----w- c:\documents and settings\Hoddy\Application Data\FLEXnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 00:36 . 2008-01-07 01:26 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-09-09 00:36 . 2007-12-19 21:49 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-09-09 00:15 . 2008-01-07 01:27 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-09-08 23:38 . 2009-05-09 19:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-08 17:12 . 2007-09-21 19:12 -------- d-----w- c:\documents and settings\Hoddy\Application Data\Wave Systems Corp
2009-09-07 22:10 . 2008-02-05 19:40 -------- d-----w- c:\program files\vol_toolbar
2009-09-07 20:22 . 2007-09-10 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-07 18:00 . 2007-10-30 19:28 -------- d-----w- c:\program files\Symantec
2009-09-07 18:00 . 2009-09-07 18:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-07 18:00 . 2009-09-07 18:00 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-07 18:00 . 2007-05-10 01:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-07 17:58 . 2009-06-18 00:54 -------- d-----w- c:\program files\Windows Sidebar
2009-09-07 17:58 . 2007-10-30 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-02 07:27 . 2007-09-21 19:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2009-09-01 19:20 . 2007-09-10 08:02 525512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 18:59 . 2007-10-30 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2009-09-01 18:52 . 2007-10-30 17:51 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-09-01 18:52 . 2008-09-11 20:57 -------- d-----w- c:\program files\Nuance
2009-09-01 17:41 . 2007-10-31 04:33 -------- d-----w- c:\documents and settings\Hoddy\Application Data\Nuance
2009-09-01 17:41 . 2007-10-30 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-09-01 17:39 . 2007-09-10 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-31 16:26 . 2007-09-10 07:16 97079 ----a-w- c:\windows\system32\nvModes.dat
2009-08-24 13:42 . 2007-10-01 22:10 -------- d-----w- c:\documents and settings\Gloria\Application Data\Wave Systems Corp
2009-08-22 20:46 . 2007-09-10 07:48 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-16 19:20 . 2007-09-10 07:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 15:52 . 2009-04-27 13:12 -------- d-----w- c:\documents and settings\Gloria\Application Data\VOL_TOOLBAR
2009-08-13 07:08 . 2007-09-10 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-11 07:09 . 2008-01-11 16:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-11 01:30 . 2007-10-30 17:46 -------- d-----w- c:\program files\Common Files\Acronis
2009-08-10 13:16 . 2008-04-13 14:36 -------- d-----w- c:\program files\Roxio
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:20 . 2009-07-16 17:20 -------- d-----w- c:\program files\Rand McNally
2009-07-16 17:04 . 2009-07-16 17:04 -------- d-----w- c:\program files\Broderbund
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\program files\Anuman Interactive
2009-07-16 16:33 . 2008-08-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nova Development
2009-07-16 16:32 . 2009-07-16 16:32 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-16 16:32 . 2009-07-14 20:00 -------- d-----w- c:\program files\Nova Development
2009-07-16 15:38 . 2009-07-16 15:38 -------- d-----w- c:\program files\IMSI
2009-07-16 15:09 . 2007-10-30 19:27 -------- d-----w- c:\program files\Serif
2009-07-14 21:38 . 2008-02-05 19:28 -------- d-----w- c:\program files\Verizon
2009-07-14 03:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 18:30 . 2007-10-31 04:33 -------- d-----w- c:\documents and settings\Hoddy\Application Data\Corel
2009-07-11 16:52 . 2009-07-10 18:08 10434 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-10 18:08 . 2009-07-10 18:08 8 --sh--r- c:\windows\system32\7F877428BD.sys
2009-07-03 17:09 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 19:25 . 2008-11-22 16:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 16:12 . 2006-02-07 19:37 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-06-12 12:31 . 2004-08-04 10:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe
2006-08-09 17:42 . 2007-11-17 16:54 3198976 ----a-w- c:\program files\ViewSonicregistration.exe
2003-08-27 18:19 . 2005-09-15 17:08 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
2002-10-19 16:48 . 2002-10-19 16:48 23357 ---ha-w- c:\program files\folder.htt
2002-09-11 14:26 . 2007-09-09 01:36 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2008-03-27 12:52 . 2008-03-27 12:52 8 --sh--r- c:\windows\system32\3EB6C4644A.sys
2006-03-29 16:49 . 2006-03-29 16:49 8 --sha-r- c:\windows\system32\C022CA5E3C.sys
2006-10-21 20:46 . 2006-10-21 20:46 8 --sha-r- c:\windows\system32\FDBABA2037.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-21 68856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-23 160592]
"QuickenScheduledUpdates"="c:\finance\Program Files\Quicken 07\bagent.exe" [2009-05-26 87328]
"PowerArchiver Tray"="c:\utilities\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 140328]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-01 1273856]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-06-30 111904]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"CPMonitor"="c:\program files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe" [2009-04-20 84464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-18 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-10 50688]
HP Digital Imaging Monitor.lnk - c:\publishing\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-30 67128]
Shortcut to iFrmewrk.lnk - c:\program files\Intel\Wireless\Bin\iFrmewrk.exe [2007-7-25 974848]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\windows\system32\onhelp.htm
FriendlyName= tets

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-28 19:54 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hoddy^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing 11.lnk]
path=c:\documents and settings\Hoddy\Start Menu\Programs\Startup\Mavis Beacon Teaches Typing 11.lnk
backup=c:\windows\pss\Mavis Beacon Teaches Typing 11.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoNotify
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TivoServer

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"SecureStorageService"=3 (0x3)
"McciCMService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AntipPro2009_100"=2 (0x2)
"ACDaemon"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IFSplash"=ImmSplsh.exe
"pdfFactory Pro Dispatcher v1"=c:\windows\system32\fppdis1a.exe
"VsEcomrEXE"=c:\program files\Network Associates\McAfee VirusScan\vsecomr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"winmodem"=WINMODEM.101\wmexe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [9/7/2009 1:59 PM 310320]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8/10/2009 9:30 PM 902592]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [9/7/2009 1:59 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [9/7/2009 1:59 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090904.002\IDSXpx86.sys [9/7/2009 2:04 PM 276344]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 5:50 PM 30312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2008 12:52 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2008 12:52 PM 600944]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [9/7/2009 1:59 PM 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [6/30/2009 4:49 PM 134944]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/4/2004 6:00 AM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/7/2009 4:00 AM 102448]
S0 esra931;esra931;\SystemRoot\\SystemRoot\System32\drivers\esra931.sys --> \SystemRoot\\SystemRoot\System32\drivers\esra931.sys [?]
S1 b06ac918.sys;b06ac918.sys;\??\c:\windows\System32\drivers\b06ac918.sys --> c:\windows\System32\drivers\b06ac918.sys [?]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 8:44 AM 580992]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [8/3/2005 3:59 PM 4736]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [8/3/2005 3:59 PM 8960]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [3/3/2009 10:58 PM 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AppletsPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\FontsPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptJunglePerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptMusicaPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptRegisterPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptRobotzPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptUtopiaPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownAvivideoPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownMmsysPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownMPlayPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\mplay98.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownRecPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NetservrPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection NetservrPerUser 64 c:\windows\INF\netservr.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsAolPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsAolPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsAttPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsAttPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsCompuservePerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsMsnPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsProdigyPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUserOldLinks]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Base]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Calc_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CDPlayer_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CharMap_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_ClipBrd_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CVT_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_DCC_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Dialer_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_dxxspace_Links]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Enable_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_ICW_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_LinkBar_URLs]
c:\windows\COMMAND\sulfnbk.exe /L

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_MSBackup_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Msinfo]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Msinfo2]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_MSWordPad_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_netwatch_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Onlinelnks_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis_remove 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Paint_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_RNA_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Sysmeter_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Sysmon_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Vol]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_winapps_Links]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_winbase_Links]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Wingames_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SetupcPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shell2PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shell3PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ShellPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\TapiPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Theme_MoreWindows_PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Theme_Windows_PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4395}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\system32\ie4uinit.inf,Shell.UserStub,,36

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\system32\updcrl.exe -e -u c:\windows\system32\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{317243F2-C32D-4737-80E4-D916852CC106}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-09-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
HKU-Default-Run-Picasa Media Detector - c:\photo programs\Program Files\Picasa2\PicasaMediaDetector.exe


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=22847
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\system32\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system32\iejava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
FF - ProfilePath - c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/?reload=true|http://www.huffingtonpost.com/|http://www.msnbc.msn.com/|http://nytimes.com/?adxnnl=1&adxnnlx=1232462628-PVT535YtWh3v7xeOulq/Yg
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=2&q=
FF - component: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\program files\SiteAdvisor\6009\FF\components\FFHook.dll
FF - plugin: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\photo programs\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\bin\nppdf.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-08 20:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1932)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(1988)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(4524)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\stacsv.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\Microsoft IntelliType Pro\dpupdchk.exe
c:\publishing\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\publishing\Program Files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-09-09 20:48 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-09 00:48

Pre-Run: 130,933,665,792 bytes free
Post-Run: 130,762,911,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

782 --- E O F --- 2009-09-04 12:13

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:19 AM

Posted 09 September 2009 - 05:42 AM

Thanks for the feedback. You may let Combofix update, it is a legit routine.
  • You may remove the Askbar left overs.

  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    File::
    c:\windows\system32\onhelp.htm
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "AntipPro2009_100"=-
    DDS::
    TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Open your Malwarebytes' Anti-Malware.
    • First update it, to do that under the Update tab press "Check for Updates".
    • Under Scanner tab select "Perform Quick Scan", then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
    • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    • Look for "Java Runtime Environment (JRE)" JRE 6 Update 16.
    • Click the Download button to the right.
    • Select your Platform: "Windows".
    • Select your Language: "Multi-language".
    • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Click Continue and the page will refresh.
    • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    • Close any programs you may have running - especially your web browser.
    Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
    • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-6u16-windows-i586.exe to install the newest version.
    -- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    -- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
    -- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

  • Please tell me also how is the computer running.


#5 Hfabry

Hfabry
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 09 September 2009 - 10:35 AM

Hi Farbar,

My computer is doing a lot better.

I still am getting the WinPatrol warnings as I noted in my first note about attempted changes to the file type associations for .REG and .SCR files.

The bad image pop-ups have totally disappeared, so far!

I ran Revo Uninstaller to get rid of the Ask Toolbar registry entries, and Ask Toolbar no longer shows up in the Add or Remove programs list. Is Revo Uninstaller ok to use in the future? Revo Uninstaller seems to do a great job of finding leftover registry items and other folders and files associated with programs removed with the removed program's uninstaller but left behind, and it's free!

I am also wondering if there are names for the problems I have had which seem to be fixed?

I'll paste below the ComboFix log and the MBAM log. I really appreciate all the help you have given me so far.

ComboFix 09-09-08.07 - Hoddy 09/09/2009 10:27.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1266 [GMT -4:00]
Running from: c:\documents and settings\Hoddy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Hoddy\Desktop\CFScript.txt
AV: Norton 360 *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FILE ::
"c:\windows\system32\onhelp.htm"
.

((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 07:00 . 2009-09-09 07:00 -------- d-----w- c:\windows\LastGood
2009-09-07 21:19 . 2009-09-07 21:19 -------- d-sh--w- c:\documents and settings\Hoddy\IECompatCache
2009-09-07 18:12 . 2009-09-07 18:12 -------- d-----w- c:\program files\Norton Support
2009-09-07 18:01 . 2009-09-07 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
2009-09-07 18:00 . 2009-03-12 23:24 36400 ----a-r- c:\windows\system32\drivers\SymIM.sys
2009-09-07 18:00 . 2009-09-07 18:00 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-09-07 17:58 . 2009-09-07 18:01 -------- d-----w- c:\windows\system32\drivers\N360
2009-09-07 17:58 . 2009-09-07 17:59 -------- d-----w- c:\program files\Norton 360
2009-09-07 17:47 . 2009-09-07 17:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-09-07 17:46 . 2009-09-07 20:17 -------- d-----w- c:\program files\NortonInstaller
2009-09-07 17:46 . 2009-09-07 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-09-04 18:10 . 2008-04-14 00:12 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2009-09-04 18:10 . 2001-08-18 02:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-09-04 18:10 . 2008-04-14 00:12 18944 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2009-09-04 18:10 . 2001-08-18 02:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2009-09-04 18:10 . 2001-08-18 02:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2009-09-04 18:09 . 2001-08-18 02:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2009-09-04 18:09 . 2001-08-17 16:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2009-09-04 18:09 . 2004-08-04 02:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2009-09-04 18:09 . 2004-08-04 02:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2009-09-04 18:09 . 2008-04-14 00:12 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2009-09-04 18:08 . 2004-08-04 02:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2009-09-04 18:08 . 2001-08-17 16:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2009-09-04 18:08 . 2001-08-17 17:28 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2009-09-04 18:06 . 2001-08-17 17:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2009-09-04 18:05 . 2001-08-17 16:51 166784 -c--a-w- c:\windows\system32\dllcache\tridxpm.sys
2009-09-04 18:05 . 2001-08-18 02:36 525568 -c--a-w- c:\windows\system32\dllcache\tridxp.dll
2009-09-04 18:05 . 2001-08-17 16:51 159232 -c--a-w- c:\windows\system32\dllcache\tridkbm.sys
2009-09-04 18:05 . 2001-08-17 18:56 440576 -c--a-w- c:\windows\system32\dllcache\tridkb.dll
2009-09-04 18:05 . 2001-08-17 16:51 222336 -c--a-w- c:\windows\system32\dllcache\trid3dm.sys
2009-09-04 18:05 . 2001-08-17 18:56 315520 -c--a-w- c:\windows\system32\dllcache\trid3d.dll
2009-09-04 18:05 . 2001-08-17 16:12 34375 -c--a-w- c:\windows\system32\dllcache\tpro4.sys
2009-09-04 18:05 . 2001-08-18 02:35 42496 -c--a-w- c:\windows\system32\dllcache\tp4res.dll
2009-09-04 18:05 . 2008-04-14 00:12 82944 -c--a-w- c:\windows\system32\dllcache\tp4mon.exe
2009-09-04 18:05 . 2001-08-18 02:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2009-09-04 18:05 . 2001-08-17 18:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2009-09-04 18:05 . 2001-08-17 18:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2009-09-04 18:05 . 2001-08-17 16:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2009-09-04 18:04 . 2001-08-17 16:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2009-09-04 18:04 . 2001-08-17 16:51 138528 -c--a-w- c:\windows\system32\dllcache\tgiulnt5.sys
2009-09-04 18:04 . 2001-08-17 18:56 81408 -c--a-w- c:\windows\system32\dllcache\tgiul50.dll
2009-09-04 18:04 . 2008-04-13 18:40 149376 -c--a-w- c:\windows\system32\dllcache\tffsport.sys
2009-09-04 18:04 . 2001-08-17 16:13 17129 -c--a-w- c:\windows\system32\dllcache\tdkcd31.sys
2009-09-04 18:04 . 2001-08-17 16:13 37961 -c--a-w- c:\windows\system32\dllcache\tdk100b.sys
2009-09-04 18:03 . 2001-08-17 17:49 30464 -c--a-w- c:\windows\system32\dllcache\tbatm155.sys
2009-09-04 18:03 . 2001-08-17 17:52 7040 -c--a-w- c:\windows\system32\dllcache\tandqic.sys
2009-09-04 18:03 . 2001-08-17 16:50 36640 -c--a-w- c:\windows\system32\dllcache\t2r4mini.sys
2009-09-04 18:03 . 2001-08-17 18:56 172768 -c--a-w- c:\windows\system32\dllcache\t2r4disp.dll
2009-09-04 18:03 . 2001-08-18 02:36 94293 -c--a-w- c:\windows\system32\dllcache\sxports.dll
2009-09-04 18:03 . 2001-08-17 17:50 103936 -c--a-w- c:\windows\system32\dllcache\sx.sys
2009-09-04 18:02 . 2001-08-17 18:02 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2009-09-04 18:02 . 2001-08-18 02:36 10240 -c--a-w- c:\windows\system32\dllcache\swpidflt.dll
2009-09-04 18:02 . 2001-08-18 02:36 10240 -c--a-w- c:\windows\system32\dllcache\swpdflt2.dll
2009-09-04 18:02 . 2001-08-18 02:36 53760 -c--a-w- c:\windows\system32\dllcache\sw_wheel.dll
2009-09-04 18:02 . 2001-08-18 02:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2009-09-04 18:02 . 2001-08-18 02:36 155648 -c--a-w- c:\windows\system32\dllcache\stlnprop.dll
2009-09-04 18:01 . 2001-08-18 02:36 53248 -c--a-w- c:\windows\system32\dllcache\stlncoin.dll
2009-09-04 18:01 . 2001-08-17 16:18 285760 -c--a-w- c:\windows\system32\dllcache\stlnata.sys
2009-09-04 18:01 . 2001-08-17 17:51 16896 -c--a-w- c:\windows\system32\dllcache\stcusb.sys
2009-09-04 18:01 . 2001-08-17 16:11 48736 -c--a-w- c:\windows\system32\dllcache\srwlnd5.sys
2009-09-04 18:01 . 2001-08-18 02:36 99328 -c--a-w- c:\windows\system32\dllcache\srusd.dll
2009-09-04 18:01 . 2001-08-18 02:36 24660 -c--a-w- c:\windows\system32\dllcache\spxupchk.dll
2009-09-04 18:01 . 2001-08-17 17:51 61824 -c--a-w- c:\windows\system32\dllcache\speed.sys
2009-09-04 18:01 . 2001-08-18 02:36 106584 -c--a-w- c:\windows\system32\dllcache\spdports.dll
2009-09-04 18:01 . 2001-08-17 17:56 7552 -c--a-w- c:\windows\system32\dllcache\sonypvu1.sys
2009-09-04 17:59 . 2001-08-17 16:12 91294 -c--a-w- c:\windows\system32\dllcache\skfpwin.sys
2009-09-04 17:58 . 2001-08-17 17:52 11648 -c--a-w- c:\windows\system32\dllcache\scsiprnt.sys
2009-09-04 17:57 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\rsmgrstr.dll
2009-09-04 17:56 . 2001-08-17 17:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2009-09-04 17:55 . 2001-08-17 16:11 30282 -c--a-w- c:\windows\system32\dllcache\pcntn5hl.sys
2009-09-04 17:55 . 2001-08-17 16:12 26153 -c--a-w- c:\windows\system32\dllcache\pcmlm56.sys
2009-09-04 17:55 . 2004-08-04 02:31 29502 -c--a-w- c:\windows\system32\dllcache\pca200e.sys
2009-09-04 17:55 . 2001-08-17 16:12 30495 -c--a-w- c:\windows\system32\dllcache\pc100nds.sys
2009-09-04 17:55 . 2001-08-18 02:36 41984 -c--a-w- c:\windows\system32\dllcache\ovui2rc.dll
2009-09-04 17:55 . 2001-08-18 02:36 44544 -c--a-w- c:\windows\system32\dllcache\ovui2.dll
2009-09-04 17:55 . 2001-08-17 18:05 25216 -c--a-w- c:\windows\system32\dllcache\ovsound2.sys
2009-09-04 17:55 . 2001-08-18 02:36 39424 -c--a-w- c:\windows\system32\dllcache\ovcoms.exe
2009-09-04 17:55 . 2001-08-18 02:36 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2009-09-04 17:54 . 2001-08-17 18:05 351616 -c--a-w- c:\windows\system32\dllcache\ovcodek2.sys
2009-09-04 17:54 . 2001-08-18 02:36 116736 -c--a-w- c:\windows\system32\dllcache\ovcodec2.dll
2009-09-04 17:54 . 2001-08-17 18:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2009-09-04 17:54 . 2001-08-17 18:05 28032 -c--a-w- c:\windows\system32\dllcache\ovcd.sys
2009-09-04 17:54 . 2001-08-17 18:05 48000 -c--a-w- c:\windows\system32\dllcache\ovcam2.sys
2009-09-04 17:54 . 2001-08-17 18:05 25088 -c--a-w- c:\windows\system32\dllcache\ovca.sys
2009-09-04 17:54 . 2001-08-17 17:28 54186 -c--a-w- c:\windows\system32\dllcache\otcsercb.sys
2009-09-04 17:54 . 2001-08-17 16:12 43689 -c--a-w- c:\windows\system32\dllcache\otceth5.sys
2009-09-04 17:53 . 2001-08-17 16:12 27209 -c--a-w- c:\windows\system32\dllcache\otc06x5.sys
2009-09-04 17:53 . 2001-08-17 16:20 54528 -c--a-w- c:\windows\system32\dllcache\opl3sax.sys
2009-09-04 17:53 . 2001-08-17 16:50 198144 -c--a-w- c:\windows\system32\dllcache\nv3.sys
2009-09-04 17:53 . 2001-08-18 02:36 123776 -c--a-w- c:\windows\system32\dllcache\nv3.dll
2009-09-04 17:53 . 2001-08-17 16:49 51552 -c--a-w- c:\windows\system32\dllcache\ntgrip.sys
2009-09-04 17:53 . 2001-08-17 17:47 9344 -c--a-w- c:\windows\system32\dllcache\ntapm.sys
2009-09-04 17:53 . 2001-08-17 17:53 7552 -c--a-w- c:\windows\system32\dllcache\nsmmc.sys
2009-09-04 17:53 . 2008-04-13 18:54 28672 -c--a-w- c:\windows\system32\dllcache\nscirda.sys
2009-09-04 17:53 . 2001-08-17 16:20 87040 -c--a-w- c:\windows\system32\dllcache\nm6wdm.sys
2009-09-04 17:53 . 2001-08-17 16:20 126080 -c--a-w- c:\windows\system32\dllcache\nm5a2wdm.sys
2009-09-04 17:51 . 2001-08-17 16:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2009-09-04 17:50 . 2001-08-17 17:58 8320 -c--a-w- c:\windows\system32\dllcache\memcard.sys
2009-09-04 17:49 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
2009-09-04 17:48 . 2001-08-18 02:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2009-09-04 17:47 . 2001-08-17 17:28 488383 -c--a-w- c:\windows\system32\dllcache\hsf_v124.sys
2009-09-04 17:46 . 2001-08-17 17:52 5760 -c--a-w- c:\windows\system32\dllcache\hpt4qic.sys
2009-09-04 17:46 . 2001-08-18 02:36 13312 -c--a-w- c:\windows\system32\dllcache\hpsjmcro.dll
2009-09-04 17:46 . 2001-08-18 02:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2009-09-04 17:46 . 2001-08-18 02:36 68608 -c--a-w- c:\windows\system32\dllcache\hpgt53tk.dll
2009-09-04 17:46 . 2001-08-18 02:36 165888 -c--a-w- c:\windows\system32\dllcache\hpgt53.dll
2009-09-04 17:46 . 2001-08-18 02:36 31232 -c--a-w- c:\windows\system32\dllcache\hpgt42tk.dll
2009-09-04 17:46 . 2001-08-18 02:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2009-09-04 17:46 . 2001-08-18 02:36 126976 -c--a-w- c:\windows\system32\dllcache\hpgt34tk.dll
2009-09-04 17:46 . 2001-08-18 02:36 101376 -c--a-w- c:\windows\system32\dllcache\hpgt34.dll
2009-09-04 17:46 . 2001-08-18 02:36 48128 -c--a-w- c:\windows\system32\dllcache\hpgt33tk.dll
2009-09-04 17:44 . 2001-08-17 16:49 322432 -c--a-w- c:\windows\system32\dllcache\g400m.sys
2009-09-04 17:43 . 2001-08-17 16:12 16074 -c--a-w- c:\windows\system32\dllcache\fa312nd5.sys
2009-09-04 17:42 . 2001-08-17 16:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2009-09-04 17:41 . 2001-08-17 16:19 3072 -c--a-w- c:\windows\system32\dllcache\cwbmidi.sys
2009-09-04 17:40 . 2001-08-17 17:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2009-09-04 17:39 . 2008-04-13 18:46 48128 -c--a-w- c:\windows\system32\dllcache\61883.sys
2009-09-04 17:39 . 2008-04-13 18:40 12288 -c--a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-09-04 17:39 . 2001-08-18 02:36 98304 -c--a-w- c:\windows\system32\dllcache\a3d.dll
2009-09-04 17:39 . 2001-08-17 18:55 38400 -c--a-w- c:\windows\system32\dllcache\8514a.dll
2009-09-04 17:39 . 2001-08-17 18:55 689216 -c--a-w- c:\windows\system32\dllcache\3dfxvs.dll
2009-09-04 17:39 . 2001-08-17 18:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys
2009-09-04 17:39 . 2001-08-17 17:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys
2009-09-04 17:39 . 2001-08-17 16:48 148352 -c--a-w- c:\windows\system32\dllcache\3dfxvsm.sys
2009-09-04 17:39 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-09 07:02 . 2008-01-11 16:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-09 07:02 . 2007-09-10 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-09 01:40 . 2009-05-09 19:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-09 01:36 . 2008-01-07 01:26 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-09-09 01:36 . 2007-12-19 21:49 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-09-09 00:15 . 2008-01-07 01:27 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-09-08 17:12 . 2007-09-21 19:12 -------- d-----w- c:\documents and settings\Hoddy\Application Data\Wave Systems Corp
2009-09-07 22:10 . 2008-02-05 19:40 -------- d-----w- c:\program files\vol_toolbar
2009-09-07 20:22 . 2007-09-10 07:53 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-07 18:00 . 2007-10-30 19:28 -------- d-----w- c:\program files\Symantec
2009-09-07 18:00 . 2009-09-07 18:00 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2009-09-07 18:00 . 2009-09-07 18:00 7386 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2009-09-07 18:00 . 2007-05-10 01:11 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-09-07 17:58 . 2009-06-18 00:54 -------- d-----w- c:\program files\Windows Sidebar
2009-09-07 17:58 . 2007-10-30 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-02 07:27 . 2007-09-21 19:12 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Wave Systems Corp
2009-09-01 19:20 . 2007-09-10 08:02 525512 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-01 18:59 . 2007-10-30 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nuance
2009-09-01 18:52 . 2007-10-30 17:51 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-09-01 18:52 . 2008-09-11 20:57 -------- d-----w- c:\program files\Nuance
2009-09-01 17:41 . 2007-10-31 04:33 -------- d-----w- c:\documents and settings\Hoddy\Application Data\Nuance
2009-09-01 17:41 . 2007-10-30 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-09-01 17:39 . 2007-09-10 07:58 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-31 16:26 . 2007-09-10 07:16 97079 ----a-w- c:\windows\system32\nvModes.dat
2009-08-24 13:42 . 2007-10-01 22:10 -------- d-----w- c:\documents and settings\Gloria\Application Data\Wave Systems Corp
2009-08-22 20:46 . 2007-09-10 07:48 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-08-16 19:20 . 2007-09-10 07:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 15:52 . 2009-04-27 13:12 -------- d-----w- c:\documents and settings\Gloria\Application Data\VOL_TOOLBAR
2009-08-11 01:30 . 2007-10-30 17:46 -------- d-----w- c:\program files\Common Files\Acronis
2009-08-10 13:16 . 2008-04-13 14:36 -------- d-----w- c:\program files\Roxio
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:20 . 2009-07-16 17:20 -------- d-----w- c:\program files\Rand McNally
2009-07-16 17:04 . 2009-07-16 17:04 -------- d-----w- c:\program files\Broderbund
2009-07-16 16:56 . 2009-07-16 16:56 -------- d-----w- c:\program files\Anuman Interactive
2009-07-16 16:33 . 2008-08-17 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Nova Development
2009-07-16 16:32 . 2009-07-16 16:32 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-07-16 16:32 . 2009-07-14 20:00 -------- d-----w- c:\program files\Nova Development
2009-07-16 15:38 . 2009-07-16 15:38 -------- d-----w- c:\program files\IMSI
2009-07-16 15:09 . 2007-10-30 19:27 -------- d-----w- c:\program files\Serif
2009-07-14 21:38 . 2008-02-05 19:28 -------- d-----w- c:\program files\Verizon
2009-07-14 03:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 18:30 . 2007-10-31 04:33 -------- d-----w- c:\documents and settings\Hoddy\Application Data\Corel
2009-07-11 16:52 . 2009-07-10 18:08 10434 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-10 18:08 . 2009-07-10 18:08 8 --sh--r- c:\windows\system32\7F877428BD.sys
2009-07-03 17:09 . 2006-03-04 03:33 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 10:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 10:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 10:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 10:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 10:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 10:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-23 19:25 . 2008-11-22 16:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-14 16:12 . 2006-02-07 19:37 1392304 ----a-w- c:\windows\system32\AutoPartNt.exe
2009-06-12 12:31 . 2004-08-04 10:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe
2006-08-09 17:42 . 2007-11-17 16:54 3198976 ----a-w- c:\program files\ViewSonicregistration.exe
2003-08-27 18:19 . 2005-09-15 17:08 36963 ----a-w- c:\program files\Common Files\SM1updtr.dll
2002-10-19 16:48 . 2002-10-19 16:48 23357 ---ha-w- c:\program files\folder.htt
2002-09-11 14:26 . 2007-09-09 01:36 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2008-03-27 12:52 . 2008-03-27 12:52 8 --sh--r- c:\windows\system32\3EB6C4644A.sys
2006-03-29 16:49 . 2006-03-29 16:49 8 --sha-r- c:\windows\system32\C022CA5E3C.sys
2006-10-21 20:46 . 2006-10-21 20:46 8 --sha-r- c:\windows\system32\FDBABA2037.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-09-09_00.38.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-09 01:37 . 2009-09-09 01:37 16384 c:\windows\Temp\Perflib_Perfdata_670.dat
- 2007-12-06 20:41 . 2009-08-13 07:08 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 35088 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\oisicon.exe
- 2007-12-06 20:41 . 2009-08-13 07:08 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 18704 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\mspicons.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2007-12-06 20:41 . 2009-08-13 07:08 20240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\cagicon.exe
- 2004-08-04 10:00 . 2009-03-08 08:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 10:00 . 2009-06-22 06:44 726528 c:\windows\system32\jscript.dll
- 2004-08-11 22:12 . 2008-04-14 00:12 153088 c:\windows\system32\dllcache\triedit.dll
+ 2004-08-11 22:12 . 2009-06-21 21:44 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-08-04 10:00 . 2009-03-08 08:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2004-08-04 10:00 . 2009-06-22 06:44 726528 c:\windows\system32\dllcache\jscript.dll
- 2007-12-06 20:41 . 2009-08-13 07:08 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 888080 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\wordicon.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
- 2007-12-06 20:41 . 2009-08-13 07:08 272648 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pubs.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-06 20:41 . 2009-08-13 07:08 922384 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\pptico.exe
- 2007-12-06 20:41 . 2009-08-13 07:08 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 845584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\outicon.exe
- 2007-12-06 20:41 . 2009-08-13 07:08 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 217864 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-09 07:01 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB971961-IE8\spuninst\updspapi.dll
+ 2009-09-09 07:01 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB971961-IE8\spuninst\spuninst.exe
+ 2009-09-09 07:01 . 2009-03-08 08:33 726528 c:\windows\ie8updates\KB971961-IE8\jscript.dll
+ 2004-08-04 10:00 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-08-04 10:00 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2004-08-04 10:00 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
- 2004-08-04 10:00 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\wmvcore.dll
+ 2009-08-18 16:56 . 2009-08-18 16:56 5020672 c:\windows\Installer\12b4eff.msp
- 2007-12-06 20:41 . 2009-08-13 07:08 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 1172240 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\xlicons.exe
- 2007-12-06 20:41 . 2009-08-13 07:08 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-12-06 20:41 . 2009-09-09 07:02 1165584 c:\windows\Installer\{91120000-0031-0000-0000-0000000FF1CE}\accicons.exe
+ 2007-09-21 20:19 . 2009-08-28 21:38 24689600 c:\windows\system32\MRT.exe
+ 2009-09-09 07:02 . 2009-09-09 07:02 15709696 c:\windows\Installer\12b4f09.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-21 68856]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-08-23 160592]
"QuickenScheduledUpdates"="c:\finance\Program Files\Quicken 07\bagent.exe" [2009-05-26 87328]
"PowerArchiver Tray"="c:\utilities\Program Files\PowerArchiver\PASTARTER.EXE" [2007-11-30 140328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-22 4355464]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-14 240112]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-07-31 1116920]
"PDFHook"="c:\program files\Nuance\PDF Professional 6\pdfpro6hook.exe" [2009-07-01 1273856]
"PDF6 Registry Controller"="c:\program files\Nuance\PDF Professional 6\RegistryController.exe" [2009-06-30 111904]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"CPMonitor"="c:\program files\Roxio Creator 2009 Special Edition\5.0\CPMonitor.exe" [2009-04-20 84464]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-22 960568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-22 377248]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-31 8429568]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-18 185872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-9-10 50688]
HP Digital Imaging Monitor.lnk - c:\publishing\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-4-30 67128]
Shortcut to iFrmewrk.lnk - c:\program files\Intel\Wireless\Bin\iFrmewrk.exe [2007-7-25 974848]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2007-11-28 19:54 10792 ----a-w- c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hoddy^Start Menu^Programs^Startup^Mavis Beacon Teaches Typing 11.lnk]
path=c:\documents and settings\Hoddy\Start Menu\Programs\Startup\Mavis Beacon Teaches Typing 11.lnk
backup=c:\windows\pss\Mavis Beacon Teaches Typing 11.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"stllssvr"=3 (0x3)
"SecureStorageService"=3 (0x3)
"McciCMService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ACDaemon"=2 (0x2)
"tcsd_win32.exe"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Yahoo! Pager"=c:\program files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IFSplash"=ImmSplsh.exe
"pdfFactory Pro Dispatcher v1"=c:\windows\system32\fppdis1a.exe
"VsEcomrEXE"=c:\program files\Network Associates\McAfee VirusScan\vsecomr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"winmodem"=WINMODEM.101\wmexe.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Laplink\\PCmover\\PCmover.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Publishing\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Verizon\\Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0300000.087\SymEFA.sys [9/7/2009 1:59 PM 310320]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8/10/2009 9:30 PM 902592]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\N360\0300000.087\BHDrvx86.sys [9/7/2009 1:59 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0300000.087\cchpx86.sys [9/7/2009 1:59 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090904.002\IDSXpx86.sys [9/7/2009 2:04 PM 276344]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 5:50 PM 30312]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 5:45 AM 13088]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2008 12:52 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [11/10/2008 12:52 PM 600944]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe [9/7/2009 1:59 PM 115560]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 6\PDFProFiltSrv.exe [6/30/2009 4:49 PM 134944]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/4/2004 6:00 AM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/7/2009 4:00 AM 102448]
S0 esra931;esra931;\SystemRoot\\SystemRoot\System32\drivers\esra931.sys --> \SystemRoot\\SystemRoot\System32\drivers\esra931.sys [?]
S1 b06ac918.sys;b06ac918.sys;\??\c:\windows\System32\drivers\b06ac918.sys --> c:\windows\System32\drivers\b06ac918.sys [?]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUpnpService11.exe [8/14/2008 12:25 AM 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [8/14/2008 12:24 AM 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [8/14/2008 12:24 AM 170480]
S3 APL531;OVT Scanner;c:\windows\system32\drivers\ov550i.sys [7/31/2006 8:44 AM 580992]
S3 LLUSBFLT;LLUSBFLT;c:\windows\system32\drivers\llusbflt.sys [8/3/2005 3:59 PM 4736]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
S3 PLUsbbc2;High-Speed USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc2.sys [8/3/2005 3:59 PM 8960]
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009 Special Edition\Digital Home 11\RoxioUPnPRenderer11.exe [8/14/2008 12:25 AM 313840]
S3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [3/3/2009 10:58 PM 1122304]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AppletsPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection AppletsPerUser 64 c:\windows\INF\applets.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\FontsPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection FontsPerUser 64 c:\windows\INF\fonts.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptJunglePerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptJunglePerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptMusicaPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptMusicaPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptRegisterPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptRegisterPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptRobotzPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptRobotzPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MmoptUtopiaPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MmoptUtopiaPerUser 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownAvivideoPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownAvivideoPerUser 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownMmsysPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownMmsysPerUser 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownMPlayPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownMPlayPerUser 64 c:\windows\INF\mplay98.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\MotownRecPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection MotownRecPerUser 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\NetservrPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection NetservrPerUser 64 c:\windows\INF\netservr.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsAolPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsAolPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsAttPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsAttPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsCompuservePerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsCompuservePerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsMsnPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsMsnPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\OlsProdigyPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection OlsProdigyPerUser 64 c:\windows\INF\ols.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUserOldLinks]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUserOldLinks 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Base]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Base 64 c:\windows\INF\msmail.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Calc_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Calc_Inis 64 c:\windows\INF\applets.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CDPlayer_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_CDPlayer_Inis 64 c:\windows\INF\mmopt.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CharMap_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_CharMap_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_ClipBrd_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_ClipBrd_Inis 64 c:\windows\INF\clip.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_CVT_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_CVT_Inis 64 c:\windows\INF\applets1.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_DCC_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_DCC_Inis 64 c:\windows\INF\rna.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Dialer_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Dialer_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_dxxspace_Links]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_dxxspace_Links 64 c:\windows\INF\applets1.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Enable_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Enable_Inis 64 c:\windows\INF\enable.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_ICW_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_ICW_Inis 0 c:\windows\INF\icw97.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_LinkBar_URLs]
c:\windows\COMMAND\sulfnbk.exe /L

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_MSBackup_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_MSBackup_Inis 64 c:\windows\INF\applets1.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Msinfo]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Msinfo 64 c:\windows\INF\msinfo.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Msinfo2]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Msinfo2 64 c:\windows\INF\msinfo.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_MSWordPad_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_MSWordPad_Inis 64 c:\windows\INF\wordpad.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_netwatch_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_netwatch_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Onlinelnks_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Onlinelnks_Inis_remove 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Paint_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Paint_Inis 64 c:\windows\INF\applets.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_RNA_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_RNA_Inis 64 c:\windows\INF\rna.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Sysmeter_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Sysmeter_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Sysmon_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Sysmon_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Vol]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Vol 64 c:\windows\INF\motown.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_winapps_Links]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_winapps_Links 64 c:\windows\INF\subase.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_winbase_Links]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_winbase_Links 64 c:\windows\INF\subase.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\PerUser_Wingames_Inis]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection PerUser_Wingames_Inis 64 c:\windows\INF\appletpp.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\SetupcPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection SetupcPerUser 64 c:\windows\INF\setupc.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shell2PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Shell2PerUser 64 c:\windows\INF\shell2.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Shell3PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Shell3PerUser 64 c:\windows\INF\shell3.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ShellPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection ShellPerUser 64 c:\windows\INF\shell.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\TapiPerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection TapiPerUser 64 c:\windows\INF\tapi.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Theme_MoreWindows_PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Themes_MoreWindows_PerUser 0 c:\windows\INF\themes.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Theme_Windows_PerUser]
rundll.exe c:\windows\system32\setupx.dll,InstallHinfSection Themes_Windows_PerUser 0 c:\windows\INF\themes.inf

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4395}]
rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\system32\ie4uinit.inf,Shell.UserStub,,36

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\system32\updcrl.exe -e -u c:\windows\system32\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder

2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-09 c:\windows\Tasks\User_Feed_Synchronization-{317243F2-C32D-4737-80E4-D916852CC106}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

2009-09-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-06 02:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=22847
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Open with Nuance PDF Converter 6.0 - c:\program files\Nuance\PDF Professional 6\cnvres_eng.dll /100
IE: Open with PDF Professional 6 - c:\program files\Nuance\PDF Professional 6\Bin\PlusIEContextMenu.dll/PlusIEContextMenu.htm
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Yahoo! Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\system32\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\system32\iejava.cab
DPF: Microsoft XML Parser for Java
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/fios_settings_POTT20009/include/vzTCPConfig.CAB
DPF: {FFD85DC8-5261-4D11-B728-F7C59D911691} - hxxp://www.iolo.com/app/ocx/UpgradeVerify.ocx
FF - ProfilePath - c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.washingtonpost.com/?reload=true|http://www.huffingtonpost.com/|http://www.msnbc.msn.com/|http://nytimes.com/?adxnnl=1&adxnnlx=1232462628-PVT535YtWh3v7xeOulq/Yg
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1396957&SearchSource=2&q=
FF - component: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\{f592709f-ff4a-4862-b659-4afabda56312}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - component: c:\program files\SiteAdvisor\6009\FF\components\FFHook.dll
FF - plugin: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\documents and settings\Hoddy\Application Data\Mozilla\Firefox\Profiles\4uwbov9f.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\photo programs\Program Files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\Bin\nppdf.dll
FF - plugin: c:\program files\Nuance\PDF Professional 6\bin\nppdf.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 10:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.135\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.135\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1960)
c:\program files\Citrix\GoToAssist\480\G2AWinLogon.dll

- - - - - - - > 'lsass.exe'(2020)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll

- - - - - - - > 'explorer.exe'(1756)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-09 10:39
ComboFix-quarantined-files.txt 2009-09-09 14:38
ComboFix2.txt 2009-09-09 00:48

Pre-Run: 130,453,958,656 bytes free
Post-Run: 130,407,170,048 bytes free

604 --- E O F --- 2009-09-09 07:06


Malwarebytes' Anti-Malware 1.40
Database version: 2764
Windows 5.1.2600 Service Pack 3

9/9/2009 10:48:30 AM
mbam-log-2009-09-09 (10-48-30).txt

Scan type: Quick Scan
Objects scanned: 133529
Time elapsed: 5 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:19 AM

Posted 09 September 2009 - 10:53 AM

Go to Start => Run => copy and paste next command in the field then hit enter:

ComboFix /u

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.

*********

I still am getting the WinPatrol warnings as I noted in my first note about attempted changes to the file type associations for .REG and .SCR files.

There are a couple more file associations changed. This is not malware. You have installed "iolo System Mechanic Professional" on your system. As a security measure it changes those file associations. You can change the settings if you don't want it, or let Winpatrol to allow those changes.

We can restore all file associations but you need to change the settings in "iolo System Mechanic Professional" otherwise it will changes the association again.

Please let me know your decision.

#7 Hfabry

Hfabry
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 09 September 2009 - 12:42 PM

HI Farbar,

I ran the uninstall for ComboFix without a problem.

I guess that if the changes in file association are ok and will not cause me a problem, I'll go ahead and allow them if I get the WinPatrol warning again.

Do you have any comment on Revo Uninstaller? Is it safe to continue using it?

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:19 AM

Posted 09 September 2009 - 12:46 PM

Yes Revo Uninstaller is a good free uninstaller.

Please consult this article by Miekiemoes on How To Prevent Malware.

Do you have any question before we close the topic?

#9 Hfabry

Hfabry
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:19 PM

Posted 09 September 2009 - 02:07 PM

Hi Farbar,

Thanks for the great help you provided!

My only other question is what can I tell folks I had wrong with my computer? Does it have a name?

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:19 AM

Posted 09 September 2009 - 02:17 PM

You are most welcome Hfabry. :(

To answer your question, among others you had a rogue software (fake antivirus called AntipPro2009) and a TDSS variant rootkit.

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a PM and I will reopen it for you.

If you should have a new issue, please start a new topic.

Happy Surfing.!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users