Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Intermittent Google Redirects and 'msadet.dll' [Solved]


  • This topic is locked This topic is locked

#1
idrawstuff

idrawstuff

    Member

  • Member
  • PipPip
  • 72 posts
Hello everyone,

On Thursday the following message started popping up in my McAfee Open Access Protection Log:

3/29/2012 11:46:13 AM Would be blocked by Access Protection rule (rule is currently not enforced) DTB\mike C:\WINDOWS\Explorer.EXE C:\Documents and Settings\mike.DTB\Local Settings\Temp\msadet.dll Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

3/29/2012 11:46:13 AM Would be blocked by Access Protection rule (rule is currently not enforced) DTB\mike C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\mike.DTB\Local Settings\Temp\msadet.dll Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

By Friday I started noticing intermittent redirects on Google Searches - maybe only one out of fifteen searches redirects, and so far I've only noticed it in Firefox. I went ahead and ran rKill in Safe Mode, and proceeded to download/update/run TDSSKiller and Malware Bytes. Both ended up with no results.

I also emptied my Temp files. I noticed two files were unable to be deleted because they were 'in use' however, the above mentioned msadet.dll and also something called scpepc.dll - shortly thereafter I started getting this message in my box as well:

3/30/2012 3:11:05 PM Would be blocked by Access Protection rule (rule is currently not enforced) DTB\mike C:\WINDOWS\Explorer.EXE C:\Documents and Settings\mike.DTB\Local Settings\Temp\scpepc.dll Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

The only change to Firefox I made that I can think of is that I added Screengrab (fix version) 0.96.5c - I thought I had removed it Friday, but I still see it there now, so I'll disable it now.

This morning I got another redirect, so I thought I'd download OTL and come to you guys. My log is below:

OTL logfile created on: 4/2/2012 8:45:21 AM - Run 5
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 54.71% Memory free
4.84 Gb Paging File | 3.57 Gb Available in Paging File | 73.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 109.44 Gb Free Space | 49.01% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 99.60 Gb Free Space | 44.35% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 99.60 Gb Free Space | 44.35% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 99.60 Gb Free Space | 44.35% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 931.15 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 08:39:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection\OTL.exe
PRC - [2012/03/17 17:56:55 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/30 14:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/22 10:21:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 20:55:18 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/30 08:09:05 | 008,797,344 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012/03/17 17:56:54 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/08/30 13:55:00 | 002,469,888 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2011/04/15 12:44:39 | 011,800,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\d7b7ee04166212533ae21eaeb584fb0d\System.Web.ni.dll
MOD - [2011/04/15 12:30:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/04/15 12:28:17 | 000,097,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\9c361b4d359cd3526ef10f9d7b17c4d1\Act.Shared.Utilities.ni.dll
MOD - [2011/04/15 12:11:59 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/04/15 12:11:46 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/04/15 12:11:26 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/04/15 12:09:37 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/04/15 12:09:24 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/04/15 12:08:24 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2011/04/15 12:08:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2011/04/15 12:08:05 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/10/17 13:50:12 | 000,389,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.Outlook.dll
MOD - [2008/10/17 13:50:10 | 000,004,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2008/10/17 13:50:03 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Act.Outlook.Message.Reader\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll
MOD - [2008/10/17 13:50:03 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll
MOD - [2008/10/17 13:50:03 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Shared\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll
MOD - [2008/10/17 13:50:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll
MOD - [2008/10/17 13:50:03 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll
MOD - [2008/02/12 20:02:39 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2758.36908__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2758.37142__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,237,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2758.36865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2758.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2758.37134__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2758.37090__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2758.36900__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2758.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2758.37024__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2758.36886__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:38 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2758.37171__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:16 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2758.37098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2758.37084__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2758.37178__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2758.36915__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2758.37104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:16 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2758.36879__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2758.37097__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:16 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2758.37090__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2758.36915__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,897,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2758.37135__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2758.37034__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2758.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2758.36887__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2758.37119__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:15 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2758.37077__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2758.37019__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2758.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:15 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2758.36929__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2758.37056__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2758.37033__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2758.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2758.37055__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2758.37076__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2758.37026__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:14 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2758.37025__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/02/12 20:02:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2758.37032__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/02/12 20:02:14 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/02/12 20:02:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2729.30229__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2729.30217__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/02/12 20:02:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2758.37201__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/02/12 20:02:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2758.36855__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/02/12 20:02:05 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2758.36873__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/02/12 20:02:05 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2758.36895__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/02/12 20:02:05 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2758.37156__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2758.36857__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/02/12 20:02:05 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2758.36857__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/02/12 20:02:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2758.37155__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2758.36856__90ba9c70f846762e\APM.Server.dll
MOD - [2008/02/12 20:02:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2758.36855__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2758.37156__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/02/12 20:02:05 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/02/06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/17 13:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 13:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fishbowl\database\bin\fb_inet_server.exe -- (FirebirdServerDefaultInstance)
SRV - [2012/03/30 08:09:07 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/12 20:43:55 | 000,155,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\imapihp.exe -- (ImapiService)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/23 21:00:54 | 000,065,536 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2007/06/08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/03/24 13:49:13 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/21 14:02:46 | 002,363,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/28 07:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 07:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 07:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 07:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 07:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 07:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 07:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/30 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...-1&q=&sa=Search
IE - HKCU\..\SearchScopes,DefaultScope = {28EF7B43-C488-49D4-9BCF-EEEE0608B2C7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{28EF7B43-C488-49D4-9BCF-EEEE0608B2C7}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=mpes"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Documents and Settings\mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 17:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 09:43:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\mike\Application Data\Move Networks
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}\ [2012/03/29 11:46:49 | 000,000,000 | ---D | M]

[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions
[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/03/29 12:07:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions
[2010/09/10 08:12:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/09 10:18:48 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/15 22:09:10 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\searchplugins\live-search.xml
[2012/01/13 09:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MIKE.DTB\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\6G126BDX.DEFAULT\EXTENSIONS\{02450914-CDD9-410F-B1DA-DB004E18C671}.XPI
[2012/03/29 11:46:49 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\APPLICATION DATA\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}
[2012/03/17 17:56:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/11 05:55:48 | 000,258,560 | ---- | M] (Dassault Systčmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/09/29 20:14:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/01/13 09:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/13 09:15:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2011/05/24 22:42:41 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [msadet] C:\Documents and Settings\mike.DTB\Local Settings\Temp\msadet.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [scpepc] C:\Documents and Settings\mike.DTB\Local Settings\Temp\scpepc.dll (Dogbert)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://weatherguard...._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229627490044 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://evalue.inter...nloads/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DTB.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E84A911A-1C88-44AE-AA3A-510F6527B2DE}: DhcpNameServer = 192.168.0.16
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\SYSTEM32\Userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 11:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}
[2012/03/24 13:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\DroidCam
[2012/03/23 13:51:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi

========== Files - Modified Within 30 Days ==========

[2012/04/02 08:50:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
[2012/04/02 08:40:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/02 08:34:13 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/04/02 08:31:58 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/02 08:31:54 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/02 08:29:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 08:29:54 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/30 17:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/30 12:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/03/30 09:12:56 | 000,005,701 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\PO 932ML - Revision A.pdf
[2012/03/29 18:24:12 | 000,389,726 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DCBSRW_26301.dwg
[2012/03/29 12:20:12 | 000,170,415 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\submit.JPG
[2012/03/29 11:48:14 | 000,028,099 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\New Purchase Order - With Part Numbers.pdf
[2012/03/29 10:04:45 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to DTB DATA MAIN .mdb.lnk
[2012/03/28 22:50:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
[2012/03/27 17:09:58 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2012/03/27 11:43:20 | 009,394,830 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\completeversion.pdf
[2012/03/26 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/26 14:43:45 | 000,641,495 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Q27701 - Shell Pipeline.pdf
[2012/03/24 14:57:11 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/24 13:49:13 | 000,021,376 | ---- | M] (Dev47Apps) -- C:\WINDOWS\System32\drivers\droidcam.sys
[2012/03/19 11:07:29 | 002,995,024 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03143.JPG
[2012/03/19 11:07:29 | 002,859,474 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03158.JPG
[2012/03/19 11:07:29 | 002,760,152 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03165.JPG
[2012/03/13 09:42:53 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/03/13 08:10:07 | 000,503,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/13 08:10:06 | 000,093,662 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2012/03/30 14:58:33 | 3220,492,288 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/30 09:12:55 | 000,005,701 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\PO 932ML - Revision A.pdf
[2012/03/30 08:09:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/29 18:24:12 | 000,389,726 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DCBSRW_26301.dwg
[2012/03/29 12:15:50 | 000,170,415 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\submit.JPG
[2012/03/29 11:48:14 | 000,028,099 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\New Purchase Order - With Part Numbers.pdf
[2012/03/29 10:04:45 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to DTB DATA MAIN .mdb.lnk
[2012/03/27 17:09:58 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2012/03/27 11:43:04 | 009,394,830 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\completeversion.pdf
[2012/03/26 14:43:35 | 000,641,495 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Q27701 - Shell Pipeline.pdf
[2012/03/24 14:57:11 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/19 11:07:29 | 002,995,024 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03143.JPG
[2012/03/19 11:07:29 | 002,859,474 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03158.JPG
[2012/03/19 11:07:29 | 002,760,152 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03165.JPG
[2012/03/13 11:29:21 | 003,405,772 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CIMG0993.JPG
[2012/03/13 11:29:21 | 003,330,924 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CIMG0988.JPG
[2012/02/06 09:43:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/11/01 16:59:35 | 000,622,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/14 17:46:16 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011/03/03 17:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/16 01:13:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

========== LOP Check ==========

[2008/10/17 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2010/06/24 08:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/09/20 08:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/11/12 09:11:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/06 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/30 10:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/25 15:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/09/29 20:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/25 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2010/07/30 12:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/20 20:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/18 20:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\winLAME
[2010/04/03 15:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 17:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/17 13:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\ACT
[2011/04/05 14:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Add-in Express
[2011/09/20 08:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Autodesk
[2011/08/10 17:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\CompanionLink
[2012/02/06 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\DassaultSystemes
[2012/02/06 09:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EDrawings
[2010/03/03 19:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EuroTalk
[2012/03/27 17:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\gtk-2.0
[2009/06/14 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\InterVideo
[2008/10/17 13:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\IsolatedStorage
[2009/04/08 22:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Mp3tag
[2009/01/25 17:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Nikon
[2008/02/12 20:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\SampleView
[2008/12/24 20:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Snapfish
[2011/12/27 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Spotify
[2009/01/20 20:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\TomTom

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3E7393FC
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C895616B

< End of report >

Thanks!
  • 0

Advertisements


#2
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
I hope I wasn't breaking any rules by jumping the gun, but I was starting to get redirects for every other link, depending on the search. After playing with IE and Chrome, as well as Firefox in Safe Mode, I realized the normal Firefox was the only one that was giving me problems so I went ahead and downloaded and ran Gooredfix - the results are below:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:11 on 02/04/2012 (mike)
Firefox version 11.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:26 22/10/2008]

C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\
{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [17:18 09/03/2012]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [21:16 05/08/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [02:08 19/03/2010]

-=E.O.F=-

I don't seem to have the redirect problem anymore, although I only ran it a few minutes ago - still, a dozen links so for, and no problems. If the redirects return I'll let you know.

***

EDIT: Nope, after a day without problems, the redirects started again this morning :-(

Edited by idrawstuff, 04 April 2012 - 10:35 AM.

  • 0

#3
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Hi

Welcome to Geekstogo. I'll be helping you with this problem.
I'm going through your log now and will get back to you shortly
  • 0

#4
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
» Step1«

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKLM..\Run: [msadet] C:\Documents and Settings\mike.DTB\Local Settings\Temp\msadet.dll (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [scpepc] C:\Documents and Settings\mike.DTB\Local Settings\Temp\scpepc.dll (Dogbert)
    
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

» Step2 «
ComboFix

Notes:
  • If you have a previous version of Combofix.exe, delete it and download a fresh copy.
  • It must be saved to your desktop, do not run it
  • Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop
http://download.blee...Bs/ComboFix.exe
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
  • A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
Posted Image
Posted Image

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.
  • 0

#5
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Ran both and they seemed to have worked fine. However, even with my task bar clear and me in Safe Mode, Combofix insisted that McAfee Virus Scanner was running. I even opened up the console and made sure all services were stopped, but it still insisted it was running, but it said it would proceed at my own risk. Secondly, I accidentally left an instance of Chrome open, but it didn't seem to have any negative effects.

When the computer rebooted I got the following message when I opened Firefox and iGoogle (my home page) came up:

A script on this page may be busy, or it may have stopped responding. You can stop the script now, or you can continue to see if the script will complete.

Script: resource:///components/nsBlocklistService.js:756


Anyways, here's the logs:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\msadet deleted successfully.
C:\Documents and Settings\mike.DTB\Local Settings\Temp\msadet.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\scpepc deleted successfully.
C:\Documents and Settings\mike.DTB\Local Settings\Temp\scpepc.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Administrator.DOUGLASS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: administrator.DTB
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: mike

User: mike.DTB
->Temp folder emptied: 208107 bytes
->Temporary Internet Files folder emptied: 209667199 bytes
->Java cache emptied: 5534807 bytes
->FireFox cache emptied: 49604792 bytes
->Google Chrome cache emptied: 1953812 bytes
->Flash cache emptied: 175446 bytes

User: mike.new
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1330820 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 95209997 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 198493357 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 473369355 bytes

Total Files Cleaned = 988.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04062012_080947

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_244.dat not found!
File\Folder C:\WINDOWS\temp\WFV459.tmp not found!

Registry entries deleted on Reboot...

***********************************************************************************************

ComboFix 12-04-06.02 - mike 04/06/2012 8:29.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2740 [GMT -7:00]
Running from: c:\documents and settings\mike.DTB\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\mike.DTB\Application Data\Adobe\plugs
c:\documents and settings\mike.DTB\Application Data\Adobe\shed
c:\documents and settings\mike.DTB\GoToAssistDownloadHelper.exe
c:\documents and settings\mike.DTB\Recent\Thumbs.db
c:\windows\dasetup.log
c:\windows\EventSystem.log
.
.
((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 )))))))))))))))))))))))))))))))
.
.
2012-03-30 15:09 . 2012-03-30 15:09 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-29 18:46 . 2012-03-29 18:46 -------- d-----w- c:\documents and settings\mike.DTB\Local Settings\Application Data\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}
2012-03-24 20:49 . 2012-03-24 20:51 -------- d-----w- c:\program files\DroidCam
2012-03-18 00:56 . 2012-03-18 00:56 592824 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2012-03-18 00:56 . 2012-03-18 00:56 44472 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-05 15:08 . 2008-10-17 20:50 952 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-03-30 15:09 . 2011-06-02 15:06 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-24 20:49 . 2011-03-15 00:30 21376 ----a-w- c:\windows\system32\drivers\droidcam.sys
2012-03-18 00:56 . 2011-05-09 05:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-15 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-07 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
"Act.Outlook.Service"="c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe" [2007-10-24 9728]
"Act! Preloader"="c:\program files\ACT\Act for Windows\ActSage.exe" [2007-10-24 393216]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2011-08-30 624056]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-22 198160]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"OTL"="c:\documents and settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection\OTL.exe" [2012-04-02 593920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-17 805392]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-06-08 17:04 49152 ----a-r- c:\windows\system32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 10:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2208305938-3398277434-4084721784-1139\Scripts\Logoff\0\0]
"Script"=logoff.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2208305938-3398277434-4084721784-1139\Scripts\Logon\0\0]
"Script"=\\dtbfs1\netlogon\logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2208305938-3398277434-4084721784-1139\Scripts\Logon\1\0]
"Script"=logon.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2208305938-3398277434-4084721784-500\Scripts\Logon\0\0]
"Script"=\\dtbfs1\netlogon\logon.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Product Registration.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Product Registration.lnk
backup=c:\windows\pss\Product Registration.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Fishbowl Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Fishbowl Client.lnk
backup=c:\windows\pss\Fishbowl Client.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2007-09-20 20:58 61440 ----a-w- c:\program files\Hewlett-Packard\Default Settings\Cpqset.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 13:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 11:12 76304 ----a-w- c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2007-04-19 21:26 484904 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-04 13:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 13:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PTHOSTTR]
2007-01-09 23:52 145184 ----a-w- c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-11-07 00:34 177456 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2005-12-21 00:51 1187840 ----a-w- c:\windows\SMINST\Recguard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
2006-03-10 01:38 806912 ----a-w- c:\windows\CREATOR\Remind_XP.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Scheduler]
2006-10-09 19:23 697976 ----a-w- c:\windows\SMINST\Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
2007-05-23 18:00 192512 ----a-w- c:\program files\InterVideo\DVD Check\DVDCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\mike.DTB\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"58870:TCP"= 58870:TCP:Pando Media Booster
"58870:UDP"= 58870:UDP:Pando Media Booster
.
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
S2 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [10/17/2008 1:49 PM 65536]
S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;"c:\program files\Fishbowl\database\bin\fb_inet_server.exe" -s DefaultInstance --> c:\program files\Fishbowl\database\bin\fb_inet_server.exe [?]
S2 gupdate1c95e6d55cba368;Google Update Service (gupdate1c95e6d55cba368);c:\program files\Google\Update\GoogleUpdate.exe [12/14/2008 9:26 PM 133104]
S2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/22/2011 5:21 AM 92592]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/30/2012 8:09 AM 253600]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [2/12/2008 8:43 PM 30008]
S3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [3/14/2011 5:30 PM 21376]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [6/8/2007 10:06 AM 172131]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [12/14/2008 9:26 PM 133104]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 1:22 PM 34064]
S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [7/7/2008 12:23 PM 20480]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [5/9/2008 11:08 AM 174336]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [3/20/2009 7:03 PM 32408]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 21:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:09]
.
2012-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
.
2012-04-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-15 23:23]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 16:16]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-15 16:16]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
- c:\documents and settings\mike.DTB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 15:09]
.
2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
- c:\documents and settings\mike.DTB\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 15:09]
.
2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-09-07 22:31]
.
2011-05-23 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-09-07 22:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/cse?cx=partner-pub-3540673482024757:xbhdw8hkfz5&ie=ISO-8859-1&q=&sa=Search
uInternet Settings,ProxyOverride = *.local;<local>
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 192.168.0.16
DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} - hxxp://weatherguard.com/vs/KnaackCtl_www.weatherguard.com_downloader.cab
FF - ProfilePath - c:\documents and settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=mpes
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?&q=
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-bptdctlt - c:\documents and settings\mike\Local Settings\Application Data\rtcrra\vxuusftav.exe
AddRemove-HijackThis - c:\documents and settings\mike\Desktop\HijackThis.exe
AddRemove-Macromedia Shockwave Player - c:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-Move Media Player - c:\documents and settings\mike\Application Data\Move Networks\uninstall.exe
AddRemove-Yahoo! BrowserPlus - c:\documents and settings\mike\Local Settings\Application Data\Yahoo!\BrowserPlus\BrowserPlusUninstaller.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-06 08:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(872)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\windows\system32\DeviceNP.dll
.
Completion time: 2012-04-06 08:35:38
ComboFix-quarantined-files.txt 2012-04-06 15:35
.
Pre-Run: 121,512,407,040 bytes free
Post-Run: 122,126,438,400 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 80761B62803C9C99E9D3B16927813645

***************************************************************************************************


Thanks, by the way, for all your help and this awesome service!




EDITED TO ADD: Windows now thinks I have 52 updates that need to be installed - should I proceed?

ALSO EDITED TO ADD: I don't know if it's important, but the fan is now going crazy. The task manager is showing some new tasks that I don't recognize as being there previously, specifically MRT.EXE (the Microsoft Malicious Software Removal Tool, which was sucking up about 33% of my CPU before disappearing), ndp202p2-kb2572073-x86.exe (I don't know what this is, but it takes between 2-5% of my CPU), and hotfixinstaller.exe - these may be nothing, but I thought you might like them noted.

Oh wait, now I see: I waited too long to respond to the Windows update dialogue, so it updated automatically and is prompting me to reboot. After allowing it to reboot everything is much quieter and faster now. Also, I'm not getting the msadet or scpepc warnings in my McAfee access logs after rebooting anymore.


ONCE AGAIN EDITED TO ADD: It looks like the redirects persist. They're weird too; twice I've been redirected me to Goodyear Tires (it sent me from http://east.05tz2e9....nwDV0JjbQd6A2Jb to http://www.goodyear...._ps|tire|phrase) when I'm clicking on a link for "scpepc.dll" or "1 cm dilated" (speaking of which, my wife is 1 cm dilated, so if I disappear, please don't assume I abandoned this thread).

Edited by idrawstuff, 06 April 2012 - 05:48 PM.

  • 0

#6
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

Next..

Please run OTL again. Press the 'Quick Scan' button and post the log here


All the best :thumbsup:
  • 0

#7
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-08 13:43:45
-----------------------------
13:43:45.218 OS Version: Windows 5.1.2600 Service Pack 3
13:43:45.218 Number of processors: 2 586 0xF0D
13:43:45.218 ComputerName: MIKE-LT UserName: mike
13:43:46.109 Initialze error 0
13:43:54.078 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:43:54.093 Disk 0 Vendor: Hitachi_ BBFO Size: 238475MB BusType: 3
13:43:54.109 Disk 0 MBR read successfully
13:43:54.125 Disk 0 MBR scan
13:43:54.140 Disk 0 unknown MBR code
13:43:54.140 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228651 MB offset 63
13:43:54.187 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9820 MB offset 468278685
13:43:54.203 Disk 0 scanning sectors +488392065
13:43:54.265 Disk 0 scanning C:\WINDOWS\system32\drivers
13:43:54.281 Service scanning
13:43:55.265 Modules scanning
13:43:56.796 Disk 0 trace - called modules:
13:43:56.812 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
13:43:56.828 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ad06ab8]
13:43:56.828 3 CLASSPNP.SYS[f74e7fd7] -> nt!IofCallDriver -> \Device\0000009d[0x8ad58ac0]
13:43:56.843 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8ade2030]
13:43:56.859 Scan finished successfully
13:44:03.156 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\mike.DTB\Desktop\MBR.dat"
13:44:03.187 The log file has been saved successfully to "C:\Documents and Settings\mike.DTB\Desktop\aswMBR.txt"

OTL logfile created on: 4/8/2012 1:44:50 PM - Run 6
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 76.08% Memory free
4.84 Gb Paging File | 4.21 Gb Available in Paging File | 87.05% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 109.32 Gb Free Space | 48.96% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 99.28 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 99.28 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 99.28 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 931.15 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 08:39:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection\OTL.exe
PRC - [2012/03/17 17:56:55 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/30 14:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/22 10:21:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 20:55:18 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/06 13:26:55 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/04/06 13:25:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/06 13:23:10 | 000,097,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\b92f723068ccd7813d6d8763552ac0ca\Act.Shared.Utilities.ni.dll
MOD - [2012/04/06 12:32:51 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/06 12:32:46 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/04/06 12:32:33 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/04/06 12:31:24 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/06 12:31:14 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/06 12:30:24 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/04/06 12:30:21 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/03/17 17:56:54 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/10/17 13:50:03 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll
MOD - [2008/10/17 13:50:03 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Shared\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll
MOD - [2008/10/17 13:50:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll
MOD - [2008/10/17 13:50:03 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll
MOD - [2008/02/12 20:02:39 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2758.36908__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2758.37142__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,237,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2758.36865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2758.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2758.37134__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2758.37090__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2758.36900__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2758.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2758.37024__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2758.36886__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:38 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2758.37171__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:16 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2758.37098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2758.37084__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2758.37178__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2758.36915__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2758.37104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:16 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2758.36879__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2758.37097__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:16 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2758.37090__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2758.36915__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,897,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2758.37135__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2758.37034__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2758.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2758.36887__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2758.37119__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:15 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2758.37077__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2758.37019__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2758.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:15 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2758.36929__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2758.37056__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2758.37033__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2758.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2758.37055__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2758.37076__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2758.37026__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:14 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2758.37025__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/02/12 20:02:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2758.37032__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/02/12 20:02:14 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/02/12 20:02:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2729.30229__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2729.30217__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/02/12 20:02:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2758.37201__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/02/12 20:02:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2758.36855__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/02/12 20:02:05 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2758.36873__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/02/12 20:02:05 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2758.36895__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/02/12 20:02:05 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2758.37156__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2758.36857__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/02/12 20:02:05 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2758.36857__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/02/12 20:02:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2758.37155__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2758.36856__90ba9c70f846762e\APM.Server.dll
MOD - [2008/02/12 20:02:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2758.36855__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2758.37156__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/02/12 20:02:05 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/02/06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/17 13:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 13:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fishbowl\database\bin\fb_inet_server.exe -- (FirebirdServerDefaultInstance)
SRV - [2012/03/30 08:09:07 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/23 21:00:54 | 000,065,536 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2007/06/08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\mike.DTB\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\mike.DTB\LOCALS~1\Temp\aswMBR.sys -- (aswMBR)
DRV - [2012/03/24 13:49:13 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/21 14:02:46 | 002,363,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/28 07:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 07:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 07:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 07:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 07:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 07:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 07:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/30 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...-1&q=&sa=Search
IE - HKCU\..\SearchScopes,DefaultScope = {28EF7B43-C488-49D4-9BCF-EEEE0608B2C7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{28EF7B43-C488-49D4-9BCF-EEEE0608B2C7}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=mpes"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Documents and Settings\mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 17:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 09:43:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\mike\Application Data\Move Networks
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}\ [2012/03/29 11:46:49 | 000,000,000 | ---D | M]

[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions
[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/04/08 13:45:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions
[2012/03/09 10:18:48 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2012/04/08 13:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\staged
[2009/03/15 22:09:10 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\searchplugins\live-search.xml
[2012/01/13 09:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/29 11:46:49 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\APPLICATION DATA\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}
[2009/09/02 02:30:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/17 17:56:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/11 05:55:48 | 000,258,560 | ---- | M] (Dassault Systčmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/09/29 20:14:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/01/13 09:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/13 09:15:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/04/06 08:33:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://weatherguard...._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229627490044 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://evalue.inter...nloads/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DTB.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E84A911A-1C88-44AE-AA3A-510F6527B2DE}: DhcpNameServer = 192.168.0.16
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/08 13:43:16 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\mike.DTB\Desktop\aswMBR.exe
[2012/04/06 08:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/06 08:26:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/06 08:24:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/06 08:24:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/06 08:24:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/06 08:24:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/29 11:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}
[2012/03/24 13:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\DroidCam

========== Files - Modified Within 30 Days ==========

[2012/04/08 13:44:03 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\MBR.dat
[2012/04/08 13:43:42 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\mike.DTB\Desktop\aswMBR.exe
[2012/04/08 13:40:02 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/08 13:22:40 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/04/08 13:19:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/08 13:18:53 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/08 13:17:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/08 13:17:14 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/06 17:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/06 16:50:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
[2012/04/06 12:41:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/06 12:40:13 | 000,503,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/06 12:40:13 | 000,093,662 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/06 12:36:13 | 000,469,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 12:25:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/06 12:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/04/06 08:33:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/06 08:27:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/06 08:17:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/05 22:50:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
[2012/04/04 10:12:03 | 000,025,322 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\946ML.pdf
[2012/04/02 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/30 09:12:56 | 000,005,701 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\PO 932ML - Revision A.pdf
[2012/03/29 18:24:12 | 000,389,726 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DCBSRW_26301.dwg
[2012/03/29 11:48:14 | 000,028,099 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\New Purchase Order - With Part Numbers.pdf
[2012/03/29 10:04:45 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to DTB DATA MAIN .mdb.lnk
[2012/03/27 17:09:58 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2012/03/27 11:43:20 | 009,394,830 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\completeversion.pdf
[2012/03/24 14:57:11 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/24 13:49:13 | 000,021,376 | ---- | M] (Dev47Apps) -- C:\WINDOWS\System32\drivers\droidcam.sys
[2012/03/19 11:07:29 | 002,995,024 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03143.JPG
[2012/03/19 11:07:29 | 002,859,474 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03158.JPG
[2012/03/19 11:07:29 | 002,760,152 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03165.JPG
[2012/03/13 09:42:53 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/04/08 13:44:03 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\MBR.dat
[2012/04/06 08:52:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/06 08:52:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/06 08:42:51 | 3220,492,288 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/06 08:27:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/06 08:26:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/06 08:24:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/06 08:24:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/06 08:24:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/06 08:24:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/06 08:24:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 11:12:43 | 002,019,198 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\img 002.jpg
[2012/04/04 11:12:08 | 002,367,189 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\img 007.jpg
[2012/04/04 10:12:03 | 000,025,322 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\946ML.pdf
[2012/03/30 09:12:55 | 000,005,701 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\PO 932ML - Revision A.pdf
[2012/03/30 08:09:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/29 18:24:12 | 000,389,726 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DCBSRW_26301.dwg
[2012/03/29 11:48:14 | 000,028,099 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\New Purchase Order - With Part Numbers.pdf
[2012/03/29 10:04:45 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to DTB DATA MAIN .mdb.lnk
[2012/03/27 17:09:58 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2012/03/27 11:43:04 | 009,394,830 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\completeversion.pdf
[2012/03/24 14:57:11 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/19 11:07:29 | 002,995,024 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03143.JPG
[2012/03/19 11:07:29 | 002,859,474 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03158.JPG
[2012/03/19 11:07:29 | 002,760,152 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03165.JPG
[2012/03/13 11:29:21 | 003,405,772 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CIMG0993.JPG
[2012/03/13 11:29:21 | 003,330,924 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CIMG0988.JPG
[2012/02/06 09:43:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/11/01 16:59:35 | 000,622,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/14 17:46:16 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011/03/03 17:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/16 01:13:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

========== LOP Check ==========

[2008/10/17 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2010/06/24 08:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/09/20 08:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/11/12 09:11:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/06 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/30 10:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/25 15:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/09/29 20:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/25 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2009/01/20 20:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/18 20:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\winLAME
[2010/04/03 15:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 17:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/17 13:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\ACT
[2011/04/05 14:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Add-in Express
[2011/09/20 08:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Autodesk
[2011/08/10 17:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\CompanionLink
[2012/02/06 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\DassaultSystemes
[2012/02/06 09:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EDrawings
[2010/03/03 19:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EuroTalk
[2012/03/27 17:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\gtk-2.0
[2009/06/14 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\InterVideo
[2008/10/17 13:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\IsolatedStorage
[2009/04/08 22:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Mp3tag
[2009/01/25 17:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Nikon
[2008/02/12 20:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\SampleView
[2008/12/24 20:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Snapfish
[2011/12/27 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Spotify
[2009/01/20 20:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\TomTom

========== Purity Check ==========



< End of report >
  • 0

#8
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
How does it seem?
  • 0

#9
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
The same; no other symptoms but Google redirects in Firefox :(
  • 0

#10
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Where are the redirects taking you?

  • Double click on the OTL icon to run it. Make sure all other windows are closed
  • Under the Custom Scan box paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    %Temp%\smtmp\1\*.*
    %Temp%\smtmp\2\*.*
    %Temp%\smtmp\3\*.*
    %Temp%\smtmp\4\*.*
    >C:\commands.txt echo list vol /raw /hide /c
    /wait
    >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
    /wait
    type c:\diskreport.txt /c
    /wait
    erase c:\commands.txt /hide /c
    /wait
    erase c:\diskreport.txt /hide /c
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, please post the log
  • 0

Advertisements


#11
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Last week it was taking me to random websites, like the Goodyear Tire website when I was searching for pregnancy info (an actual link to one of the redirects is above. Yesterday it kept wanting to take me to somewhere called "Happili.com" although that's the first time I've got that specific redirect.

OTL logfile created on: 4/9/2012 8:28:21 AM - Run 7
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.02 Gb Available Physical Memory | 67.38% Memory free
4.84 Gb Paging File | 3.95 Gb Available in Paging File | 81.70% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.29 Gb Total Space | 109.33 Gb Free Space | 48.96% Space Free | Partition Type: NTFS
Drive E: | 9.59 Gb Total Space | 9.33 Gb Free Space | 97.33% Space Free | Partition Type: NTFS
Drive P: | 224.57 Gb Total Space | 99.28 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
Drive R: | 224.57 Gb Total Space | 99.28 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
Drive S: | 224.57 Gb Total Space | 99.28 Gb Free Space | 44.21% Space Free | Partition Type: NTFS
Drive Z: | 931.51 Gb Total Space | 931.15 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: MIKE-LT | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/02 08:39:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection\OTL.exe
PRC - [2011/08/30 14:24:59 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/08/22 10:21:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2008/05/02 03:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 03:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/23 20:55:18 | 000,009,728 | ---- | M] (Sage Software, Inc.) -- C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe
PRC - [2007/10/18 21:10:42 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe
PRC - [2007/02/06 15:14:00 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2006/11/30 08:50:00 | 000,112,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2006/11/17 13:40:56 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2006/11/17 13:39:58 | 000,136,768 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2006/11/17 03:06:00 | 000,086,016 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\Mctray.exe
PRC - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/06 13:26:55 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/04/06 13:25:13 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/04/06 13:23:10 | 000,097,792 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Act.Shared.Utilities\b92f723068ccd7813d6d8763552ac0ca\Act.Shared.Utilities.ni.dll
MOD - [2012/04/06 12:32:51 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/04/06 12:32:46 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/04/06 12:32:33 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/04/06 12:31:24 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/04/06 12:31:14 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2012/04/06 12:30:24 | 000,372,736 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
MOD - [2012/04/06 12:30:21 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2012/04/06 12:30:11 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2011/08/30 13:55:00 | 002,469,888 | ---- | M] () -- C:\Program Files\Adobe\Acrobat 8.0\PDFMaker\Common\AdobePDFMakerX.dll
MOD - [2010/03/15 16:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009/01/22 18:36:04 | 004,448,256 | ---- | M] () -- C:\WINDOWS\system32\spool\drivers\w32x86\3\ssb1mdu.dll
MOD - [2008/10/17 13:50:12 | 000,389,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Microsoft.Office.Interop.Outlook\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.Outlook.dll
MOD - [2008/10/17 13:50:10 | 000,004,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
MOD - [2008/10/17 13:50:03 | 000,139,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\Act.Outlook.Message.Reader\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Message.Reader.dll
MOD - [2008/10/17 13:50:03 | 000,110,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Desktop\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Desktop.dll
MOD - [2008/10/17 13:50:03 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Shared\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Shared.dll
MOD - [2008/10/17 13:50:03 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.AppCommon\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.AppCommon.dll
MOD - [2008/10/17 13:50:03 | 000,010,240 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Act.Outlook.Service.Interfaces\10.1.199.0__ebf6b2ff4d0a08aa\Act.Outlook.Service.Interfaces.dll
MOD - [2008/02/12 20:02:39 | 001,675,264 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.2758.36908__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,360,448 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.2758.37142__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,237,568 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2758.36865__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,184,320 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.2758.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,077,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.2758.37134__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.2758.37090__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.2758.36900__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Runtime\2.0.2758.36922__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.2758.37024__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:39 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.2758.36886__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:38 | 000,483,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.2758.37171__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:16 | 000,331,776 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.2758.37098__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,167,936 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Dashboard\2.0.2758.37084__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,135,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.2758.37178__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Dashboard\2.0.2758.36915__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,090,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.2758.37104__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:16 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2758.36879__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:16 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.2758.37097__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:16 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Runtime\2.0.2758.37090__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:16 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Runtime\2.0.2758.36915__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,897,024 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.2758.37135__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,790,528 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.2758.37034__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,589,824 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.2758.36936__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,438,272 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2758.36887__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.2758.37119__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:15 | 000,401,408 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Dashboard\2.0.2758.37077__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,327,680 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.2758.37019__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.2758.36943__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll
MOD - [2008/02/12 20:02:15 | 000,208,896 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2758.36929__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,118,784 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.2758.37056__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:15 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.2758.37033__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.2758.36942__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.2758.37055__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:15 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.2758.37076__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,475,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.2758.37026__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MOD - [2008/02/12 20:02:14 | 000,057,344 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.2758.37025__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation\2.0.2729.30178__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2008/02/12 20:02:14 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.2758.37032__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MOD - [2008/02/12 20:02:14 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation\2.0.2729.30174__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2729.30313__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2008/02/12 20:02:14 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2729.30184__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2729.30259__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2729.30211__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2729.30202__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2729.30197__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Foundation\2.0.2729.30207__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.OS\2.0.2729.30242__90ba9c70f846762e\DEM.OS.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Graphics\2.0.2729.30256__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.2729.30224__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2729.30212__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2729.30222__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2008/02/12 20:02:14 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll
MOD - [2008/02/12 20:02:13 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,053,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2729.30226__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2729.30199__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,049,152 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2729.30231__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2729.30227__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2729.30264__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2729.30225__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2729.30230__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.2729.30213__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.PowerPlay3.Graphics.Shared\2.0.2729.30229__90ba9c70f846762e\CLI.Aspect.PowerPlay3.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2729.30219__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,028,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2729.30259__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2729.30228__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.2729.30212__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Foundation\2.0.2729.30176__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2008/02/12 20:02:13 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2729.30185__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.VPURecover.Graphics.Shared\2.0.2729.30217__90ba9c70f846762e\CLI.Aspect.VPURecover.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Foundation\2.0.2729.30208__90ba9c70f846762e\APM.Foundation.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2729.30203__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.2729.30216__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2729.30241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2008/02/12 20:02:13 | 000,016,384 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2729.30201__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2008/02/12 20:02:06 | 000,036,864 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2758.37201__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2008/02/12 20:02:06 | 000,006,656 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2758.36855__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2008/02/12 20:02:05 | 001,507,328 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2758.36873__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2008/02/12 20:02:05 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2758.36895__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2008/02/12 20:02:05 | 000,102,400 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\MOM.Implementation\2.0.2758.37156__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,069,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2758.36857__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2008/02/12 20:02:05 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATIDEMOS\2.0.2758.36857__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2008/02/12 20:02:05 | 000,061,440 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2758.37155__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\APM.Server\2.0.2758.36856__90ba9c70f846762e\APM.Server.dll
MOD - [2008/02/12 20:02:05 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\AEM.Server\2.0.2758.36855__90ba9c70f846762e\AEM.Server.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2729.30193__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2729.30209__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,040,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2729.30205__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2729.30188__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CCC.Implementation\2.0.2758.37156__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2008/02/12 20:02:05 | 000,032,768 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2008/02/12 20:02:05 | 000,024,576 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2729.30258__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2729.30211__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2729.30214__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2008/02/12 20:02:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.2729.30243__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MOD - [2007/02/06 15:20:00 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007/02/06 15:16:06 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2006/11/30 08:50:00 | 000,149,080 | ---- | M] () -- C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.DLL
MOD - [2006/11/17 13:41:22 | 000,120,384 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naXML71.dll
MOD - [2006/11/17 13:39:10 | 000,071,232 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\naisign.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fishbowl\database\bin\fb_inet_server.exe -- (FirebirdServerDefaultInstance)
SRV - [2012/03/30 08:09:07 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/04/22 05:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/10/24 07:16:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/05/02 03:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007/11/06 13:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007/10/23 21:00:54 | 000,065,536 | ---- | M] (Sage Software, Inc.) [Auto | Stopped] -- C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe -- (ACT! Scheduler)
SRV - [2007/06/08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007/04/12 11:56:14 | 000,178,752 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PSIService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/04 19:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/11/30 08:50:00 | 000,144,960 | ---- | M] (McAfee, Inc.) [Auto | Paused] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2006/11/30 08:50:00 | 000,054,872 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2006/11/17 13:37:44 | 000,104,000 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/05 06:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\mike.DTB\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/03/24 13:49:13 | 000,021,376 | ---- | M] (Dev47Apps) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\droidcam.sys -- (DroidCam)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/03/20 19:03:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.sys -- (SMSIVZAM5)
DRV - [2008/07/07 12:23:56 | 000,020,480 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NwUsbCdFil.sys -- (NWUSBCDFIL)
DRV - [2008/06/02 16:28:50 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2008/05/09 11:08:40 | 000,174,336 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2008/05/08 07:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/14 00:09:46 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/02/29 04:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 04:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 04:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/11/06 13:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2007/07/21 14:02:46 | 002,363,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/06/28 07:11:36 | 002,208,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/06/08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007/02/14 07:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/02/14 07:21:00 | 000,030,285 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2007/02/14 07:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/02/14 07:20:58 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/02/14 07:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007/02/14 07:20:56 | 000,530,861 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/30 08:50:00 | 000,168,776 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2006/11/30 08:50:00 | 000,072,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2006/11/30 08:50:00 | 000,064,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2006/11/30 08:50:00 | 000,052,136 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2006/11/30 08:50:00 | 000,034,152 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/11/30 08:50:00 | 000,031,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - [2006/11/28 09:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/06/28 10:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...-1&q=&sa=Search
IE - HKCU\..\SearchScopes,DefaultScope = {28EF7B43-C488-49D4-9BCF-EEEE0608B2C7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{28EF7B43-C488-49D4-9BCF-EEEE0608B2C7}: "URL" = http://www.google.co...&rlz=1I7GPEA_en
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{E9DB9E7B-A275-41D1-8158-D0423FBEBDEB}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Live Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.c...?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.co...en&source=mpes"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.co...com/search?&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Documents and Settings\mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/17 17:56:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/06 09:43:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\mike\Application Data\Move Networks
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}\ [2012/03/29 11:46:49 | 000,000,000 | ---D | M]

[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions
[2009/01/20 20:05:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Extensions\home2@tomtom.com
[2012/04/08 14:08:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions
[2012/04/08 14:08:24 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/15 22:09:10 | 000,001,632 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Mozilla\Firefox\Profiles\6g126bdx.default\searchplugins\live-search.xml
[2012/01/13 09:15:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/29 11:46:49 | 000,000,000 | ---D | M] (Translate This!) -- C:\DOCUMENTS AND SETTINGS\MIKE.DTB\LOCAL SETTINGS\APPLICATION DATA\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}
[2009/09/02 02:30:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012/03/17 17:56:55 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/01/11 05:55:48 | 000,258,560 | ---- | M] (Dassault Systčmes SolidWorks Corp.) -- C:\Program Files\mozilla firefox\plugins\npEModelPlugin.dll
[2009/09/29 20:14:32 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2008/09/15 12:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsnapfish.dll
[2012/01/13 09:15:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/01/13 09:15:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\18.0.1025.151\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\mike.DTB\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: EModel scriptable Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
CHR - plugin: Pando Web Installer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Entanglement = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: TinEye Reverse Image Search = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\haebnnbpedcbhciplfhjjkbafijpncjl\1.1.1_0\
CHR - Extension: Poppit = C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012/04/06 08:33:46 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Act! Preloader] C:\Program Files\ACT\Act for Windows\ActSage.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Act.Outlook.Service] C:\Program Files\ACT\Act for Windows\Act.Outlook.Service.exe (Sage Software, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.h...SWebManager.CAB (Hewlett-Packard Printer Diagnostics)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgre...eensActivia.cab (Snapfish Activia)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {526A6151-EC5A-4989-9E67-17AC82882E33} http://weatherguard...._downloader.cab (WEATHER GUARD Vehicle Solutions Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1229627490044 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://longsdrugs.di...ploadClient.cab (FujifilmUploader Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://www.cvsphoto....veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} https://evalue.inter...nloads/Acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.16
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DTB.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A3B98923-D2DB-4F50-AF59-DBCDDFF2EEFE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E84A911A-1C88-44AE-AA3A-510F6527B2DE}: DhcpNameServer = 192.168.0.16
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mike.DTB\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/04/06 08:35:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/04/06 08:26:55 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/04/06 08:24:38 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/04/06 08:24:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/04/06 08:24:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/04/06 08:24:38 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/03/29 11:46:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mike.DTB\Local Settings\Application Data\{9A4EB924-79CF-11E1-826D-B8AC6F996F26}
[2012/03/24 13:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\DroidCam

========== Files - Modified Within 30 Days ==========

[2012/04/09 08:11:02 | 000,000,952 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2012/04/09 08:07:48 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/09 08:07:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/09 08:05:52 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/09 08:05:48 | 3220,492,288 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/08 20:50:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135UA.job
[2012/04/08 20:40:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/08 20:01:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/04/06 12:41:06 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2012/04/06 12:40:13 | 000,503,140 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/04/06 12:40:13 | 000,093,662 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/04/06 12:36:13 | 000,469,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/04/06 12:25:26 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/04/06 12:02:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2012/04/06 08:33:46 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/06 08:27:03 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/04/06 08:17:27 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/04/05 22:50:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3893164400-1400575853-3742060346-1135Core.job
[2012/04/04 10:12:03 | 000,025,322 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\946ML.pdf
[2012/04/02 19:00:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/30 09:12:56 | 000,005,701 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\PO 932ML - Revision A.pdf
[2012/03/29 18:24:12 | 000,389,726 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DCBSRW_26301.dwg
[2012/03/29 11:48:14 | 000,028,099 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\New Purchase Order - With Part Numbers.pdf
[2012/03/29 10:04:45 | 000,000,520 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to DTB DATA MAIN .mdb.lnk
[2012/03/27 17:09:58 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2012/03/27 11:43:20 | 009,394,830 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\completeversion.pdf
[2012/03/24 14:57:11 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/24 13:49:13 | 000,021,376 | ---- | M] (Dev47Apps) -- C:\WINDOWS\System32\drivers\droidcam.sys
[2012/03/19 11:07:29 | 002,995,024 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03143.JPG
[2012/03/19 11:07:29 | 002,859,474 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03158.JPG
[2012/03/19 11:07:29 | 002,760,152 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03165.JPG
[2012/03/13 09:42:53 | 000,001,855 | ---- | M] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

========== Files Created - No Company Name ==========

[2012/04/06 08:52:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/04/06 08:52:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012/04/06 08:42:51 | 3220,492,288 | -HS- | C] () -- C:\hiberfil.sys
[2012/04/06 08:27:03 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/04/06 08:26:57 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/04/06 08:24:38 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/04/06 08:24:38 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/04/06 08:24:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/04/06 08:24:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/04/06 08:24:38 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/04/04 11:12:43 | 002,019,198 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\img 002.jpg
[2012/04/04 11:12:08 | 002,367,189 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\img 007.jpg
[2012/04/04 10:12:03 | 000,025,322 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\946ML.pdf
[2012/03/30 09:12:55 | 000,005,701 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\PO 932ML - Revision A.pdf
[2012/03/30 08:09:09 | 000,000,830 | ---- | C] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/03/29 18:24:12 | 000,389,726 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DCBSRW_26301.dwg
[2012/03/29 11:48:14 | 000,028,099 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\New Purchase Order - With Part Numbers.pdf
[2012/03/29 10:04:45 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\Shortcut to DTB DATA MAIN .mdb.lnk
[2012/03/27 17:09:58 | 000,001,499 | ---- | C] () -- C:\Documents and Settings\mike.DTB\.recently-used.xbel
[2012/03/27 11:43:04 | 009,394,830 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\completeversion.pdf
[2012/03/24 14:57:11 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/03/19 11:07:29 | 002,995,024 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03143.JPG
[2012/03/19 11:07:29 | 002,859,474 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03158.JPG
[2012/03/19 11:07:29 | 002,760,152 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\DSC03165.JPG
[2012/03/13 11:29:21 | 003,405,772 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CIMG0993.JPG
[2012/03/13 11:29:21 | 003,330,924 | ---- | C] () -- C:\Documents and Settings\mike.DTB\Desktop\CIMG0988.JPG
[2012/02/06 09:43:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2011/11/01 16:59:35 | 000,622,936 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/03/14 17:46:16 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\droidcam-settings
[2011/03/03 17:30:40 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/16 01:13:37 | 000,000,075 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

========== LOP Check ==========

[2008/10/17 13:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ACT
[2010/06/24 08:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2011/09/20 08:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/11/12 09:11:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2012/02/06 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/04/30 10:01:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2009/01/25 15:07:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/09/29 20:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/01/25 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\System Image Utility
[2009/01/20 20:06:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/01/25 15:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/10/18 20:22:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\winLAME
[2010/04/03 15:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/20 17:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/10/17 13:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\ACT
[2011/04/05 14:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Add-in Express
[2011/09/20 08:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Autodesk
[2011/08/10 17:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\CompanionLink
[2012/02/06 09:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\DassaultSystemes
[2012/02/06 09:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EDrawings
[2010/03/03 19:35:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\EuroTalk
[2012/03/27 17:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\gtk-2.0
[2009/06/14 09:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\InterVideo
[2008/10/17 13:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\IsolatedStorage
[2009/04/08 22:19:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Mp3tag
[2009/01/25 17:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Nikon
[2008/02/12 20:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\SampleView
[2008/12/24 20:24:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Snapfish
[2011/12/27 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\Spotify
[2009/01/20 20:04:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike.DTB\Application Data\TomTom

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2012/01/04 12:56:18 | 000,302,592 | ---- | M] () -- C:\md022u3r.exe

< MD5 for: EXPLORER.EXE >
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 04:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 01:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 05:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2004/08/04 01:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2012/03/30 13:07:11 | 001,008,141 | ---- | M] () MD5=28C253A0212B221E96F6A17499B91651 -- C:\Documents and Settings\mike.DTB\Desktop\Mike's Junk\SpywareVirus Tools\2012-04 Infection\uSeRiNiT.exe
[2004/08/04 01:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 05:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 01:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 05:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 5.1.3565
Copyright © 1999-2003 Microsoft Corporation.
On computer: MIKE-LT
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B
Volume 1 C NTFS Partition 223 GB Healthy System
Volume 2 E HP_RECOVERY NTFS Partition 10 GB Healthy

< End of report >
  • 0

#12
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
Any idea what C:\md022u3r.exe is?

» Step 1«

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

» Step 2«

ESET Scanner
Please run a free online scan with the ESET Online Scanner
Note: Use Internet Explorer for this scan. (If you need to use Firefox or Opera, click on the download icon to download the ESET Installer and save to your desktop. When the download is complete double-click on the icon on the desktop.)
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

» Step 3«
Download mini toolbox

Checkmark following boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size

Click Go and post the results.
  • 0

#13
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Used Firefox for about 30 minutes since, and have yet to see any redirects. Results are below, and I'll follow up tomorrow too to let you know if the redirects returned:

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.09.07

Windows XP Service Pack 3 x86 NTFS (Safe Mode/Networking)
Internet Explorer 8.0.6001.18702
mike :: MIKE-LT [administrator]

4/9/2012 12:46:26 PM
mbam-log-2012-04-09 (12-46-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281633
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)





ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f255564d4fca714eaaec71b43567f460
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-09 09:28:58
# local_time=2012-04-09 02:28:58 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=6143 16777215 0 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 27645838 27645838 0 0
# scanned=166869
# found=2
# cleaned=2
# scan_time=4709
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP175\A0024452.exe Win32/Toolbar.Zugo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP175\A0024453.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C




MiniToolBox by Farbar Version: 18-01-2012
Ran by mike (administrator) on 09-04-2012 at 15:24:17
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Nerwork
***************************************************************************

========================= Flush DNS: ===================================
Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® 82562GT 10/100 Network Connection = Local Area Connection 2 (Connected)
Intel® Wireless WiFi Link 4965AGN = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp

# Interface IP Configuration for "Local Area Connection 2"

set address name="Local Area Connection 2" source=dhcp
set dns name="Local Area Connection 2" source=dhcp register=PRIMARY
set wins name="Local Area Connection 2" source=dhcp


popd
# End of interface IP configuration


Windows IP Configuration Host Name . . . . . . . . . . . . : Mike-LT Primary Dns Suffix . . . . . . . : DTB.local Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : DTB.local DTB.localEthernet adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Description . . . . . . . . . . . : Intel® Wireless WiFi Link 4965AGN Physical Address. . . . . . . . . : 00-21-5C-05-35-8DEthernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : DTB.local Description . . . . . . . . . . . : Intel® 82562GT 10/100 Network Connection Physical Address. . . . . . . . . : 00-1F-29-9A-83-08 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.0.136 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.0.11 DHCP Server . . . . . . . . . . . : 192.168.0.16 DNS Servers . . . . . . . . . . . : 192.168.0.16 Primary WINS Server . . . . . . . : 192.168.0.16 Lease Obtained. . . . . . . . . . : Monday, April 09, 2012 12:42:35 PM Lease Expires . . . . . . . . . . : Tuesday, April 17, 2012 12:42:35 PMServer: dtbfs.dtb.local
Address: 192.168.0.16

Name: google.com
Addresses: 74.125.224.67, 74.125.224.68, 74.125.224.69, 74.125.224.70
74.125.224.71, 74.125.224.72, 74.125.224.73, 74.125.224.78, 74.125.224.64
74.125.224.65, 74.125.224.66

Pinging google.com [74.125.224.67] with 32 bytes of data:Reply from 74.125.224.67: bytes=32 time=24ms TTL=53Reply from 74.125.224.67: bytes=32 time=25ms TTL=53Ping statistics for 74.125.224.67: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 24ms, Maximum = 25ms, Average = 24msServer: dtbfs.dtb.local
Address: 192.168.0.16

Name: yahoo.com
Addresses: 98.139.183.24, 209.191.122.70, 72.30.38.140

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:Reply from 98.139.183.24: bytes=32 time=212ms TTL=47Reply from 98.139.183.24: bytes=32 time=141ms TTL=46Ping statistics for 98.139.183.24: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 141ms, Maximum = 212ms, Average = 176msServer: dtbfs.dtb.local
Address: 192.168.0.16

Name: bleepingcomputer.com
Address: 208.43.87.2

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Reply from 208.43.87.2: Destination host unreachable.Reply from 208.43.87.2: Destination host unreachable.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0msPinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 21 5c 05 35 8d ...... Intel® Wireless WiFi Link 4965AGN - Packet Scheduler Miniport
0x3 ...00 1f 29 9a 83 08 ...... Intel® 82562GT 10/100 Network Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.11 192.168.0.136 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.136 192.168.0.136 20
192.168.0.136 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.136 192.168.0.136 20
224.0.0.0 240.0.0.0 192.168.0.136 192.168.0.136 20
255.255.255.255 255.255.255.255 192.168.0.136 192.168.0.136 1
255.255.255.255 255.255.255.255 192.168.0.136 2 1
Default Gateway: 192.168.0.11
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 R:\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 02 R:\Windows\System32\winrnr.dll [File Not found] ()
Catalog5 03 R:\Windows\System32\mswsock.dll [File Not found] ()
Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 02 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 03 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 04 R:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 05 R:\Windows\system32\rsvpsp.dll [File Not found] ()
Catalog9 06 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 07 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 08 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 09 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 10 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 11 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 12 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 13 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 14 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 15 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 16 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 17 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 18 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 19 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 20 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 21 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 22 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 23 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 24 R:\Windows\system32\mswsock.dll [File Not found] ()
Catalog9 25 R:\Windows\system32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/09/2012 08:06:26 AM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/08/2012 05:05:39 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/08/2012 05:05:20 PM) (Source: AutoEnrollment) (User: )
Description: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b). The specified domain either does not exist or could not be contacted.
Enrollment will not be performed.

Error: (04/08/2012 05:05:19 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

Error: (04/08/2012 05:05:17 PM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/08/2012 01:17:54 PM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/06/2012 05:10:05 PM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Error: (04/06/2012 00:39:33 PM) (Source: McLogEvent) (User: )
Description: The McShield service terminated unexpectedly.

Please review event 5019 or 5051 for details.
The McShield service will be restarted in 5 seconds;

Error: (04/06/2012 00:39:29 PM) (Source: McLogEvent) (User: SYSTEM)SYSTEM
Description: A thread in process C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe took longer than 90000 ms to complete a request.

The process will be terminated.
Thread id : 3312 (0xcf0)

Thread address : 0x7C90E514

Thread message :

Build VSCORE.13.3.1.100 / 5400.1158
Object being scanned = \Device\HarddiskVolume1\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\BINN\SQLSERVR.EXE
by **\WGATRAY.EXE
4(0)(0)
4(0)(0)
7200(0)(0)
7595(0)(0)
7005(0)(0)
7004(0)(0)
5006(0)(0)
5004(0)(0)

Error: (04/06/2012 00:36:57 PM) (Source: ACT! Scheduler) (User: )
Description: Service cannot be started. System.Exception: Unable to start scheduler service. Missing server configuration information.
at Act.Scheduler.SchedulerService.OnStart(String[] args)
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


System errors:
=============
Error: (04/09/2012 03:21:45 PM) (Source: DCOM) (User: mike)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/09/2012 03:20:53 PM) (Source: DCOM) (User: mike)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/09/2012 00:44:13 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
Fips
intelppm
SASDIFSV
SASKUTIL

Error: (04/09/2012 00:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error:
%%1068

Error: (04/09/2012 00:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error:
%%1068

Error: (04/09/2012 00:43:42 PM) (Source: DCOM) (User: SYSTEM)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/09/2012 11:52:11 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 239 minutes.
NtpClient has no source of accurate time.

Error: (04/09/2012 09:52:09 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 119 minutes.
NtpClient has no source of accurate time.

Error: (04/09/2012 08:52:07 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Error: (04/09/2012 08:22:06 AM) (Source: W32Time) (User: )
Description: The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 3.1.1)
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
ACT! by Sage Premium 2008 (10.0) (Version: 10.1.0.0)
Adobe Acrobat 8 Standard (Version: 8.3.1)
Adobe Acrobat 8.3.1 - CPSID_83708
Adobe Acrobat 8.3.1 Standard (Version: 8.3.1)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) (Version: 8.1.2)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 10 ActiveX (Version: 10.0.45.2)
Adobe Flash Player 11 Plugin (Version: 11.2.202.228)
Adobe Reader 9.5.0 (Version: 9.5.0)
Adobe Shockwave Player 11.5 (Version: 11.5.2.602)
Agere Systems HDA Modem
AI Viewer
Apple Application Support (Version: 1.4.1)
Apple Mobile Device Support (Version: 3.0.1.3)
Apple Software Update (Version: 2.1.1.116)
Application Installer 4.00.B14 (Version: 4.00.B14)
ATI Catalyst Control Center (Version: 2.007.0721.2140)
ATI Display Driver (Version: 8.40-070721a-054245C)
Audacity 1.2.6
AutoCAD LT 2000
AviSynth 2.5
BIOS Configuration for HP ProtectTools (Version: 3.00 F1)
Bonjour (Version: 2.0.1.2)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2007.0721.2141.36895)
Catalyst Control Center Graphics Full Existing (Version: 2007.0721.2141.36895)
Catalyst Control Center Graphics Full New (Version: 2007.0721.2141.36895)
Catalyst Control Center Graphics Light (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Chinese Standard (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Chinese Traditional (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Czech (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Danish (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Dutch (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Finnish (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization French (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization German (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Greek (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Hungarian (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Italian (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Japanese (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Korean (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Norwegian (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Polish (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Portuguese (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Russian (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Spanish (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Swedish (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Thai (Version: 2007.0721.2141.36895)
Catalyst Control Center Localization Turkish (Version: 2007.0721.2141.36895)
ccc-core-preinstall (Version: 2007.0721.2141.36895)
ccc-core-static (Version: 2007.0721.2141.36895)
ccc-utility (Version: 2007.0721.2141.36895)
CCC Help Chinese Standard (Version: 2007.0721.2140.36895)
CCC Help Chinese Traditional (Version: 2007.0721.2140.36895)
CCC Help Czech (Version: 2007.0721.2140.36895)
CCC Help Danish (Version: 2007.0721.2140.36895)
CCC Help Dutch (Version: 2007.0721.2140.36895)
CCC Help English (Version: 2007.0721.2140.36895)
CCC Help Finnish (Version: 2007.0721.2140.36895)
CCC Help French (Version: 2007.0721.2140.36895)
CCC Help German (Version: 2007.0721.2140.36895)
CCC Help Greek (Version: 2007.0721.2140.36895)
CCC Help Hungarian (Version: 2007.0721.2140.36895)
CCC Help Italian (Version: 2007.0721.2140.36895)
CCC Help Japanese (Version: 2007.0721.2140.36895)
CCC Help Korean (Version: 2007.0721.2140.36895)
CCC Help Norwegian (Version: 2007.0721.2140.36895)
CCC Help Polish (Version: 2007.0721.2140.36895)
CCC Help Portuguese (Version: 2007.0721.2140.36895)
CCC Help Russian (Version: 2007.0721.2140.36895)
CCC Help Spanish (Version: 2007.0721.2140.36895)
CCC Help Swedish (Version: 2007.0721.2140.36895)
CCC Help Thai (Version: 2007.0721.2140.36895)
CCC Help Turkish (Version: 2007.0721.2140.36895)
CDDRV_Installer (Version: 4.60)
CDisplayEx 1.4
CompanionLink (Version: 4.00.4020)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Critical Update for Windows Media Player 11 (KB959772)
DesignWorkshop Lite
Device Access Manager for HP ProtectTools (Version: 2.0.0.0)
DWG TrueView 2008 (Version: 17.1.65.0)
erLT (Version: 0.72.105)
ERUNT 1.1j
ESET Online Scanner v3
EuroTalk Talk Now! (Version: 2.2.5.1)
ffdshow [rev 2583] [2009-01-05] (Version: 1.0)
Fishbowl Inventory 2012.2 (Version: 2012.2)
Free RAR Extract Frog 1.00 (Version: 1.00)
GIMP 2.6.7
Google Chrome (Version: 18.0.1025.151)
Google Earth (Version: 6.1.0.5001)
Google SketchUp 7 (Version: 2.1.6860)
Google Talk Plugin (Version: 2.8.7.6830)
Google Update Helper (Version: 1.3.21.111)
Google Updater (Version: 2.4.2432.1652)
Haali Media Splitter
HP Backup and Recovery Manager Installer (Version: 2.4)
HP Doc Viewer (Version: 1.01.0005)
HP Help and Support (Version: 4.4.0002)
HP Integrated Module with Bluetooth wireless technology (Version: 5.1.0.3000)
HP Notebook Accessories Product Tour (Version: 13.0.0)
HP ProtectTools Security Manager (Version: 3.00 A10)
HP Quick Launch Buttons 6.40 B2 (Version: 6.40 B2)
HP User Guides 0085 (Version: 1.01.0000)
HP Wireless Assistant (Version: 3.00 G1)
Intel® PRO Network Connections Drivers
InterVideo DVD Check
InterVideo Register Manager (Version: 1.0.4.0)
InterVideo WinDVD
InterVideo WinDVD (Version: 5.0-B11.1166)
iReport 4.1.2 (Version: 4.1.2)
iTunes (Version: 9.1.1.12)
Java Auto Updater (Version: 2.0.6.1)
Java DB 10.5.3.0 (Version: 10.5.3.0)
Java™ 6 Update 30 (Version: 6.0.300)
Java™ 6 Update 7 (Version: 1.6.0.70)
Java™ SE Development Kit 6 Update 18 (Version: 1.6.0.180)
Java™ SE Runtime Environment 6 Update 1 (Version: 1.6.0.10)
KhalInstallWrapper (Version: 4.60.122)
LAME v3.98.2 for Audacity
LightScribe 1.6.43.1 (Version: 1.6.43.1)
Logitech SetPoint (Version: 4.60)
Malwarebytes Anti-Malware version 1.61.0.1400 (Version: 1.61.0.1400)
McAfee VirusScan Enterprise (Version: 8.6.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.187)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (ACT7) (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft WinUsb 1.0
Mobile Broadband Generic Drivers (Version: 2.02.11.001.14)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
Mp3tag v2.42 (Version: v2.42)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6.0 Parser (Version: 6.10.1129.0)
MyTomTom 3.1.0.530 (Version: 3.1.0.530)
Netflix Movie Viewer (Version: 1.2.211)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.0.2)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Pando Media Booster (Version: 2.3.2.2)
Panorama Maker
QBFC 6.0 (Version: 6.0.3.00200)
QuickTime (Version: 7.69.80.9)
RealPlayer
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator Basic v9 (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio MyDVD Basic v9 (Version: 9.2.053)
Roxio Update Manager (Version: 6.0.0)
Segoe UI (Version: 14.0.4327.805)
Skins (Version: 2007.0721.2141.36895)
SolidWorks eDrawings 2012 (Version: 12.2.110)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
Sothink Movie DVD Maker (Version: 3.6)
SoundMAX (Version: 5.10.01.5210)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
Spotify (Version: 0.8.0.1035.g278cc85b)
Spybot - Search & Destroy (Version: 1.6.2)
SUPERAntiSpyware (Version: 4.52.1000)
Synaptics Pointing Device Driver (Version: 9.1.11.3)
TomTom HOME 2.8.2.2264 (Version: 2.8.2.2264)
TomTom HOME Visual Studio Merge Modules (Version: 1.0.2)
Trim Spaces for Excel 1.3
Undelete Plus 2.98
UndeletePlus™ 3.0.0.521
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
USB Webcam
Visual PRO/5
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
VZAccess Manager (Version: 7.0.102)
WebFldrs XP (Version: 9.50.7523)
Windows Defender (Version: 1.1.1593.21)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray (Version: 1.0)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
winLAME 2009 beta 1 (Version: 1.0.2009.1)
WinPcap 4.0.2 (Version: 4.0.0.1040)
Xvid 1.2.2 final uninstall (Version: 1.2)
Yahoo! Detect
Yahoo! Messenger
Zero Assumption Recovery Version 8.5

========================= Memory info: ===================================

Percentage of memory in use: 13%
Total physical RAM: 3071.23 MB
Available physical RAM: 2647.63 MB
Total Pagefile: 4960.53 MB
Available Pagefile: 4793.52 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.47 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:223.29 GB) (Free:112.16 GB) NTFS
3 Drive e: (HP_RECOVERY) (Fixed) (Total:9.59 GB) (Free:9.33 GB) NTFS
4 Drive p: (Data) (Network) (Total:224.57 GB) (Free:99.29 GB) NTFS
5 Drive r: (Data) (Network) (Total:224.57 GB) (Free:99.29 GB) NTFS
6 Drive s: (Data) (Network) (Total:224.57 GB) (Free:99.29 GB) NTFS
7 Drive z: (FreeAgent GoFlex Drive) (Network) (Total:931.51 GB) (Free:931.15 GB) NTFS

========================= Users: ========================================

User accounts for \\MIKE-LT

Administrator Guest HelpAssistant
SUPPORT_388945a0


**** End of log ****
  • 0

#14
azarl

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts
OK, are we clear?
  • 0

#15
idrawstuff

idrawstuff

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Seems like it! No redirects at all last night, or even this morning after turning it back on. Thank you so much for your help!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP