Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware please help!


  • Please log in to reply

#1
jimfdowning

jimfdowning

    Member

  • Member
  • PipPipPip
  • 149 posts
Hi

Mcafee enterprise recently found a trojan on the laptop

It did say it had removed it but since then all sorts of strange redirects and nonsence have been happening.

I have run a Mbam scan and it found nothing!

I'm 99% sure it's infected with something, just don't know what?

Can you please help

I've included a Hihjackthis log.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:33:19 PM, on 4/16/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\windows\system32\spoolsv.exe
c:\drivers\audio\r213367\stacsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\windows\SYSTEM32\DWRCS.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\windows\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\InternetEverywhere\WTGService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\SYSTEM32\DWRCST.exe
C:\windows\Explorer.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BtTray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\windows\system32\AESTFltr.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\windows\OA001Mon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\windows\system32\ctfmon.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\InternetEverywhere\Launcher.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Documents and Settings\bruce\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del...c=eu&l=en&s=gen
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [SecureUpgrade] "C:\Program Files\Wave Systems Corp\SecureUpgrade.exe"
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
O4 - HKLM\..\Run: [CLIVFR] "C:\Program Files\Dell\Latitude ON Reader Data\CLIVFR.exe"
O4 - HKLM\..\Run: [BIOSEvent] "C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [OA001Mon] C:\windows\OA001Mon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DameWare MRC Agent] C:\windows\system32\DWRCST.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\bruce\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
O4 - Global Startup: Launcher.lnk = C:\Program Files\InternetEverywhere\Launcher.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Download all by YouTube Robot - C:\Program Files\YouTubeRobot\downall.htm
O8 - Extra context menu item: Download by YouTube Robot - C:\Program Files\YouTubeRobot\downlink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PE.local
O17 - HKLM\Software\..\Telephony: DomainName = PE.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = PE.local
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\windows\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\windows\SYSTEM32\DWRCS.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: gateProtect VPN Service (GPVPNService) - Unknown owner - C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless WiFi Service (S24EventMonitor) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Smith Micro Connection Manager Service (SMManager) - Smith Micro Software, Inc. - C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\audio\r213367\stacsv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\InternetEverywhere\WTGService.exe

--
End of file - 14404 bytes
  • 0

Advertisements


#2
jimfdowning

jimfdowning

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 149 posts
Sorry forgot to ad the OTL

OTL logfile created on: 4/16/2011 6:29:07 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\bruce\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 42.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 103.88 Gb Free Space | 69.70% Space Free | Partition Type: NTFS
Drive E: | 29.84 Gb Total Space | 11.98 Gb Free Space | 40.14% Space Free | Partition Type: FAT32

Computer Name: UK858DB4J | User Name: bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/16 18:28:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruce\Desktop\OTL.exe
PRC - [2010/10/19 16:13:24 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe
PRC - [2010/10/19 16:13:24 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe
PRC - [2010/10/19 16:13:24 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe
PRC - [2010/01/28 08:18:36 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OA001Mon.exe
PRC - [2010/01/15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/09/09 15:44:55 | 000,308,688 | ---- | M] () -- C:\Program Files\InternetEverywhere\WTGService.exe
PRC - [2009/09/09 15:44:29 | 000,472,528 | ---- | M] (TODO: <Company name>) -- C:\Program Files\InternetEverywhere\Launcher.exe
PRC - [2009/07/26 15:44:00 | 000,236,032 | ---- | M] (DameWare Development LLC) -- C:\WINDOWS\system32\DWRCS.EXE
PRC - [2009/07/26 15:44:00 | 000,078,848 | ---- | M] (DameWare Development) -- C:\WINDOWS\system32\DWRCST.EXE
PRC - [2009/03/17 02:57:38 | 000,483,420 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2009/03/17 02:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R213367\stacsv.exe
PRC - [2009/03/17 02:57:14 | 000,729,088 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\system32\AESTFltr.exe
PRC - [2009/03/01 18:09:38 | 001,810,432 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2009/03/01 18:09:22 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2009/02/22 22:51:40 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2009/02/22 22:51:24 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2009/02/22 22:51:22 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2009/02/22 22:51:22 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2009/02/06 20:10:16 | 001,095,456 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2009/02/06 20:06:56 | 000,443,168 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2009/01/22 10:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
PRC - [2009/01/22 10:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
PRC - [2009/01/19 15:54:16 | 000,667,648 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/01/16 16:41:02 | 000,656,696 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2009/01/16 15:46:22 | 000,015,360 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2009/01/14 10:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/12/29 11:07:28 | 000,320,800 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/12/22 12:15:44 | 000,145,408 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/12/04 13:00:20 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 10:41:16 | 000,442,536 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/10/02 11:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/02 11:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/10/02 10:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/09/29 07:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2008/09/29 07:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 07:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2008/09/29 07:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/09/29 07:07:00 | 000,026,672 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2008/09/29 07:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/08/29 22:43:16 | 000,110,592 | ---- | M] () -- C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe
PRC - [2008/08/15 08:51:34 | 000,604,776 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2008/06/10 20:01:28 | 000,086,016 | ---- | M] () -- C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe
PRC - [2008/04/14 13:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/14 03:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 03:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 03:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe


========== Modules (SafeList) ==========

MOD - [2011/04/16 18:28:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruce\Desktop\OTL.exe
MOD - [2010/08/23 17:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/02/26 22:08:20 | 000,130,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxdo.dll
MOD - [2008/08/15 08:46:02 | 000,073,728 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/09/09 15:44:55 | 000,308,688 | ---- | M] () [Auto | Running] -- C:\Program Files\InternetEverywhere\WTGService.exe -- (WTGService)
SRV - [2009/07/26 15:44:00 | 000,236,032 | ---- | M] (DameWare Development LLC) [Auto | Running] -- C:\windows\System32\DWRCS.EXE -- (DWMRCS)
SRV - [2009/03/17 02:57:26 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R213367\stacsv.exe -- (STacSV)
SRV - [2009/03/01 18:09:22 | 000,077,824 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2009/02/06 20:06:56 | 000,443,168 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2009/01/22 10:19:20 | 000,808,296 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2009/01/22 10:19:20 | 000,020,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2009/01/14 10:23:50 | 000,991,232 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/12/29 11:07:28 | 000,320,800 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/12/12 09:54:00 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/12/04 13:00:26 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2008/10/02 11:26:42 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/02 11:06:56 | 000,905,216 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/10/02 10:56:44 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/09/29 07:07:00 | 000,143,088 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/09/29 07:07:00 | 000,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 07:07:00 | 000,062,800 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/09/29 07:07:00 | 000,019,456 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008/06/10 20:01:28 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\gateProtect\VPN Client\bin\GPVPNService.exe -- (GPVPNService)
SRV - [2008/03/14 03:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/04/19 05:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)


========== Driver Services (SafeList) ==========

DRV - [2011/02/10 13:09:03 | 000,103,040 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2010/01/28 08:20:32 | 000,281,472 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Vid.sys -- (OA001Vid)
DRV - [2009/05/28 01:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Afx.sys -- (OA001Afx)
DRV - [2009/03/17 02:57:30 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2009/03/17 02:57:12 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009/03/06 06:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV - [2009/02/26 22:08:52 | 000,109,568 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2009/02/22 23:59:26 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) Intel®
DRV - [2009/02/22 22:51:20 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009/01/22 10:16:14 | 000,032,808 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009/01/16 16:41:06 | 000,208,824 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/01/14 11:51:50 | 000,230,952 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys -- (SRS_PremiumSound_Service)
DRV - [2008/12/13 10:27:50 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/09/29 07:07:00 | 000,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 07:07:00 | 000,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 07:07:00 | 000,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 07:07:00 | 000,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 07:07:00 | 000,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 07:07:00 | 000,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/09/25 07:22:02 | 003,634,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®
DRV - [2008/08/28 23:05:26 | 000,991,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/08/28 22:58:00 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/08/04 11:32:26 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/07/08 23:04:46 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/04 13:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/01 15:48:14 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/02/20 21:19:56 | 000,030,816 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\windows\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/04/19 05:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2007/02/15 19:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007/02/07 19:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2006/11/22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 09:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 09:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/06/14 10:53:00 | 000,029,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www1.euro.del...c=eu&l=en&s=gen
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {ada2ac0d-15c6-4611-ba5d-5b0a8b52fd6d} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/24 10:06:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 10:06:44 | 000,000,000 | ---D | M]

[2010/10/18 14:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bruce\Application Data\Mozilla\Extensions
[2011/02/04 07:38:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bruce\Application Data\Mozilla\Firefox\Profiles\wirv5ejq.default\extensions
[2010/10/19 09:13:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\bruce\Application Data\Mozilla\Firefox\Profiles\wirv5ejq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/16 18:11:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/16 16:11:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2009/05/12 22:26:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/10/06 08:16:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/09/14 22:09:10 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/09/14 22:09:10 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/09/14 22:09:10 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/09/14 22:09:10 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

Hosts file not found
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AESTFltr] C:\windows\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [BIOSEvent] C:\Program Files\Dell\Latitude ON Reader Data\BIOSEvent.exe ()
O4 - HKLM..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [CLIVFR] C:\Program Files\Dell\Latitude ON Reader Data\CLIVFR.exe (CyberLink)
O4 - HKLM..\Run: [DameWare MRC Agent] C:\WINDOWS\system32\DWRCST.EXE (DameWare Development)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OA001Mon] C:\WINDOWS\OA001Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Launcher.lnk = C:\Program Files\InternetEverywhere\Launcher.exe (TODO: <Company name>)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = PE.local
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 22:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/16 18:28:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\bruce\Desktop\OTL.exe
[2011/04/16 18:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bruce\Application Data\URSoft
[2011/04/16 17:32:50 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\bruce\Desktop\HijackThis.exe
[2011/04/16 17:29:06 | 000,000,000 | ---D | C] -- C:\windows\XSxS
[2011/04/16 17:29:06 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
[2011/04/16 17:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bruce\Local Settings\Application Data\Xenocode
[2011/04/16 12:16:53 | 000,000,000 | ---D | C] -- C:\windows\ServicePackFiles
[2011/04/16 12:13:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/04/13 19:09:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/12 19:31:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bruce\Application Data\Malwarebytes
[2011/04/12 19:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/12 19:30:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/04/12 19:30:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/12 19:30:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/04/12 19:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/12 19:30:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bruce\Desktop\Malwarebytes' Anti-Malware
[2011/04/12 19:30:02 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\bruce\Desktop\mbam-setup-1.46.exe
[2011/04/11 20:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/11 20:24:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/11 20:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/11 20:10:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/11 20:10:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/16 18:28:14 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\bruce\Desktop\OTL.exe
[2011/04/16 18:26:01 | 000,000,976 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793186081-2313606279-1875024928-1769UA.job
[2011/04/16 17:32:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\bruce\Desktop\HijackThis.exe
[2011/04/16 17:25:41 | 000,575,396 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/04/16 17:25:41 | 000,114,848 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/04/16 17:21:23 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\bruce\Local Settings\Application Data\WavXMapDrive.bat
[2011/04/16 17:21:02 | 000,002,206 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2011/04/16 17:20:27 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2011/04/16 17:20:24 | 2097,045,504 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/16 16:10:22 | 000,000,610 | ---- | M] () -- C:\Documents and Settings\bruce\Desktop\Shortcut to IT problems.lnk
[2011/04/16 12:32:58 | 000,267,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/04/16 12:16:48 | 000,001,374 | ---- | M] () -- C:\windows\imsins.BAK
[2011/04/15 12:42:39 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/04/15 10:14:38 | 000,001,830 | ---- | M] () -- C:\Documents and Settings\bruce\Desktop\GoToWebinar.lnk
[2011/04/14 15:48:08 | 000,000,664 | ---- | M] () -- C:\windows\System32\d3d9caps.dat
[2011/04/14 09:42:01 | 000,116,736 | ---- | M] () -- C:\Documents and Settings\bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/14 09:26:01 | 000,000,924 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3793186081-2313606279-1875024928-1769Core.job
[2011/04/11 10:32:31 | 000,001,138 | RHS- | M] () -- C:\Documents and Settings\bruce\ntuser.pol
[2011/04/06 13:22:58 | 000,256,477 | ---- | M] () -- C:\Documents and Settings\bruce\My Documents\LH_WEBCKI.GB.STANDALONE.YyHeK5CG9893o6zsn0LNF7.pdf
[2011/03/31 16:18:56 | 000,000,668 | ---- | M] () -- C:\Documents and Settings\bruce\Desktop\Spotify.lnk
[2011/03/27 17:27:34 | 000,002,286 | ---- | M] () -- C:\Documents and Settings\bruce\Desktop\Google Chrome.lnk
[2011/03/27 17:27:34 | 000,002,264 | ---- | M] () -- C:\Documents and Settings\bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/16 16:10:22 | 000,000,610 | ---- | C] () -- C:\Documents and Settings\bruce\Desktop\Shortcut to IT problems.lnk
[2011/04/11 20:11:56 | 000,000,664 | ---- | C] () -- C:\windows\System32\d3d9caps.dat
[2011/04/06 11:33:58 | 000,256,477 | ---- | C] () -- C:\Documents and Settings\bruce\My Documents\LH_WEBCKI.GB.STANDALONE.YyHeK5CG9893o6zsn0LNF7.pdf
[2011/03/21 12:46:52 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\bruce\Desktop\GoToWebinar.lnk
[2011/02/17 19:13:04 | 000,829,781 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/10/19 16:08:09 | 000,116,736 | ---- | C] () -- C:\Documents and Settings\bruce\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/18 14:18:45 | 000,000,056 | -H-- | C] () -- C:\windows\System32\ezsidmv.dat
[2010/10/18 14:09:35 | 000,000,000 | ---- | C] () -- C:\windows\nsreg.dat
[2010/10/06 12:05:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\bruce\Local Settings\Application Data\WavXMapDrive.bat
[2009/05/18 14:41:50 | 000,153,088 | ---- | C] () -- C:\windows\System32\UNWISE.EXE
[2009/05/18 14:41:50 | 000,024,576 | ---- | C] () -- C:\windows\System32\hdsuinst.exe
[2009/05/13 07:09:48 | 000,982,192 | ---- | C] () -- C:\windows\System32\igkrng500.bin
[2009/05/13 07:09:48 | 000,417,344 | ---- | C] () -- C:\windows\System32\igcompkrng500.bin
[2009/05/13 07:09:46 | 000,077,824 | ---- | C] () -- C:\windows\setpwr32.exe
[2009/05/13 07:08:39 | 000,001,169 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2009/05/12 23:02:12 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2009/05/12 22:53:09 | 000,000,234 | ---- | C] () -- C:\windows\wininit.ini
[2009/05/12 22:52:26 | 000,230,952 | R--- | C] () -- C:\windows\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/12 22:37:12 | 000,279,888 | ---- | C] () -- C:\windows\System32\brcmbsp.dll
[2009/05/12 22:34:50 | 000,080,368 | ---- | C] () -- C:\windows\System32\pbadrvdll.dll
[2009/03/01 18:01:02 | 000,143,360 | R--- | C] () -- C:\windows\System32\preflib.dll
[2008/12/22 12:13:54 | 000,249,856 | ---- | C] () -- C:\windows\System32\wxvault.dll
[2008/12/19 18:59:18 | 000,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_tr.dll
[2008/12/19 18:59:16 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_ro.dll
[2008/12/19 18:59:16 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_pt-BR.dll
[2008/12/19 18:59:14 | 000,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_hu.dll
[2008/12/19 18:59:14 | 000,094,208 | ---- | C] () -- C:\windows\System32\Internationalization_he.dll
[2008/12/19 18:59:12 | 000,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_fi.dll
[2008/12/19 18:59:10 | 000,106,496 | ---- | C] () -- C:\windows\System32\Internationalization_el.dll
[2008/12/19 18:59:10 | 000,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_cs.dll
[2008/12/19 18:59:08 | 000,094,208 | ---- | C] () -- C:\windows\System32\Internationalization_ar.dll
[2008/12/19 18:59:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\Internationalization_zh-CHT.dll
[2008/12/19 18:59:06 | 000,081,920 | ---- | C] () -- C:\windows\System32\Internationalization_zh-CHS.dll
[2008/12/19 18:59:04 | 000,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_sv.dll
[2008/12/19 18:59:04 | 000,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_ru.dll
[2008/12/19 18:59:02 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_pt.dll
[2008/12/19 18:59:00 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_pl.dll
[2008/12/19 18:59:00 | 000,098,304 | ---- | C] () -- C:\windows\System32\Internationalization_no.dll
[2008/12/19 18:58:58 | 000,106,496 | ---- | C] () -- C:\windows\System32\Internationalization_nl.dll
[2008/12/19 18:58:56 | 000,090,112 | ---- | C] () -- C:\windows\System32\Internationalization_ja.dll
[2008/12/19 18:58:56 | 000,086,016 | ---- | C] () -- C:\windows\System32\Internationalization_ko.dll
[2008/12/19 18:58:54 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_it.dll
[2008/12/19 18:58:54 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_fr.dll
[2008/12/19 18:58:52 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_es.dll
[2008/12/19 18:58:50 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_de.dll
[2008/12/19 18:58:48 | 000,102,400 | ---- | C] () -- C:\windows\System32\Internationalization_da.dll
[2008/12/11 15:51:36 | 000,010,752 | ---- | C] () -- C:\windows\System32\Wavx_ESC_Logging.dll
[2008/12/11 12:59:48 | 000,512,000 | ---- | C] () -- C:\windows\System32\AmRes_en.dll
[2008/12/11 12:59:46 | 000,540,672 | ---- | C] () -- C:\windows\System32\AmRes_fr.dll
[2008/12/11 12:59:46 | 000,540,672 | ---- | C] () -- C:\windows\System32\AmRes_es.dll
[2008/12/11 12:59:46 | 000,536,576 | ---- | C] () -- C:\windows\System32\AmRes_it.dll
[2008/12/11 12:59:44 | 000,520,192 | ---- | C] () -- C:\windows\System32\AmRes_ja.dll
[2008/12/11 12:59:44 | 000,503,808 | ---- | C] () -- C:\windows\System32\AmRes_ko.dll
[2008/12/11 12:59:42 | 000,565,248 | ---- | C] () -- C:\windows\System32\AmRes_ru.dll
[2008/12/11 12:59:42 | 000,524,288 | ---- | C] () -- C:\windows\System32\AmRes_pt-BR.dll
[2008/12/11 12:59:40 | 000,516,096 | ---- | C] () -- C:\windows\System32\AmRes_da.dll
[2008/12/11 12:59:40 | 000,479,232 | ---- | C] () -- C:\windows\System32\AmRes_zh-CHT.dll
[2008/12/11 12:59:40 | 000,475,136 | ---- | C] () -- C:\windows\System32\AmRes_zh-CHS.dll
[2008/12/11 12:59:38 | 000,540,672 | ---- | C] () -- C:\windows\System32\AmRes_nl.dll
[2008/12/11 12:59:38 | 000,512,000 | ---- | C] () -- C:\windows\System32\AmRes_no.dll
[2008/12/11 12:59:36 | 000,528,384 | ---- | C] () -- C:\windows\System32\AmRes_pl.dll
[2008/12/11 12:59:36 | 000,516,096 | ---- | C] () -- C:\windows\System32\AmRes_sv.dll
[2008/12/11 12:59:36 | 000,512,000 | ---- | C] () -- C:\windows\System32\AmRes_ar.dll
[2008/12/11 12:59:34 | 000,536,576 | ---- | C] () -- C:\windows\System32\AmRes_el.dll
[2008/12/11 12:59:34 | 000,528,384 | ---- | C] () -- C:\windows\System32\AmRes_cs.dll
[2008/12/11 12:59:34 | 000,520,192 | ---- | C] () -- C:\windows\System32\AmRes_fi.dll
[2008/12/11 12:59:34 | 000,503,808 | ---- | C] () -- C:\windows\System32\AmRes_he.dll
[2008/12/11 12:59:32 | 000,532,480 | ---- | C] () -- C:\windows\System32\AmRes_pt-PT.dll
[2008/12/11 12:59:32 | 000,528,384 | ---- | C] () -- C:\windows\System32\AmRes_hu.dll
[2008/12/11 12:59:30 | 000,532,480 | ---- | C] () -- C:\windows\System32\AmRes_ro.dll
[2008/12/11 12:59:30 | 000,524,288 | ---- | C] () -- C:\windows\System32\AmRes_tr.dll
[2008/12/11 12:56:30 | 000,544,768 | ---- | C] () -- C:\windows\System32\AmRes_de.dll
[2008/10/06 18:36:56 | 000,839,680 | ---- | C] () -- C:\windows\System32\DemoLicense.dll
[2008/08/15 08:46:30 | 002,854,912 | ---- | C] () -- C:\windows\System32\btwicons.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\windows\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\windows\System32\structuredqueryschema.bin
[2008/04/25 22:31:41 | 000,002,048 | --S- | C] () -- C:\windows\bootstat.dat
[2008/04/25 22:27:18 | 000,021,640 | ---- | C] () -- C:\windows\System32\emptyregdb.dat
[2008/04/25 22:26:32 | 000,001,793 | ---- | C] () -- C:\windows\System32\fxsperf.ini
[2008/04/25 17:16:24 | 000,004,569 | ---- | C] () -- C:\windows\System32\secupd.dat
[2008/04/25 17:16:22 | 000,575,396 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2008/04/25 17:16:22 | 000,272,128 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2008/04/25 17:16:22 | 000,114,848 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2008/04/25 17:16:22 | 000,028,626 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2008/04/25 17:16:22 | 000,004,627 | ---- | C] () -- C:\windows\System32\oembios.dat
[2008/04/25 17:16:21 | 013,107,200 | ---- | C] () -- C:\windows\System32\oembios.bin
[2008/04/25 17:16:20 | 000,000,741 | ---- | C] () -- C:\windows\System32\noise.dat
[2008/04/25 17:16:18 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2008/04/25 17:16:18 | 000,046,258 | ---- | C] () -- C:\windows\System32\mib.bin
[2008/04/25 17:16:13 | 000,218,003 | ---- | C] () -- C:\windows\System32\dssec.dat
[2008/04/25 17:16:11 | 000,001,804 | ---- | C] () -- C:\windows\System32\Dcache.bin
[2008/04/25 10:22:39 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2008/04/25 10:21:52 | 000,267,008 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2008/03/25 09:46:00 | 000,077,536 | ---- | C] () -- C:\windows\System32\xltZlib.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\windows\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\windows\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\windows\System32\gthrctr.ini
[2007/04/19 05:52:16 | 000,080,720 | ---- | C] () -- C:\windows\System32\AsfBios.dll
[2007/04/19 05:28:10 | 000,025,424 | ---- | C] () -- C:\windows\System32\drivers\netamsg.dll
[2006/06/30 12:58:44 | 000,176,128 | R--- | C] () -- C:\windows\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 000,126,976 | R--- | C] () -- C:\windows\System32\bioapi100.dll
[2006/06/12 08:01:16 | 000,348,160 | ---- | C] () -- C:\windows\tsp.dll
[2004/09/10 13:34:00 | 000,917,504 | ---- | C] () -- C:\windows\System32\lmgr10.dll
[2004/09/10 13:34:00 | 000,057,344 | ---- | C] () -- C:\windows\System32\ADsSecurity.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/05/12 22:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/04/13 09:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GaBi
[2009/05/25 10:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gateProtect
[2010/10/06 12:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GroupPolicy
[2009/05/12 22:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2011/03/24 19:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/10/06 09:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2010/11/15 20:15:40 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{F21B5E3D-755A-4373-8E6E-1612889726C2}
[2009/05/12 22:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\Broadcom
[2010/10/12 15:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\gateProtect
[2011/02/10 13:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\InternetEverywhere
[2011/04/13 18:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\Spotify
[2010/10/18 10:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\TeamViewer
[2011/04/16 18:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\URSoft
[2009/05/12 23:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\Wave Systems Corp
[2009/05/12 22:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\Windows Desktop Search
[2011/01/24 17:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\Windows Search
[2010/10/19 16:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\bruce\Application Data\Xerox

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4EA859B

< End of report >
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP