tiserv request

View previous topic View next topic Go down

tiserv request

Post by nupardo on 12th May 2010, 6:16 pm

Hi, I was hit with I think antivirus 2010 which malwarebytes seemed to clean up for the most part, my symantec though is notifying me though that requests from various IP addresses are being blocked and it was a tidserv request.

Any ideas?

Thanks,
nupardo

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 12th May 2010, 10:20 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 13th May 2010, 12:36 am

OTL logfile created on: 5/12/2010 8:26:03 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\dpadgett\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.70 Gb Total Space | 56.01 Gb Free Space | 51.05% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.12 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS-DPADGETT4
Current User Name: dpadgett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
PRC - [2010/05/11 17:10:19 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/06 11:18:25 | 000,070,968 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptsrv.exe
PRC - [2010/05/06 11:18:24 | 000,275,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptim.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 14:28:45 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/02/10 01:00:00 | 001,930,592 | ---- | M] (Cerulean Studios) -- C:\Program Files\Trillian\trillian.exe
PRC - [2009/12/02 17:32:44 | 000,075,072 | ---- | M] (Sprint) -- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
PRC - [2009/12/02 13:21:50 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
PRC - [2009/12/02 13:12:34 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/04 16:44:20 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008/01/20 22:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/03 14:05:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldoserv.exe
PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe
PRC - [2007/09/27 14:10:04 | 001,160,464 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
PRC - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
PRC - [2007/09/14 11:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 10:54:54 | 000,085,504 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/21 01:33:14 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/01/29 23:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 21:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/09/08 19:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 19:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
MOD - [2009/10/16 13:53:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/12 13:25:12 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/12/02 13:19:28 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/12/09 12:41:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/04 16:19:46 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) [On_Demand | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,344,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 09:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100512.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100512.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/12/02 13:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 13:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 13:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 13:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/03 13:06:24 | 000,280,576 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2009/09/03 13:06:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/23 17:23:27 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/04 16:47:26 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/09/04 16:45:36 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/15 11:41:08 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/08/15 11:41:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/15 11:41:06 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/10 04:57:56 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/06/16 07:00:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/16 07:00:50 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/16 07:00:50 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/16 07:00:48 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/29 16:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2008/01/20 22:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 14:05:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/11/29 03:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/27 17:49:50 | 000,101,528 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2007/09/10 10:54:48 | 000,156,160 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/09 20:40:52 | 000,128,144 | R--- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/23 01:14:26 | 001,669,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/13 18:26:08 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/09 10:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/12/13 03:51:20 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/11/08 10:58:20 | 000,024,876 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcvpn.sys -- (rcvpn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 E8 48 28 C3 CB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 12:24:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/12 13:40:06 | 000,000,000 | ---D | M]

[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions
[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/05/12 14:27:36 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions
[2009/11/15 12:07:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/12 14:27:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 10:56:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/12 10:55:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/03 11:27:21 | 000,000,790 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 24.40.70.33 salessource
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Users\dpadgett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spotbuyspot.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {E0F516C1-E05F-4C83-8842-0304D28E50EB} - RhheteroDms - C:\Windows\System32\rhhetero.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 10:23:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell - "" = AutoRun
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 20:25:23 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 10:56:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/12 10:56:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/12 10:56:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/12 10:56:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/12 10:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/12 10:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/12 10:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/12 10:48:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/11 17:11:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/05/11 17:11:39 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:05:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/11 11:26:48 | 000,000,000 | ---D | C] -- C:\Users\dpadgett\AppData\Local\veidukyee
[2010/05/10 10:25:10 | 000,000,000 | ---D | C] -- C:\Users\dpadgett\AppData\Roaming\Malwarebytes
[2010/05/10 10:24:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 10:24:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/10 10:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 10:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/28 10:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/21 09:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 09:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 08:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/16 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/04/15 08:33:51 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/15 08:33:27 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 08:33:25 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 08:32:20 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 08:32:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2009/09/08 16:57:09 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2009/09/08 16:57:08 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2009/09/08 16:57:08 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2009/09/08 16:57:07 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2009/09/08 16:57:07 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2009/09/08 16:57:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2009/09/08 16:57:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2009/09/08 16:57:05 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2009/09/08 16:57:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2009/09/08 16:56:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2009/09/08 16:56:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/12 20:28:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/12 20:26:03 | 005,242,880 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT
[2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 19:38:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 19:38:35 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/12 14:54:46 | 000,002,627 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Word 2007.lnk
[2010/05/12 13:46:48 | 000,808,184 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/12 13:46:48 | 000,681,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/12 13:46:48 | 000,128,950 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/12 13:42:44 | 000,000,000 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\WavXMapDrive.bat
[2010/05/12 13:41:44 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/05/12 13:38:55 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/12 13:38:40 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/12 13:38:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/12 13:37:55 | 2136,973,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/12 13:36:27 | 000,524,288 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/05/12 13:36:27 | 000,065,536 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/05/12 13:30:19 | 000,000,680 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/12 10:55:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/12 10:55:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/12 10:55:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/12 10:55:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/12 10:54:23 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/12 08:24:04 | 276,782,857 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/11 17:11:37 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:11:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 16:49:58 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/11 13:12:07 | 000,000,162 | -H-- | M] () -- C:\Users\dpadgett\Desktop\~$mcast prod reports.docx
[2010/05/11 10:50:32 | 000,001,728 | -H-- | M] () -- C:\Users\dpadgett\Documents\Default.rdp
[2010/05/11 08:55:54 | 000,020,480 | ---- | M] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/10 12:24:38 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/10 10:24:18 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 14:53:17 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/05/07 14:52:01 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\A4C3588ABF.sys
[2010/05/07 09:18:23 | 000,002,585 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/06 11:57:34 | 000,103,936 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 10:02:03 | 000,076,288 | ---- | M] () -- C:\Users\dpadgett\Desktop\CRM Environment Information 063009 JASON.xls
[2010/05/04 15:18:59 | 000,100,864 | ---- | M] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:59 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/05/04 15:18:41 | 000,038,483 | ---- | M] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 13:30:25 | 000,044,400 | ---- | M] () -- C:\Users\dpadgett\Documents\Portfolio of Donald M Padgett.pfl
[2010/04/21 09:03:27 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/19 08:16:04 | 000,000,174 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/04/16 13:53:50 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 13:37:55 | 2136,973,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/12 10:54:23 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/11 18:41:05 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 14:37:31 | 000,000,680 | ---- | C] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/11 13:12:07 | 000,000,162 | -H-- | C] () -- C:\Users\dpadgett\Desktop\~$mcast prod reports.docx
[2010/05/10 10:24:18 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 11:24:31 | 000,020,480 | ---- | C] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/04 15:18:41 | 000,038,483 | ---- | C] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/05/04 15:18:38 | 000,100,864 | ---- | C] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:37 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/03 10:23:04 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 10:22:56 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 10:08:40 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/21 09:03:27 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 13:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/12/28 11:55:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 09:26:41 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\A4C3588ABF.sys
[2009/09/11 09:26:40 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/08 17:12:11 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2009/09/08 17:05:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2009/09/08 17:05:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2009/09/08 17:04:49 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2009/09/08 17:04:49 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2009/09/08 16:57:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2009/09/08 16:57:08 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2009/09/08 16:57:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2009/09/08 16:57:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2009/09/08 16:57:04 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2009/09/08 16:57:03 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2009/09/08 16:57:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2009/09/08 16:57:01 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2009/09/08 16:57:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2009/09/08 16:57:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2009/09/08 16:56:57 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/08 03:35:09 | 000,000,498 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/23 17:09:57 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/10/14 19:09:46 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/10/14 19:09:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll
[2008/10/14 16:47:48 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2008/10/14 16:47:41 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2008/10/14 16:47:41 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2007/09/06 16:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/08/31 14:51:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2007/06/14 16:45:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0
< End of report >

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 13th May 2010, 12:37 am

2 of 2

OTL Extras logfile created on: 5/12/2010 8:26:03 PM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\dpadgett\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.70 Gb Total Space | 56.01 Gb Free Space | 51.05% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.12 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS-DPADGETT4
Current User Name: dpadgett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7D94152A-6277-4A60-8F91-DE9A035C6657}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{96F3551D-7720-4754-887D-0BF793D646F8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC2D1ADC-2366-4ECB-BAC2-7578F9709CD3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{BD02DF6B-F0B7-45F2-87EE-7486AB6F5090}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D1C4A413-D0F0-40FE-BD17-918AA8FE0D66}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{022801CA-E44B-4F8F-8578-C065EB582C6B}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldoafcn.exe |
"{03E1D2E3-18B5-4BEA-B684-BDF5B88BA34A}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{045AEF2E-8973-4274-8CFF-2BA2F7670F86}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{07D48C06-0241-460B-8A8B-C1AC9CF42DCC}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldoaiox.exe |
"{100D5C73-2C35-4EB3-A390-A421B2A98A1A}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{1356632C-285C-4BF5-98A4-91883AE1DC79}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldowbgw.exe |
"{185F5B82-7809-4976-AD51-26540ABB8345}" = protocol=6 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{226FFBBE-D35B-4149-99FB-BCB6C04B4574}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2DE11391-D6CA-4492-BBC4-EF5B77EE1D19}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{3593A417-13BD-47B4-8F91-532551B0E570}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{3D21584F-5AF7-4E6C-98D3-14D8CBB36FF6}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldojswx.exe |
"{3D34F3FB-7EC0-4AB1-8910-75BBB76F69C7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E46ABCE-84EB-4F36-9050-9D086BCD99C5}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldotime.exe |
"{5741BBE5-77B2-413B-AF45-C687B62B15A1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{578BA571-1406-433E-A2C8-9898A64F8025}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{57C1E063-EFB4-4C26-8588-2A1ED0C3E0B9}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{598D89B6-4DE8-49FC-9374-07B35A2D43B6}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldomon.exe |
"{6FE00CA3-B323-485F-AC7E-96435DAB96D9}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldopswx.exe |
"{7CDBD896-7960-4EE4-8197-FF6B9F96A81C}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{837520B5-582E-404B-AF11-C2CB0F8DC6E4}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{8A2D4CD4-3DF6-451C-A0B4-2002F1250325}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldoafcn.exe |
"{8AD15EB1-B4DD-434F-94BB-AFD809A3DFFD}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldofax.exe |
"{8DD75C5E-6D17-494E-9B15-A2711275117A}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\memcard.exe |
"{8DDB440D-D128-4F72-B945-75D53AFD9927}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldoaiox.exe |
"{8E98F158-29C0-470E-A5B5-72D8C47F0918}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldomon.exe |
"{90DC3C45-D6E8-4475-B55B-672BD342E482}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9DDBA369-D39B-4E05-BFAE-559D56850B1C}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldotime.exe |
"{A1DEEA93-D55B-4BD5-8912-0D735C58E2E6}" = protocol=17 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{A86AED69-6EAA-484A-8888-B9E5D1D229A9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{A874B3F8-7D77-4045-82FB-A0F8ACA4FEF9}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldopswx.exe |
"{AB14F97F-5BC6-4D0C-850B-D227748C6005}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{AE3CBB77-83DE-4497-A406-0E255BFB0A8D}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{AF407071-6BA0-44BB-9F77-E4C7FF96A7ED}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{B3866D52-7AE3-4044-9D13-9CC82C2A9036}" = protocol=17 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{C257D76E-BFA6-4BD7-955F-209D4995F4F9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C4055C31-1D41-49E2-9DD1-7AAD0819E668}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{CB454C32-1419-4760-BED6-88992A1BBD30}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldowbgw.exe |
"{DEBB40BB-1C1F-49B9-AF82-5AEA7DA89BC0}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{EAE4AD5D-5DC2-4189-AA06-525DFC9BF1BF}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\memcard.exe |
"{F78FF948-1AA7-4E9C-8863-5F543A5534A3}" = protocol=6 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{FB8F4402-A7C7-4825-A577-EF6E41CD1A8A}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldofax.exe |
"{FDBF1045-45CA-4EB5-ADE3-FE7DB900FC14}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldojswx.exe |
"TCP Query User{67D98219-16A1-437C-A3A9-3566294F7E5B}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{52F83129-7B8B-47E3-81BC-BA99D2F46A94}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0868BB9D-5EA0-40AF-A1CC-A38ED4E5BC67}" = 32 Bit HP CIO Components Installer
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0B43A744-B1B8-4089-9BD1-9D41C7EC0AA3}" = Microsoft SQL Server 2005 Books Online (English)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2373A92B-1C1C-4E71-B494-5CA97F96AA19}" = Microsoft SQL Server 2005
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{27E25625-DB51-42E6-BEB7-0C8DC878770C}" = Broadcom ASF Management Applications
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{36DD7006-7BFE-4E3D-AF6E-FA734BC879B7}" = SQLXML4
"{36DE0956-5979-4711-985D-D9237CF3AB9C}" = RhheteroDms
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49C27FB0-CEEF-4A11-8114-0BFE336D3884}" = Symantec Endpoint Protection
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4BF18ED6-C888-4BCF-A4AF-AC7A16305BC1}" = GemSafe Standard Edition 5.1
"{4FB120F8-622C-4260-AB49-0F43A59CCF2A}" = iTunes
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client 4.0.0.830
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EC5F187-9D2B-4051-8906-88656819A869}" = Dell Drivers MSI
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{64367D02-ADA8-4FA0-B348-27F25C60BC7B}" = muvee autoProducer 5.0
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69880C00-08DD-4385-B752-9C62656F6D1E}" = Microsoft SQL Server 2005 Backward compatibility
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{72470D12-2CCA-4324-AFF9-F1396A2168EA}" = Corel Snapfire muvee autoProducer add-on
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7F5AF4AA-7F77-47FC-9E22-519822FC6365}" = Sprint SmartView
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90032DD0-ABEE-4424-AC1E-B076BDD4E350}" = Microsoft SQL Server 2005 Tools
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{961034C0-58DF-11DF-97FD-005056806466}" = Google Earth Plug-in
"{9D4B411F-42F9-4566-9621-13D3A969F871}" = Redistributable_MM
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3A8DB93-D93F-4398-A35B-9114B79DBFDD}" = WebEx Productivity Tools
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C25EF637-BE7A-4761-9B45-9069989C319F}" = Microsoft Visual Studio 2005 Premier Partner Edition - ENU
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EB4DF30B-102B-4F0C-927A-D50E037A325D}" = AuthenTec Fingerprint Sensor Minimum Install
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECC22AFA-B905-4A6A-8072-10F52B9E09B7}" = Wave Infrastructure Installer
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEC193E4-6C5F-40E9-A249-7D8C8404A9EC}" = NTRU TCG Software Stack
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Broadcast Calendar Generator_is1" = Broadcast Calendar Generator 4.0.05
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell 968 AIO Printer" = Dell 968 AIO Printer
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EasyCapture_is1" = EasyCapture 1.0.0.0
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LimeWire" = LimeWire 5.5.6
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"ProInst" = Intel(R) PROSet/Wireless Software
"PROPLUS" = Microsoft Office Professional Plus 2007
"Quicken WillMaker Plus 2009" = Quicken WillMaker Plus 2009
"RealPlayer 12.0" = RealPlayer
"Spades_is1" = Spades 1.0.5.6
"Trillian" = Trillian
"Windows Essentials Media Codec Pack" = Windows Essentials Media Codec Pack 2.3d
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Acrobat Connect Add-in" = Adobe Acrobat Connect Add-in
"Juniper_Networks_Cache_Cleaner 6.0.0" = Juniper Networks Cache Cleaner 6.0.0
"Juniper_Term_Services" = Juniper Terminal Services Client
"JuniperSetupClient" = Juniper Networks Setup Client
"Move Media Player" = Move Media Player
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2010 9:06:30 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = WinMgmt | ID = 10
Description =

Error - 4/11/2010 10:06:48 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Broadcom ASF IP and SMBIOS Mailbox Monitor | ID = 0
Description =

Error - 4/13/2010 8:30:33 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 4/14/2010 5:33:53 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = RasClient | ID = 20227
Description =

Error - 4/14/2010 8:30:34 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 4/15/2010 8:40:45 AM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18904 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 133c Start Time: 01cadc970a4bf150 Termination Time: 218

Error - 4/15/2010 8:50:29 AM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Windows Search Service | ID = 3013
Description =

Error - 4/15/2010 8:50:29 AM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Windows Search Service | ID = 3013
Description =

Error - 4/15/2010 11:23:50 AM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = WinMgmt | ID = 10
Description =

Error - 4/18/2010 9:20:39 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ OSession Events ]
Error - 1/20/2009 11:47:13 AM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 43
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/1/2009 4:30:05 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 25090
seconds with 4200 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/12/2010 7:32:11 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 7:38:16 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 7:44:46 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 7:50:30 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 7:56:41 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 8:03:00 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 8:08:44 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 8:14:25 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 8:20:32 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/12/2010 8:26:27 PM | Computer Name = Ws-dpadgett4.spotbuyspot.com | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 006073E72FD1. The following
error occurred: %%121. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.


< End of report >

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 13th May 2010, 10:13 pm

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    [2010/05/11 11:26:48 | 000,000,000 | ---D | C] -- C:\Users\dpadgett\AppData\Local\veidukyee



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 13th May 2010, 10:38 pm

Thanks, here are the results, I was not prompted to reboot:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
C:\Users\dpadgett\AppData\Local\veidukyee folder moved successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05132010_183827

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 13th May 2010, 11:38 pm

I wasn't asked to reboot but did so after removing those files. Right after the computer rebooted, my symantec gave me another tidserv request notification.

Not sure you wanted it, but I ran the OTL scan again and here are the results just in case.

Thanks again for your help!

OTL logfile created on: 5/13/2010 7:25:27 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\dpadgett\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.70 Gb Total Space | 56.04 Gb Free Space | 51.09% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.12 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS-DPADGETT4
Current User Name: dpadgett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
PRC - [2010/05/11 17:10:19 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/06 11:18:25 | 000,247,096 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2010/05/06 11:18:25 | 000,070,968 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptsrv.exe
PRC - [2010/05/06 11:18:24 | 000,275,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptim.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 14:28:45 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/02 17:32:44 | 000,075,072 | ---- | M] (Sprint) -- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
PRC - [2009/12/02 13:21:50 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
PRC - [2009/12/02 13:12:34 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/04 16:44:20 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008/01/20 22:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/03 14:05:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldoserv.exe
PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe
PRC - [2007/09/27 14:10:04 | 001,160,464 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
PRC - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
PRC - [2007/09/14 11:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 10:54:54 | 000,085,504 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/21 01:33:14 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/01/29 23:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 21:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/09/08 19:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 19:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
MOD - [2009/10/16 13:53:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/12 13:25:12 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/12/02 13:19:28 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/12/09 12:41:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/04 16:19:46 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) [On_Demand | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,344,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 09:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100512.022\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100512.022\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/12/02 13:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 13:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 13:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 13:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/03 13:06:24 | 000,280,576 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2009/09/03 13:06:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/23 17:23:27 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/04 16:47:26 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/09/04 16:45:36 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/15 11:41:08 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/08/15 11:41:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/15 11:41:06 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/10 04:57:56 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/06/16 07:00:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/16 07:00:50 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/16 07:00:50 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/16 07:00:48 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/29 16:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2008/01/20 22:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 14:05:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/11/29 03:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/27 17:49:50 | 000,101,528 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2007/09/10 10:54:48 | 000,156,160 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/09 20:40:52 | 000,128,144 | R--- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/23 01:14:26 | 001,669,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/13 18:26:08 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/09 10:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/12/13 03:51:20 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/11/08 10:58:20 | 000,024,876 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcvpn.sys -- (rcvpn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 E8 48 28 C3 CB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 12:24:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/12 13:40:06 | 000,000,000 | ---D | M]

[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions
[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/05/13 17:07:11 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions
[2009/11/15 12:07:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/13 17:07:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/12 10:56:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/12 10:55:53 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/03 11:27:21 | 000,000,790 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 24.40.70.33 salessource
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Users\dpadgett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spotbuyspot.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {E0F516C1-E05F-4C83-8842-0304D28E50EB} - RhheteroDms - C:\Windows\System32\rhhetero.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 10:23:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell - "" = AutoRun
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/13 18:38:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/12 20:25:23 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 10:56:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/12 10:56:46 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/12 10:56:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/12 10:56:46 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/12 10:53:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/12 10:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/12 10:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/12 10:48:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/11 17:11:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/05/11 17:11:39 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:05:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/10 10:25:10 | 000,000,000 | ---D | C] -- C:\Users\dpadgett\AppData\Roaming\Malwarebytes
[2010/05/10 10:24:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 10:24:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/10 10:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 10:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/28 10:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/21 09:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 09:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 08:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/16 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/04/15 08:33:51 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/15 08:33:27 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 08:33:25 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 08:32:20 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 08:32:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2009/09/08 16:57:09 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2009/09/08 16:57:08 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2009/09/08 16:57:08 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2009/09/08 16:57:07 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2009/09/08 16:57:07 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2009/09/08 16:57:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2009/09/08 16:57:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2009/09/08 16:57:05 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2009/09/08 16:57:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2009/09/08 16:56:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2009/09/08 16:56:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/13 19:31:15 | 005,242,880 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT
[2010/05/13 19:28:32 | 000,808,184 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/13 19:28:32 | 000,681,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/13 19:28:32 | 000,128,950 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/13 19:28:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/13 19:22:57 | 000,000,000 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\WavXMapDrive.bat
[2010/05/13 19:21:33 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/05/13 19:21:09 | 000,000,174 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/05/13 19:19:54 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/13 19:19:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/13 19:19:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 19:19:41 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/13 19:19:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/13 19:18:57 | 2136,973,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/13 19:17:47 | 000,524,288 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/05/13 19:17:47 | 000,065,536 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/05/13 19:15:09 | 002,062,351 | -H-- | M] () -- C:\Users\dpadgett\AppData\Local\IconCache.db
[2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 14:54:46 | 000,002,627 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Word 2007.lnk
[2010/05/12 13:30:19 | 000,000,680 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/12 10:55:51 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/12 10:55:51 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/12 10:55:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/12 10:55:51 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/12 10:54:23 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/12 08:24:04 | 276,782,857 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/11 17:11:37 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:11:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 16:49:58 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/11 13:12:07 | 000,000,162 | -H-- | M] () -- C:\Users\dpadgett\Desktop\~$mcast prod reports.docx
[2010/05/11 10:50:32 | 000,001,728 | -H-- | M] () -- C:\Users\dpadgett\Documents\Default.rdp
[2010/05/11 08:55:54 | 000,020,480 | ---- | M] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/10 12:24:38 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/10 10:24:18 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 14:53:17 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/05/07 14:52:01 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\A4C3588ABF.sys
[2010/05/07 09:18:23 | 000,002,585 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/06 11:57:34 | 000,103,936 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 10:02:03 | 000,076,288 | ---- | M] () -- C:\Users\dpadgett\Desktop\CRM Environment Information 063009 JASON.xls
[2010/05/04 15:18:59 | 000,100,864 | ---- | M] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:59 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/05/04 15:18:41 | 000,038,483 | ---- | M] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 13:30:25 | 000,044,400 | ---- | M] () -- C:\Users\dpadgett\Documents\Portfolio of Donald M Padgett.pfl
[2010/04/21 09:03:27 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 13:53:50 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/12 13:37:55 | 2136,973,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/12 10:54:23 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/11 18:41:05 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 14:37:31 | 000,000,680 | ---- | C] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/11 13:12:07 | 000,000,162 | -H-- | C] () -- C:\Users\dpadgett\Desktop\~$mcast prod reports.docx
[2010/05/10 10:24:18 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 11:24:31 | 000,020,480 | ---- | C] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/04 15:18:41 | 000,038,483 | ---- | C] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/05/04 15:18:38 | 000,100,864 | ---- | C] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:37 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/03 10:23:04 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 10:22:56 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 10:08:40 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/21 09:03:27 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 13:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/12/28 11:55:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 09:26:41 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\A4C3588ABF.sys
[2009/09/11 09:26:40 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/08 17:12:11 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2009/09/08 17:05:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2009/09/08 17:05:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2009/09/08 17:04:49 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2009/09/08 17:04:49 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2009/09/08 16:57:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2009/09/08 16:57:08 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2009/09/08 16:57:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2009/09/08 16:57:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2009/09/08 16:57:04 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2009/09/08 16:57:03 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2009/09/08 16:57:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2009/09/08 16:57:01 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2009/09/08 16:57:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2009/09/08 16:57:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2009/09/08 16:56:57 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/08 03:35:09 | 000,000,498 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/23 17:09:57 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/10/14 19:09:46 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/10/14 19:09:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll
[2008/10/14 16:47:48 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2008/10/14 16:47:41 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2008/10/14 16:47:41 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2007/09/06 16:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/08/31 14:51:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2007/06/14 16:45:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0
< End of report >

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 14th May 2010, 9:27 am

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 14th May 2010, 12:25 pm

Thanks again, I confirmed proxy serverswere not set, downloaded malwarebyets and ran a quick scan after updating.

It did find and remove one file, after reboot my symantec again gave me a tidserv request message.....Here is the log file from the malwarebytes scan.

Thanks again for your help, I've been battling this for 5 days now, I really appreciate it!

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4099

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/14/2010 8:11:15 AM
mbam-log-2010-05-14 (08-11-15).txt

Scan type: Quick scan
Objects scanned: 148232
Time elapsed: 15 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\dpadgett\AppData\Local\Temp\ff10d3de.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 14th May 2010, 12:49 pm

Hello.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

  • Click Start >> Control Panel.
  • Under the Programs click Uninstall a Program
  • Highlight the following:

    Adobe Reader 9.3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    LimeWire 5.5.6

  • Click on the Uninstall/Change button at the top.

Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u20-windows-i586.exe that you downloaded to install the newest version.

Then download and install [You must be registered and logged in to see this link.]

Let me know once you have done that.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 14th May 2010, 1:18 pm

Ok, I uninstalled limewire, the 2 java apps and adobe. I downloaded java closed browsers and installed and then downloaded adobe.

Thanks,
nupardo

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 14th May 2010, 1:19 pm

Hello.

Please download [You must be registered and logged in to see this link.] to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp
    files, execution time should be anywhere from a few seconds to a minute
    or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.


Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 14th May 2010, 4:52 pm

I ran the TFC app it cleaned up temp files and did requeset a reboot. during the reboot I got a blue screen message so then booted up in safe mode with networking. I then ran the ESET scanner, here are the results.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5b387290b29be341ba3b73a65521f278
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-05-14 04:50:36
# local_time=2010-05-14 12:50:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776638 100 95 10908199 110453919 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=131418
# found=0
# cleaned=0
# scan_time=9419


Thanks.

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 14th May 2010, 5:06 pm

Just to test, after that scan i booted up in normal mode, I went to google and did a search and got the tidserv notification again from my symantec.

Thanks for all your help.
nupardo

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 14th May 2010, 5:38 pm

Not sure it helps, but this is one of the 2 types of messages my symantec gives me:

Symantec Endpoint Protection
Traffic from IP address 91.212.22667 is blocked from
5/14/2010 1:29:54 PM to 5/14/2010 1:39:54 PM

[SID: 23615 HTTPS Tidserv Request 2 detected]

The other is typically just the part in the brackets [SID: 23615 HTTP Tidserv Request detected]

thanks again.

nupardo

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 15th May 2010, 12:17 am

Hello.
Please re-run OTL once more and post the new log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 15th May 2010, 12:36 am

Thanks again for your help, here is the most recent log from otl.

OTL logfile created on: 5/14/2010 8:25:19 PM - Run 4
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\dpadgett\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.70 Gb Total Space | 57.63 Gb Free Space | 52.53% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.12 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
Drive E: | 4.25 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS-DPADGETT4
Current User Name: dpadgett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
PRC - [2010/05/11 17:10:19 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/06 11:18:25 | 000,247,096 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2010/05/06 11:18:25 | 000,070,968 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptsrv.exe
PRC - [2010/05/06 11:18:24 | 000,275,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptim.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 14:28:45 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/02 17:32:44 | 000,075,072 | ---- | M] (Sprint) -- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
PRC - [2009/12/02 13:21:50 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
PRC - [2009/12/02 13:12:34 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/04 16:44:20 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008/01/20 22:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/03 14:05:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldoserv.exe
PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe
PRC - [2007/09/27 14:10:04 | 001,160,464 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
PRC - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
PRC - [2007/09/14 11:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 10:54:54 | 000,085,504 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/21 01:33:14 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/01/29 23:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 21:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/09/08 19:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 19:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
MOD - [2009/10/16 13:53:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/12 13:25:12 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/12/02 13:19:28 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/12/09 12:41:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/04 16:19:46 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) [On_Demand | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,344,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 09:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100513.041\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100513.041\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/12/02 13:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 13:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 13:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 13:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/03 13:06:24 | 000,280,576 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2009/09/03 13:06:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/23 17:23:27 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/04 16:47:26 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/09/04 16:45:36 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/15 11:41:08 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/08/15 11:41:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/15 11:41:06 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/10 04:57:56 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/06/16 07:00:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/16 07:00:50 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/16 07:00:50 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/16 07:00:48 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/29 16:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2008/01/20 22:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 14:05:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/11/29 03:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/27 17:49:50 | 000,101,528 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2007/09/10 10:54:48 | 000,156,160 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/09 20:40:52 | 000,128,144 | R--- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/23 01:14:26 | 001,669,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/13 18:26:08 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/09 10:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/12/13 03:51:20 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/11/08 10:58:20 | 000,024,876 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcvpn.sys -- (rcvpn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 E8 48 28 C3 CB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 12:24:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 09:16:53 | 000,000,000 | ---D | M]

[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions
[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/05/14 09:15:20 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions
[2009/11/15 12:07:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/14 09:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 09:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/14 09:13:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/03 11:27:21 | 000,000,790 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 24.40.70.33 salessource
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Users\dpadgett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spotbuyspot.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O22 - SharedTaskScheduler: {E0F516C1-E05F-4C83-8842-0304D28E50EB} - RhheteroDms - C:\Windows\System32\rhhetero.dll File not found
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 10:23:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell - "" = AutoRun
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/14 10:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/14 09:45:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\TFC.exe
[2010/05/14 09:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/14 09:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/14 09:13:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/14 09:13:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/14 09:13:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/14 09:11:32 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\dpadgett\Desktop\jre-6u20-windows-i586.exe
[2010/05/14 07:53:49 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dpadgett\Desktop\mbam-setup.exe
[2010/05/13 18:38:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/12 20:25:23 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 10:56:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/12 10:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/12 10:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/12 10:48:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/11 17:11:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/05/11 17:11:39 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:05:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/10 10:25:10 | 000,000,000 | ---D | C] -- C:\Users\dpadgett\AppData\Roaming\Malwarebytes
[2010/05/10 10:24:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 10:24:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/10 10:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 10:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/28 10:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/21 09:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 09:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 08:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/16 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010/04/15 08:33:51 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010/04/15 08:33:27 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/04/15 08:33:25 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/04/15 08:32:20 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010/04/15 08:32:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2009/09/08 16:57:09 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2009/09/08 16:57:08 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2009/09/08 16:57:08 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2009/09/08 16:57:07 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2009/09/08 16:57:07 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2009/09/08 16:57:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2009/09/08 16:57:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2009/09/08 16:57:05 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2009/09/08 16:57:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2009/09/08 16:56:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2009/09/08 16:56:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/14 20:28:44 | 005,242,880 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT
[2010/05/14 20:28:03 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/14 18:54:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/14 18:54:51 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/14 14:24:41 | 000,808,184 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/14 14:24:41 | 000,681,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/14 14:24:41 | 000,128,950 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/14 14:16:20 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/14 14:16:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/14 13:34:51 | 000,002,627 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Word 2007.lnk
[2010/05/14 13:00:11 | 000,000,000 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\WavXMapDrive.bat
[2010/05/14 12:58:30 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/05/14 12:54:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/14 12:54:10 | 2136,973,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 12:52:38 | 000,524,288 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/05/14 12:52:38 | 000,065,536 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/05/14 10:02:45 | 293,011,209 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/14 09:45:37 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\TFC.exe
[2010/05/14 09:16:53 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 09:13:20 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/14 09:13:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/14 09:13:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/14 09:13:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/14 09:12:16 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\dpadgett\Desktop\jre-6u20-windows-i586.exe
[2010/05/14 08:16:36 | 000,000,174 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/05/14 07:55:01 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 07:54:02 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dpadgett\Desktop\mbam-setup.exe
[2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 13:30:19 | 000,000,680 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/11 17:11:37 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:11:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 16:49:58 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/11 10:50:32 | 000,001,728 | -H-- | M] () -- C:\Users\dpadgett\Documents\Default.rdp
[2010/05/11 08:55:54 | 000,020,480 | ---- | M] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/10 12:24:38 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/07 14:53:17 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/05/07 14:52:01 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\A4C3588ABF.sys
[2010/05/07 09:18:23 | 000,002,585 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/06 11:57:34 | 000,103,936 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 10:02:03 | 000,076,288 | ---- | M] () -- C:\Users\dpadgett\Desktop\CRM Environment Information 063009 JASON.xls
[2010/05/04 15:18:59 | 000,100,864 | ---- | M] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:59 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/05/04 15:18:41 | 000,038,483 | ---- | M] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 13:30:25 | 000,044,400 | ---- | M] () -- C:\Users\dpadgett\Documents\Portfolio of Donald M Padgett.pfl
[2010/04/21 09:03:27 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 13:53:50 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 12:54:10 | 2136,973,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/14 09:16:53 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/11 18:41:05 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 14:37:31 | 000,000,680 | ---- | C] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/10 10:24:18 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 11:24:31 | 000,020,480 | ---- | C] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/04 15:18:41 | 000,038,483 | ---- | C] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/05/04 15:18:38 | 000,100,864 | ---- | C] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:37 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/03 10:23:04 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 10:22:56 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 10:08:40 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/21 09:03:27 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 13:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/12/28 11:55:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 09:26:41 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\A4C3588ABF.sys
[2009/09/11 09:26:40 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/08 17:12:11 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2009/09/08 17:05:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2009/09/08 17:05:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2009/09/08 17:04:49 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2009/09/08 17:04:49 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2009/09/08 16:57:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2009/09/08 16:57:08 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2009/09/08 16:57:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2009/09/08 16:57:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2009/09/08 16:57:04 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2009/09/08 16:57:03 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2009/09/08 16:57:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2009/09/08 16:57:01 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2009/09/08 16:57:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2009/09/08 16:57:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2009/09/08 16:56:57 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/08 03:35:09 | 000,000,498 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/23 17:09:57 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/10/14 19:09:46 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/10/14 19:09:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll
[2008/10/14 16:47:48 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2008/10/14 16:47:41 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2008/10/14 16:47:41 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2007/09/06 16:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/08/31 14:51:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2007/06/14 16:45:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0
< End of report >

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 15th May 2010, 10:24 pm

Hello.

Remove the Proxy setting in Internet Explorer and/or in FireFox.

    In Internet Explorer
  1. Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox
  1. Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"
  2. Click the apply button and restart that computer in normal mode.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O22 - SharedTaskScheduler: {E0F516C1-E05F-4C83-8842-0304D28E50EB} - RhheteroDms - C:\Windows\System32\rhhetero.dll File not found



  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 16th May 2010, 1:18 am

Thanks again. Both browsers had proxy server disabled. I ran the OTL command and here are the results.

Thanks,
nupardo

========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{E0F516C1-E05F-4C83-8842-0304D28E50EB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0F516C1-E05F-4C83-8842-0304D28E50EB}\ deleted successfully.

OTL by OldTimer - Version 3.2.4.1 log created on 05152010_211536

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 16th May 2010, 1:30 am

I was not prompted to reboot. I can pretty much force the tidserv request by doing a few google searches. I tried that and did see another tidserv request message from my symantec.

Not sure you want it, but I did another OTL scan and here are the results. This is nasty! Thanks again.

OTL logfile created on: 5/15/2010 9:22:46 PM - Run 5
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\dpadgett\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109.70 Gb Total Space | 57.65 Gb Free Space | 52.55% Space Free | Partition Type: NTFS
Drive D: | 2.00 Gb Total Space | 1.12 Gb Free Space | 56.11% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS-DPADGETT4
Current User Name: dpadgett
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
PRC - [2010/05/11 17:10:19 | 000,840,416 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/05/06 11:18:25 | 000,247,096 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe
PRC - [2010/05/06 11:18:25 | 000,070,968 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptsrv.exe
PRC - [2010/05/06 11:18:24 | 000,275,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\WebEx\Productivity Tools\ptim.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/03/24 14:28:45 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/02 17:32:44 | 000,075,072 | ---- | M] (Sprint) -- C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
PRC - [2009/12/02 13:21:50 | 000,316,736 | ---- | M] (C-motech Co.,Ltd) -- C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe
PRC - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
PRC - [2009/12/02 13:12:34 | 000,380,928 | ---- | M] (Bytemobile, Inc.) -- C:\Program Files\Sprint\Sprint SmartView\bmctl.exe
PRC - [2009/07/20 13:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2009/07/10 13:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009/04/24 02:57:42 | 001,025,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008/09/04 16:44:20 | 001,439,040 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2008/08/14 15:45:52 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2008/02/26 11:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/02/22 18:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
PRC - [2008/01/20 22:23:49 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2008/01/03 14:05:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\dldoserv.exe
PRC - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldocoms.exe
PRC - [2007/10/05 09:30:26 | 000,410,864 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\memcard.exe
PRC - [2007/10/05 09:30:18 | 000,455,920 | ---- | M] () -- C:\Program Files\Dell 968 AIO Printer\dldomon.exe
PRC - [2007/09/27 14:10:04 | 001,160,464 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe
PRC - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
PRC - [2007/09/14 11:53:16 | 000,218,424 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2007/09/10 10:54:54 | 000,085,504 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2007/03/21 01:33:14 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2007/01/29 23:07:18 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/25 21:34:22 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
PRC - [2006/11/03 19:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2006/09/08 19:10:22 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\hidfind.exe
PRC - [2006/09/08 19:06:08 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe
PRC - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe


========== Modules (SafeList) ==========

MOD - [2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
MOD - [2009/10/16 13:53:42 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2009/07/20 13:29:06 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:25:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/11 17:10:18 | 001,291,544 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/12/12 13:25:12 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2009/12/02 13:21:50 | 000,120,128 | ---- | M] (SmithMicro Inc.) [On_Demand | Running] -- C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe -- (SprintRcAppSvc)
SRV - [2009/12/02 13:19:28 | 000,124,224 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\Sprint\Sprint SmartView\ConAppsSvc.exe -- (CASprint)
SRV - [2009/07/20 13:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009/01/06 17:54:38 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/12/09 12:41:58 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/09/11 18:50:46 | 002,436,536 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2008/09/04 16:44:18 | 001,787,200 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2008/09/04 16:19:46 | 000,312,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2008/08/14 15:45:28 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2008/06/30 17:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/02/22 17:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)
SRV - [2008/01/20 22:23:59 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 22:23:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 22:23:49 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2008/01/03 14:05:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/08 23:50:10 | 001,552,384 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2007/10/05 09:30:46 | 000,099,568 | ---- | M] () [Auto | Running] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 09:30:34 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/09/27 14:10:02 | 000,230,672 | ---- | M] (SonicWALL, Inc.) [On_Demand | Running] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2007/09/13 15:31:44 | 000,192,512 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe -- (WaveEnrollmentService)
SRV - [2007/08/31 18:39:18 | 000,486,400 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2007/07/25 17:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007/07/25 17:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2007/07/16 12:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/02/10 07:29:56 | 000,089,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2007/02/10 07:29:54 | 029,178,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,344,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE -- (SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER)
SRV - [2007/02/10 07:29:48 | 000,242,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2006/12/19 15:21:48 | 000,079,432 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/28 04:53:48 | 000,092,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005/10/14 05:50:20 | 000,045,272 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2005/09/23 09:01:16 | 002,799,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon80)


========== Driver Services (SafeList) ==========

DRV - [2010/05/11 04:00:00 | 001,347,504 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100515.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2010/05/11 04:00:00 | 000,085,552 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20100515.019\NAVENG.SYS -- (NAVENG)
DRV - [2010/02/04 11:53:02 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/01/12 17:57:06 | 000,162,048 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2009/12/02 13:12:40 | 000,222,720 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2009/12/02 13:12:36 | 000,018,816 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2009/12/02 13:12:34 | 000,038,680 | ---- | M] (PCTEL Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctnullport.sys -- (Nmea)
DRV - [2009/12/02 13:10:58 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2009/09/03 13:06:24 | 000,280,576 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\drxvi314.sys -- (bcm)
DRV - [2009/09/03 13:06:24 | 000,051,456 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BcmBusCtr.sys -- (bcmbusctr)
DRV - [2009/08/27 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009/03/31 12:57:22 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/10/23 17:23:27 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/09/04 16:47:26 | 000,091,968 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2008/09/04 16:45:36 | 000,041,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2008/08/21 12:13:56 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2008/08/21 12:13:56 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2008/08/15 11:41:08 | 000,317,872 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2008/08/15 11:41:08 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2008/08/15 11:41:06 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2008/07/30 18:42:12 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008/07/10 04:57:56 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008/06/16 17:53:14 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2008/06/16 07:00:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/06/16 07:00:50 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/06/16 07:00:50 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/06/16 07:00:48 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/05/29 16:53:26 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cm_ser.sys -- (cm_ser)
DRV - [2008/01/20 22:23:51 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:51 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:51 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:51 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:51 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:50 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:50 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008/01/20 22:23:50 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:50 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:49 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:49 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:49 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:48 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:48 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:47 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:47 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:47 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:46 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:45 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:45 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:45 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:26 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:26 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:26 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 14:05:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/11/29 03:18:24 | 000,062,208 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\oz776.sys -- (guardian2)
DRV - [2007/09/27 17:49:50 | 000,101,528 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2007/09/10 10:54:48 | 000,156,160 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2007/09/07 10:57:14 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2007/08/13 05:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/07/16 12:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/07/09 20:40:52 | 000,128,144 | R--- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/23 01:14:26 | 001,669,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2007/03/13 18:26:08 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/09 10:22:28 | 000,006,144 | ---- | M] (Chic) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV - [2006/12/19 15:21:52 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\ASFIPMon\BASFND.sys -- (BASFND)
DRV - [2006/12/13 03:51:20 | 000,147,968 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2005/11/08 10:58:20 | 000,024,876 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rcvpn.sys -- (rcvpn)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 E8 48 28 C3 CB CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:7
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/10 12:24:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/14 09:16:53 | 000,000,000 | ---D | M]

[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions
[2010/01/02 00:10:37 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/05/15 21:11:44 | 000,000,000 | ---D | M] -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions
[2009/11/15 12:07:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\dpadgett\AppData\Roaming\mozilla\Firefox\Profiles\v72z7z5q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/14 09:15:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/14 09:13:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/14 09:13:20 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009/08/03 11:27:21 | 000,000,790 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 24.40.70.33 salessource
O2 - BHO: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (WebEx Productivity Tools) - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Dell 968 AIO Printer Fax Server] C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
O4 - HKLM..\Run: [dldomon.exe] C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RDVCHG] C:\Program Files\Sprint\Sprint SmartView\RDVCHG.exe (C-motech Co.,Ltd)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Sprint SmartView] C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe (Sprint)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [PTIM.exe] C:\Program Files\WebEx\Productivity Tools\ptim.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [PTOneClick] C:\Program Files\WebEx\Productivity Tools\ptoneclk.exe (Cisco WebEx LLC)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Users\dpadgett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} [You must be registered and logged in to see this link.] (Snapfish Activia)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} [You must be registered and logged in to see this link.] (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [You must be registered and logged in to see this link.] (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} [You must be registered and logged in to see this link.] (JuniperSetupClient Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = spotbuyspot.com
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\gemsafe: DllName - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll (Gemplus)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/18 10:23:08 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell - "" = AutoRun
O33 - MountPoints2\{d187e60e-fea2-11dd-925e-d96b46d5db7c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/14 10:10:04 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/05/14 09:45:40 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\TFC.exe
[2010/05/14 09:16:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/05/14 09:14:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/05/14 09:13:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/14 09:13:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/14 09:13:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/14 09:11:32 | 016,295,712 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\dpadgett\Desktop\jre-6u20-windows-i586.exe
[2010/05/14 07:53:49 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\dpadgett\Desktop\mbam-setup.exe
[2010/05/13 18:38:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/12 20:25:23 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 10:56:46 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/12 10:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/05/12 10:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/12 10:48:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/11 17:11:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/05/11 17:11:39 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:05:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/05/11 17:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/05/10 10:25:10 | 000,000,000 | ---D | C] -- C:\Users\dpadgett\AppData\Roaming\Malwarebytes
[2010/05/10 10:24:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 10:24:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/10 10:24:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 10:24:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 10:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/04/28 10:06:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/04/21 09:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/21 09:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/21 08:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/04/16 13:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2009/09/08 16:57:09 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2009/09/08 16:57:08 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2009/09/08 16:57:08 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2009/09/08 16:57:07 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2009/09/08 16:57:07 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2009/09/08 16:57:06 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2009/09/08 16:57:06 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2009/09/08 16:57:05 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2009/09/08 16:57:02 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2009/09/08 16:56:59 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll
[2009/09/08 16:56:59 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/15 21:23:04 | 005,242,880 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT
[2010/05/15 21:09:36 | 000,000,000 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\WavXMapDrive.bat
[2010/05/15 21:08:42 | 000,002,565 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VPN Client.lnk
[2010/05/15 21:08:29 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/15 21:07:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/05/15 21:07:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/15 21:07:42 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/15 07:41:30 | 002,023,639 | -H-- | M] () -- C:\Users\dpadgett\AppData\Local\IconCache.db
[2010/05/15 07:28:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/14 14:24:41 | 000,808,184 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/14 14:24:41 | 000,681,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/14 14:24:41 | 000,128,950 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/14 14:16:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/14 13:34:51 | 000,002,627 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Word 2007.lnk
[2010/05/14 12:54:10 | 2136,973,312 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 12:52:38 | 000,524,288 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms
[2010/05/14 12:52:38 | 000,065,536 | -HS- | M] () -- C:\Users\dpadgett\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf
[2010/05/14 10:02:45 | 293,011,209 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/05/14 09:45:37 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\TFC.exe
[2010/05/14 09:16:53 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/14 09:13:20 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/05/14 09:13:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/05/14 09:13:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/05/14 09:13:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/05/14 09:12:16 | 016,295,712 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\dpadgett\Desktop\jre-6u20-windows-i586.exe
[2010/05/14 08:16:36 | 000,000,174 | ---- | M] () -- C:\Windows\hpbafd.ini
[2010/05/14 07:55:01 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/14 07:54:02 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\dpadgett\Desktop\mbam-setup.exe
[2010/05/12 20:25:10 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\dpadgett\Desktop\OTL.exe
[2010/05/12 13:30:19 | 000,000,680 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/11 17:11:37 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/05/11 17:11:33 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 16:49:58 | 000,002,231 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/05/11 10:50:32 | 000,001,728 | -H-- | M] () -- C:\Users\dpadgett\Documents\Default.rdp
[2010/05/11 08:55:54 | 000,020,480 | ---- | M] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/10 12:24:38 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/05/07 14:53:17 | 000,002,828 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2010/05/07 14:52:01 | 000,000,088 | RHS- | M] () -- C:\Windows\System32\A4C3588ABF.sys
[2010/05/07 09:18:23 | 000,002,585 | ---- | M] () -- C:\Users\dpadgett\Desktop\Microsoft Office Excel 2007.lnk
[2010/05/06 11:57:34 | 000,103,936 | ---- | M] () -- C:\Users\dpadgett\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/06 10:02:03 | 000,076,288 | ---- | M] () -- C:\Users\dpadgett\Desktop\CRM Environment Information 063009 JASON.xls
[2010/05/04 15:18:59 | 000,100,864 | ---- | M] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:59 | 000,000,028 | ---- | M] () -- C:\Windows\ODBC.INI
[2010/05/04 15:18:41 | 000,038,483 | ---- | M] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/21 13:30:25 | 000,044,400 | ---- | M] () -- C:\Users\dpadgett\Documents\Portfolio of Donald M Padgett.pfl
[2010/04/21 09:03:27 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 13:53:50 | 000,000,000 | ---- | M] () -- C:\Windows\HPMProp.INI
[4 C:\Users\dpadgett\AppData\Local\*.tmp files -> C:\Users\dpadgett\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 12:54:10 | 2136,973,312 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/14 09:16:53 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/05/11 18:41:05 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/05/11 17:05:53 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/05/11 14:37:31 | 000,000,680 | ---- | C] () -- C:\Users\dpadgett\AppData\Local\d3d9caps.dat
[2010/05/10 10:24:18 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/07 11:24:31 | 000,020,480 | ---- | C] () -- C:\Users\dpadgett\Documents\ATL Import.xls
[2010/05/04 15:18:41 | 000,038,483 | ---- | C] () -- C:\Users\dpadgett\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2010/05/04 15:18:38 | 000,100,864 | ---- | C] () -- C:\Users\dpadgett\Documents\donContacts05042010.xls
[2010/05/04 15:18:37 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/05/03 10:23:04 | 000,000,890 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/03 10:22:56 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/28 10:08:40 | 000,002,231 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/04/21 09:03:27 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/16 13:53:50 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/12/28 11:55:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/11 09:26:41 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\A4C3588ABF.sys
[2009/09/11 09:26:40 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009/09/08 17:12:11 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2009/09/08 17:05:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2009/09/08 17:05:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2009/09/08 17:04:49 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2009/09/08 17:04:49 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2009/09/08 16:57:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2009/09/08 16:57:08 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2009/09/08 16:57:04 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2009/09/08 16:57:04 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2009/09/08 16:57:04 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2009/09/08 16:57:03 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2009/09/08 16:57:02 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2009/09/08 16:57:01 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2009/09/08 16:57:00 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2009/09/08 16:57:00 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2009/09/08 16:56:57 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/01/08 03:35:09 | 000,000,498 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/10/23 17:09:57 | 000,000,174 | ---- | C] () -- C:\Windows\hpbafd.ini
[2008/10/14 19:09:46 | 000,249,856 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2008/10/14 19:09:46 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1230.dll
[2008/10/14 16:47:48 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll
[2008/10/14 16:47:41 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2008/10/14 16:47:41 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2007/09/13 15:42:30 | 000,499,712 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007/09/13 15:42:30 | 000,471,040 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007/09/13 15:42:28 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007/09/13 15:42:28 | 000,462,848 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007/09/13 15:42:28 | 000,458,752 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007/09/13 15:42:26 | 000,487,424 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007/09/13 15:42:26 | 000,466,944 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007/09/13 15:42:26 | 000,434,176 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007/09/13 15:36:24 | 000,438,272 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007/09/12 16:05:08 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007/09/12 16:04:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007/09/12 16:04:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007/09/12 16:04:06 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007/09/12 16:03:44 | 000,098,304 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007/09/12 16:03:24 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007/09/12 16:03:04 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007/09/12 16:02:44 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007/09/12 16:02:22 | 000,102,400 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007/09/12 16:02:02 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007/09/10 10:53:26 | 000,262,144 | ---- | C] () -- C:\Windows\System32\wxvault.dll
[2007/09/06 16:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/08/31 14:51:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/07/25 17:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2007/07/16 12:58:10 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007/06/15 11:19:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2007/06/14 16:45:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2006/11/02 06:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/14 12:02:10 | 000,072,192 | ---- | C] () -- C:\Windows\System32\xltZlib.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:F5FEB7C0
< End of report >

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 16th May 2010, 7:38 pm

Hello.
1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to svchost as follows:





3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. We need to disable your local AV (Anti-virus) before running Combofix.

  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on svchost.exe.
  • Follow the prompts. NOTE:
  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouse click combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 17th May 2010, 12:33 am

Thanks. I proceeded as directed, during the first time the combofix ran I got a message that it detected rootkit activity and needed to reboot to continue. After a reboot here are the results.

Thanks again.

ComboFix 10-05-16.01 - dpadgett 05/16/2010 20:12:19.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1061 [GMT -4:00]
Running from: c:\users\dpadgett\Desktop\ComboFix.exe
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\pswi_preloaded.exe
c:\users\Administrator\GoToAssistDownloadHelper.exe
c:\windows\system32\st325614.dll

Infected copy of c:\windows\system32\drivers\mountmgr.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 00:25 . 2010-05-17 00:25 -------- d-----w- c:\users\dpadgett\AppData\Local\temp
2010-05-14 14:10 . 2010-05-14 14:10 -------- d-----w- c:\program files\ESET
2010-05-14 13:16 . 2010-05-14 13:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-14 13:15 . 2010-05-14 13:15 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-05-14 13:14 . 2010-05-14 13:14 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 22:38 . 2010-05-13 22:38 -------- d-----w- C:\_OTL
2010-05-12 14:56 . 2010-05-14 13:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 14:52 . 2010-05-12 14:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-12 14:51 . 2010-05-14 13:59 -------- d-----w- c:\programdata\NOS
2010-05-11 22:41 . 2010-05-11 21:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-11 21:11 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-11 21:11 . 2010-05-11 21:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-11 21:05 . 2010-05-11 21:05 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-11 21:05 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-05-11 21:04 . 2010-05-11 21:11 -------- d-----w- c:\programdata\Lavasoft
2010-05-11 21:04 . 2010-05-11 21:06 -------- d-----w- c:\program files\Lavasoft
2010-05-11 18:37 . 2010-05-12 17:30 680 ----a-w- c:\users\dpadgett\AppData\Local\d3d9caps.dat
2010-05-11 15:01 . 2010-05-11 15:01 79160 ----a-w- c:\programdata\WebEx\WebEx\924\atinst.exe
2010-05-11 15:01 . 2010-05-11 15:01 75064 ----a-w- c:\programdata\WebEx\WebEx\924\atmccli.dll
2010-05-11 15:01 . 2010-05-11 15:01 173368 ----a-w- c:\programdata\WebEx\WebEx\924\atmgr.exe
2010-05-10 14:25 . 2010-05-10 14:25 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Malwarebytes
2010-05-10 14:24 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 14:24 . 2010-05-10 14:24 -------- d-----w- c:\programdata\Malwarebytes
2010-05-10 14:24 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 14:24 . 2010-05-14 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 14:06 . 2010-04-28 14:06 -------- d-----w- c:\program files\iPod
2010-04-28 14:06 . 2010-04-28 14:08 -------- d-----w- c:\program files\iTunes
2010-04-28 13:56 . 2010-04-28 13:56 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-21 13:09 . 2010-04-21 13:10 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 13:03 . 2010-04-21 13:03 -------- d-----w- c:\program files\QuickTime
2010-04-21 12:08 . 2010-05-06 14:12 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-16 21:21 . 2008-10-24 19:47 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Apple Computer
2010-05-16 01:10 . 2008-10-24 20:15 -------- d-----w- c:\program files\Trillian
2010-05-16 01:09 . 2008-10-23 20:48 0 ----a-w- c:\users\dpadgett\AppData\Local\WavXMapDrive.bat
2010-05-14 13:08 . 2008-10-14 20:34 -------- d-----w- c:\program files\Java
2010-05-11 15:01 . 2009-01-06 19:05 239496 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-05-08 14:30 . 2008-10-14 21:02 -------- d-----w- c:\program files\Google
2010-05-07 18:53 . 2009-09-11 13:26 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-07 18:53 . 2009-09-09 12:59 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Corel
2010-05-07 18:52 . 2009-09-08 21:17 -------- d-----w- c:\programdata\Dl_cats
2010-05-07 18:52 . 2009-09-11 13:26 88 --sh--r- c:\windows\system32\A4C3588ABF.sys
2010-04-28 14:06 . 2008-10-24 19:41 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 19:11 . 2009-01-05 22:47 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Webex
2010-04-21 16:34 . 2009-05-19 21:43 -------- d-----w- c:\program files\Quicken WillMaker Plus 2009
2010-04-16 17:53 . 2010-04-16 17:53 -------- d-----w- c:\programdata\Hewlett-Packard
2010-04-15 12:53 . 2008-10-23 20:56 -------- d-----w- c:\programdata\Microsoft Help
2010-04-12 19:08 . 2009-01-06 19:05 62776 ----a-w- c:\programdata\WebEx\atinst.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-25 03:23 . 2010-03-25 03:22 -------- d-----w- c:\program files\Essentials Codec Pack
2010-03-25 03:16 . 2010-03-25 02:02 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Sonarca Sound Recorder Free
2010-03-25 03:10 . 2010-03-25 03:10 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2010-03-25 01:55 . 2009-09-01 12:30 -------- d-----w- c:\program files\Yahoo!
2010-03-25 01:54 . 2009-09-01 12:30 -------- d-----w- c:\programdata\Yahoo!
2010-03-24 18:30 . 2010-03-24 18:30 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-24 18:30 . 2010-03-24 18:30 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-24 18:30 . 2010-03-24 18:30 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-24 18:30 . 2010-03-24 18:30 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-24 18:30 . 2010-03-24 18:30 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-24 18:30 . 2009-01-08 07:33 -------- d-----w- c:\program files\Common Files\Real
2010-03-24 18:29 . 2010-03-24 18:28 -------- d-----w- c:\program files\real
2010-03-24 18:29 . 2010-03-24 18:29 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-24 18:25 . 2010-03-24 18:25 734728 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\RealPlayer\setup\AU_setup13.exe
2010-03-20 19:34 . 2010-03-20 19:33 20846064 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-20 19:33 . 2010-03-20 19:33 8405312 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-20 19:33 . 2010-03-20 19:33 149000 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-20 19:32 . 2010-03-20 19:32 10309448 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-20 19:32 . 2010-03-20 19:32 181768 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-20 19:32 . 2010-03-20 19:32 283280 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-20 19:32 . 2010-03-20 19:32 79368 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-20 19:32 . 2010-03-20 19:32 64000 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-20 19:32 . 2010-03-20 19:32 52288 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-20 19:32 . 2010-03-20 19:32 50688 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-20 19:32 . 2010-03-20 19:32 49152 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-20 19:32 . 2010-03-20 19:32 118784 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-20 11:32 . 2010-03-20 11:32 439816 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-12 05:31 . 2010-03-12 05:31 38 ----a-w- c:\users\dpadgett\AppData\Local\MvA2873.tmp
2010-03-11 03:09 . 2010-03-11 03:09 38 ----a-w- c:\users\dpadgett\AppData\Local\MvAB6D8.tmp
2010-03-10 04:39 . 2010-03-10 04:39 38 ----a-w- c:\users\dpadgett\AppData\Local\MvA5999.tmp
2010-03-05 15:58 . 2010-03-05 15:58 18432 ----a-w- c:\programdata\WebEx\WebEx\924\atconc.dll
2010-03-05 15:58 . 2010-03-05 15:58 122880 ----a-w- c:\programdata\WebEx\WebEx\924\flvstrm.dll
2010-03-05 15:58 . 2010-03-05 15:58 81408 ----a-w- c:\programdata\WebEx\WebEx\924\atjpeg60.dll
2010-03-05 15:58 . 2010-03-05 15:58 49152 ----a-w- c:\programdata\WebEx\WebEx\924\wbxtrace.dll
2010-03-05 15:58 . 2010-03-05 15:58 401462 ----a-w- c:\programdata\WebEx\WebEx\924\msvcp60.dll
2010-03-05 15:58 . 2010-03-05 15:58 254005 ----a-w- c:\programdata\WebEx\WebEx\924\msvcrt.dll
2010-03-05 15:58 . 2009-01-06 19:05 103736 ----a-w- c:\programdata\WebEx\atmgr.exe
2010-03-05 15:58 . 2009-01-06 19:05 46392 ----a-w- c:\programdata\WebEx\atmccli.dll
2010-03-05 15:58 . 2009-01-06 19:05 28472 ----a-w- c:\programdata\WebEx\atgpcdec.dll
2010-03-05 14:01 . 2010-04-15 12:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 11:10 . 2010-04-15 12:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-15 12:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-15 12:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-04-11 22:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-11 22:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-11 22:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-11 22:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 04:36 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 04:36 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 04:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-15 12:32 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-15 12:33 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-15 12:33 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-15 12:31 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-15 12:31 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-12-12 17:25 . 2009-12-12 17:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-14 22:59 . 2008-10-14 22:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2010-05-06 275768]
"PTOneClick"="c:\program files\WebEx\Productivity Tools\ptoneclk.exe" [2010-05-06 247096]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-23 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-23 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-23 133912]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-12 30192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-12-02 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-12-02 316736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-03 405504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-24 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

c:\users\dpadgett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-2-10 1930592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-14 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-29 813584]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
SonicWALL Global VPN Client.lnk - c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [2009-1-27 1160464]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-10-24 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d6,86,29,f5,e1,87,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2009-09-03 280576]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-09-03 51456]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-12-02 124224]
R3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2008-05-29 103680]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-12 30192]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\Drivers\RCFOX.sys [2007-09-27 101528]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-01-06 20376]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-11 1291544]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]


--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 14:22]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 14:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\dpadgett\AppData\Roaming\Mozilla\Firefox\Profiles\v72z7z5q.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\WebEx\Productivity Tools\components\ocff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\dpadgett\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\dpadgett\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Notify-GoToAssist - c:\program files\Citrix\GoToAssist\514\G2AWinLogon.dll
SafeBoot-Symantec Antvirus
AddRemove-KB921896_SQL9 - c:\windows\SQL9_KB921896_ENU\Hotfix.exe
AddRemove-KB921896_SQLTools9 - c:\windows\SQLTools9_KB921896_ENU\Hotfix.exe
AddRemove-Adobe Acrobat Connect Add-in - c:\users\dpadgett\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\dpadgett\AppData\Roaming\Macromedia\Flash Player\[You must be registered and logged in to see this link.]



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-16 20:25
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\system32\bmnet.dll
.
Completion time: 2010-05-16 20:30:35
ComboFix-quarantined-files.txt 2010-05-17 00:30

Pre-Run: 61,763,952,640 bytes free
Post-Run: 61,716,926,464 bytes free

- - End Of File - - AA8AD4B509E6F130E69E3BE28F1F096D

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 17th May 2010, 1:52 am

I've been able to force the tidserv request message by doing various searches on google, so far I have not had any notifications about tidserv requests from my symantec system....

Not sure if you think this last tool may have cleaned it, but so far it looks good. Thanks!

nupardo

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 17th May 2010, 9:28 pm

Hello.

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:
    Code:

    DDS::
    uInternet Settings,ProxyServer = http=127.0.0.1:5555
    uInternet Settings,ProxyOverride =

    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 17th May 2010, 10:58 pm

Thanks, here is the report.

ComboFix 10-05-16.02 - dpadgett 05/17/2010 18:23:13.2.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2037.1066 [GMT -4:00]
Running from: c:\users\dpadgett\Desktop\ComboFix.exe
Command switches used :: c:\users\dpadgett\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Endpoint Protection *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
SP: Symantec Endpoint Protection *disabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-17 to 2010-05-17 )))))))))))))))))))))))))))))))
.

2010-05-17 22:34 . 2010-05-17 22:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-17 22:34 . 2010-05-17 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-17 22:34 . 2010-05-17 22:34 -------- d-----w- c:\users\cphuah\AppData\Local\temp
2010-05-17 22:34 . 2010-05-17 22:34 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-05-17 22:16 . 2010-05-17 22:17 -------- d-----w- C:\32788R22FWJFW
2010-05-17 00:30 . 2010-05-17 22:34 -------- d-----w- c:\users\dpadgett\AppData\Local\temp
2010-05-14 14:10 . 2010-05-14 14:10 -------- d-----w- c:\program files\ESET
2010-05-14 13:16 . 2010-05-14 13:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-05-14 13:15 . 2010-05-14 13:15 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-05-14 13:14 . 2010-05-14 13:14 -------- d-----w- c:\program files\Common Files\Java
2010-05-13 22:38 . 2010-05-13 22:38 -------- d-----w- C:\_OTL
2010-05-12 14:56 . 2010-05-14 13:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 14:52 . 2010-05-12 14:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-12 14:51 . 2010-05-14 13:59 -------- d-----w- c:\programdata\NOS
2010-05-11 22:41 . 2010-05-11 21:11 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-11 21:11 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-11 21:11 . 2010-05-11 21:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-11 21:05 . 2010-05-11 21:05 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-11 21:05 . 2010-02-04 15:53 2954656 -c--a-w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-05-11 21:04 . 2010-05-11 21:11 -------- d-----w- c:\programdata\Lavasoft
2010-05-11 21:04 . 2010-05-11 21:06 -------- d-----w- c:\program files\Lavasoft
2010-05-11 18:37 . 2010-05-12 17:30 680 ----a-w- c:\users\dpadgett\AppData\Local\d3d9caps.dat
2010-05-11 15:01 . 2010-05-11 15:01 79160 ----a-w- c:\programdata\WebEx\WebEx\924\atinst.exe
2010-05-11 15:01 . 2010-05-11 15:01 75064 ----a-w- c:\programdata\WebEx\WebEx\924\atmccli.dll
2010-05-11 15:01 . 2010-05-11 15:01 173368 ----a-w- c:\programdata\WebEx\WebEx\924\atmgr.exe
2010-05-10 14:25 . 2010-05-10 14:25 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Malwarebytes
2010-05-10 14:24 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 14:24 . 2010-05-10 14:24 -------- d-----w- c:\programdata\Malwarebytes
2010-05-10 14:24 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-10 14:24 . 2010-05-14 11:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-28 14:06 . 2010-04-28 14:06 -------- d-----w- c:\program files\iPod
2010-04-28 14:06 . 2010-04-28 14:08 -------- d-----w- c:\program files\iTunes
2010-04-28 13:56 . 2010-04-28 13:56 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.1.11\SetupAdmin.exe
2010-04-21 13:09 . 2010-04-21 13:10 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-21 13:03 . 2010-04-21 13:03 -------- d-----w- c:\program files\QuickTime
2010-04-21 12:08 . 2010-05-06 14:12 -------- d-----w- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-17 12:20 . 2008-10-23 20:56 -------- d-----w- c:\programdata\Microsoft Help
2010-05-17 00:51 . 2008-10-24 20:15 -------- d-----w- c:\program files\Trillian
2010-05-17 00:42 . 2008-10-23 20:48 0 ----a-w- c:\users\dpadgett\AppData\Local\WavXMapDrive.bat
2010-05-16 21:21 . 2008-10-24 19:47 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Apple Computer
2010-05-14 13:08 . 2008-10-14 20:34 -------- d-----w- c:\program files\Java
2010-05-11 15:01 . 2009-01-06 19:05 239496 ----a-w- c:\programdata\WebEx\atgpcext.dll
2010-05-08 14:30 . 2008-10-14 21:02 -------- d-----w- c:\program files\Google
2010-05-07 18:53 . 2009-09-11 13:26 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-05-07 18:53 . 2009-09-09 12:59 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Corel
2010-05-07 18:52 . 2009-09-08 21:17 -------- d-----w- c:\programdata\Dl_cats
2010-05-07 18:52 . 2009-09-11 13:26 88 --sh--r- c:\windows\system32\A4C3588ABF.sys
2010-04-28 14:06 . 2008-10-24 19:41 -------- d-----w- c:\program files\Common Files\Apple
2010-04-22 19:11 . 2009-01-05 22:47 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Webex
2010-04-21 16:34 . 2009-05-19 21:43 -------- d-----w- c:\program files\Quicken WillMaker Plus 2009
2010-04-16 17:53 . 2010-04-16 17:53 -------- d-----w- c:\programdata\Hewlett-Packard
2010-04-12 19:08 . 2009-01-06 19:05 62776 ----a-w- c:\programdata\WebEx\atinst.exe
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-25 03:23 . 2010-03-25 03:22 -------- d-----w- c:\program files\Essentials Codec Pack
2010-03-25 03:16 . 2010-03-25 02:02 -------- d-----w- c:\users\dpadgett\AppData\Roaming\Sonarca Sound Recorder Free
2010-03-25 03:10 . 2010-03-25 03:10 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2010-03-25 01:55 . 2009-09-01 12:30 -------- d-----w- c:\program files\Yahoo!
2010-03-25 01:54 . 2009-09-01 12:30 -------- d-----w- c:\programdata\Yahoo!
2010-03-24 18:30 . 2010-03-24 18:30 49152 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-03-24 18:30 . 2010-03-24 18:30 45056 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-24 18:30 . 2010-03-24 18:30 308808 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-24 18:30 . 2010-03-24 18:30 14848 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-03-24 18:30 . 2010-03-24 18:30 40960 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-24 18:30 . 2010-03-24 18:30 341600 ----a-w- c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-24 18:30 . 2009-01-08 07:33 -------- d-----w- c:\program files\Common Files\Real
2010-03-24 18:29 . 2010-03-24 18:28 -------- d-----w- c:\program files\real
2010-03-24 18:29 . 2010-03-24 18:29 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-24 18:25 . 2010-03-24 18:25 734728 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\RealPlayer\setup\AU_setup13.exe
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21340\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21340\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21340\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\21340\AcrobatUpdater.exe
2010-03-20 19:34 . 2010-03-20 19:33 20846064 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-20 19:33 . 2010-03-20 19:33 8405312 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-20 19:33 . 2010-03-20 19:33 149000 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-20 19:32 . 2010-03-20 19:32 10309448 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-20 19:32 . 2010-03-20 19:32 181768 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-20 19:32 . 2010-03-20 19:32 283280 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-20 19:32 . 2010-03-20 19:32 79368 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
2010-03-20 19:32 . 2010-03-20 19:32 64000 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-20 19:32 . 2010-03-20 19:32 52288 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-20 19:32 . 2010-03-20 19:32 50688 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-20 19:32 . 2010-03-20 19:32 49152 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-20 19:32 . 2010-03-20 19:32 118784 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-20 11:32 . 2010-03-20 11:32 439816 ----a-w- c:\users\dpadgett\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-03-12 05:31 . 2010-03-12 05:31 38 ----a-w- c:\users\dpadgett\AppData\Local\MvA2873.tmp
2010-03-11 03:09 . 2010-03-11 03:09 38 ----a-w- c:\users\dpadgett\AppData\Local\MvAB6D8.tmp
2010-03-10 04:39 . 2010-03-10 04:39 38 ----a-w- c:\users\dpadgett\AppData\Local\MvA5999.tmp
2010-03-05 15:58 . 2010-03-05 15:58 18432 ----a-w- c:\programdata\WebEx\WebEx\924\atconc.dll
2010-03-05 15:58 . 2010-03-05 15:58 122880 ----a-w- c:\programdata\WebEx\WebEx\924\flvstrm.dll
2010-03-05 15:58 . 2010-03-05 15:58 81408 ----a-w- c:\programdata\WebEx\WebEx\924\atjpeg60.dll
2010-03-05 15:58 . 2010-03-05 15:58 49152 ----a-w- c:\programdata\WebEx\WebEx\924\wbxtrace.dll
2010-03-05 15:58 . 2010-03-05 15:58 401462 ----a-w- c:\programdata\WebEx\WebEx\924\msvcp60.dll
2010-03-05 15:58 . 2010-03-05 15:58 254005 ----a-w- c:\programdata\WebEx\WebEx\924\msvcrt.dll
2010-03-05 15:58 . 2009-01-06 19:05 103736 ----a-w- c:\programdata\WebEx\atmgr.exe
2010-03-05 15:58 . 2009-01-06 19:05 46392 ----a-w- c:\programdata\WebEx\atmccli.dll
2010-03-05 15:58 . 2009-01-06 19:05 28472 ----a-w- c:\programdata\WebEx\atgpcdec.dll
2010-03-05 14:01 . 2010-04-15 12:33 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-23 11:10 . 2010-04-15 12:33 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:10 . 2010-04-15 12:33 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:10 . 2010-04-15 12:33 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-04-11 22:50 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-11 22:50 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-04-11 22:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-04-11 22:50 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 04:36 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 04:36 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 04:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:07 . 2010-04-15 12:32 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:07 . 2010-04-15 12:33 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:07 . 2010-04-15 12:33 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 13:30 . 2010-04-15 12:31 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:28 . 2010-04-15 12:31 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2009-12-12 17:25 . 2009-12-12 17:25 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-10-14 22:59 . 2008-10-14 22:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-17 12:16 . 2010-01-29 13:49 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\INETRES.dll
+ 2010-05-17 12:16 . 2010-01-29 13:56 84480 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\INETRES.dll
+ 2008-10-22 22:37 . 2010-05-17 20:31 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-10-22 22:37 . 2010-05-16 01:51 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-10-22 22:37 . 2010-05-17 20:31 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-22 22:37 . 2010-05-16 01:51 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-02 15:17 . 2010-05-17 00:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-01-02 15:17 . 2010-05-11 01:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-01-02 15:17 . 2010-05-17 00:37 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-02 15:17 . 2010-05-11 01:52 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-01-02 15:17 . 2010-05-11 01:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-01-02 15:17 . 2010-05-17 00:37 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-10-23 21:00 . 2010-04-15 12:53 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 35088 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 18704 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 20240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-12-22 00:09 . 2009-12-22 00:09 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 05:57 . 2009-12-22 05:57 35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-22 00:02 . 2009-12-22 00:02 79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-22 03:21 . 2009-12-22 03:21 99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-22 03:37 . 2009-12-22 03:37 27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 22:39 . 2009-12-21 22:39 15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 22:27 . 2009-12-21 22:27 75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 22:27 . 2009-12-21 22:27 61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 32768 c:\windows\Downloaded Program Files\WebEx\924\ptexmeet.dll
+ 2010-05-17 14:10 . 2010-05-06 15:18 74309 c:\windows\Downloaded Program Files\ptIEGpc.dll
+ 2010-05-17 14:10 . 2010-05-06 15:18 92228 c:\windows\Downloaded Program Files\ptgpcext.dll
+ 2010-05-17 14:10 . 2010-05-06 15:18 18432 c:\windows\Downloaded Program Files\ptgpcdec.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 28472 c:\windows\Downloaded Program Files\atgpcdec.dll
- 2010-05-17 00:07 . 2010-05-17 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-17 00:37 . 2010-05-17 00:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-17 00:07 . 2010-05-17 00:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-17 00:37 . 2010-05-17 00:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-17 12:16 . 2010-01-29 16:07 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.22325_none_7c10a4356edc41af\inetcomm.dll
+ 2010-05-17 12:16 . 2010-01-29 15:40 738816 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6002.18197_none_7b3d56a455f59b03\inetcomm.dll
+ 2010-05-17 12:16 . 2010-01-29 16:08 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.22621_none_7a26312571b9872f\inetcomm.dll
+ 2010-05-17 12:16 . 2010-01-29 16:21 738304 c:\windows\winsxs\x86_microsoft-windows-mail-comm-dll_31bf3856ad364e35_6.0.6001.18416_none_79ac63d2588f4d00\inetcomm.dll
+ 2010-05-14 14:00 . 2010-05-17 20:31 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-14 14:00 . 2010-05-16 01:51 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-10-23 21:00 . 2010-05-17 12:20 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 888080 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 272648 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pubs.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 922384 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 845584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 217864 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\misc.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 159504 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\inficon.exe
+ 2009-12-21 22:35 . 2009-12-21 22:35 378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 22:34 . 2009-12-21 22:34 103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 23:18 . 2009-11-09 23:18 684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-22 00:02 . 2009-12-22 00:02 542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-21 22:43 . 2009-12-21 22:43 120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 05:57 . 2009-12-22 05:57 349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 22:15 . 2009-12-21 22:15 660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 23:32 . 2009-12-21 23:32 280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-21 23:15 . 2009-12-21 23:15 251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2010-05-17 14:10 . 2010-05-17 14:10 561152 c:\windows\Downloaded Program Files\WebEx\924\mvc.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 630784 c:\windows\Downloaded Program Files\WebEx\924\mutiltpd.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 548864 c:\windows\Downloaded Program Files\WebEx\924\mmssl32.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 458752 c:\windows\Downloaded Program Files\WebEx\924\atwbxui7.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 376832 c:\windows\Downloaded Program Files\WebEx\924\atpollk2.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 173368 c:\windows\Downloaded Program Files\WebEx\924\atmgr.exe
+ 2010-05-17 14:10 . 2010-05-17 14:10 396168 c:\windows\Downloaded Program Files\WebEx\924\atasctrl.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 239496 c:\windows\Downloaded Program Files\atgpcext.dll
+ 2010-05-17 12:16 . 2010-01-29 13:49 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\MSOERES.dll
+ 2010-05-17 12:16 . 2010-01-29 16:08 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.22325_none_5ade3b513b99bff2\msoe.dll
+ 2010-05-17 12:16 . 2010-01-29 15:40 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6002.18197_none_5a0aedc022b31946\msoe.dll
+ 2010-05-17 12:16 . 2010-01-29 13:57 2836992 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\MSOERES.dll
+ 2010-05-17 12:16 . 2010-01-29 16:09 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.22621_none_58f3c8413e770572\msoe.dll
+ 2010-05-17 12:16 . 2010-01-29 16:22 1616384 c:\windows\winsxs\x86_microsoft-windows-mail-core-dll_31bf3856ad364e35_6.0.6001.18416_none_5879faee254ccb43\msoe.dll
+ 2009-10-16 11:08 . 2009-10-16 11:08 2237952 c:\windows\Installer\282828d.msp
+ 2010-04-09 19:21 . 2010-04-09 19:21 5025792 c:\windows\Installer\2828278.msp
- 2008-10-23 21:00 . 2010-04-15 12:53 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 1172240 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-10-23 21:00 . 2010-05-17 12:20 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
- 2008-10-23 21:00 . 2010-04-15 12:53 1165584 c:\windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-12-21 22:29 . 2009-12-21 22:29 2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-28 00:34 . 2009-10-28 00:34 5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-22 03:31 . 2009-12-22 03:31 5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2008-08-26 02:50 . 2008-08-26 02:50 2585592 c:\windows\Installer\$PatchCache$\Managed\00002109110000000000000000F01FEC\12.0.6425\VBE6.DLL
+ 2010-05-17 22:19 . 2010-05-17 22:19 6430720 c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2010-05-17 14:10 . 2010-05-17 14:10 2315576 c:\windows\Downloaded Program Files\WebEx\924\webexmgr.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 3043328 c:\windows\Downloaded Program Files\WebEx\924\atres.dll
+ 2010-05-17 14:10 . 2010-05-17 14:10 2084864 c:\windows\Downloaded Program Files\WebEx\924\atpdmod.dll
+ 2010-04-04 06:54 . 2010-04-04 06:54 11850240 c:\windows\Installer\4a0f9bb.msp
+ 2009-12-22 03:21 . 2009-12-22 03:21 20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
+ 2009-12-07 01:10 . 2010-05-17 12:12 188175966 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTIM.exe"="c:\program files\WebEx\Productivity Tools\PTIM.exe" [2010-05-06 275768]
"PTOneClick"="c:\program files\WebEx\Productivity Tools\ptoneclk.exe" [2010-05-06 247096]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-01-26 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-23 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-23 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-23 133912]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 85504]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2007-09-14 218424]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-12 30192]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-08-14 115560]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"dldomon.exe"="c:\program files\Dell 968 AIO Printer\dldomon.exe" [2007-10-05 455920]
"MemoryCardManager"="c:\program files\Dell 968 AIO Printer\memcard.exe" [2007-10-05 410864]
"Dell 968 AIO Printer Fax Server"="c:\program files\Dell 968 AIO Printer\fm3032.exe" [2007-10-05 312560]
"Sprint SmartView"="c:\program files\Sprint\Sprint SmartView\SprintSV.exe" [2009-12-02 75072]
"RDVCHG"="c:\program files\Sprint\Sprint SmartView\RDVCHG.exe" [2009-12-02 316736]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-03 405504]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-24 202256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-24 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-03-21 478800]

c:\users\dpadgett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files\Trillian\trillian.exe [2010-2-10 1930592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-14 50688]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-29 813584]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
SonicWALL Global VPN Client.lnk - c:\program files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [2009-1-27 1160464]
VPN Client.lnk - c:\windows\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2008-10-24 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 20:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d6,86,29,f5,e1,87,ca,01

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 136176]
R3 bcm;WiMAX Network Adapter;c:\windows\system32\DRIVERS\drxvi314.sys [2009-09-03 280576]
R3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\DRIVERS\BcmBusCtr.sys [2009-09-03 51456]
R3 CASprint;Sprint Con App Svc;c:\program files\Sprint\Sprint SmartView\ConAppsSvc.exe [2009-12-02 124224]
R3 cm_ser;C-motech USB Serial Port2 Driver;c:\windows\system32\DRIVERS\cm_ser.sys [2008-05-29 103680]
R3 COH_Mon;COH_Mon;c:\windows\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-12 30192]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-02-04 64288]
S1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\Drivers\RCFOX.sys [2007-09-27 101528]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-01-06 20376]
S2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
S2 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-05-11 1291544]
S2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2006-11-02 7168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-03-13 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-08-27 102448]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\DRIVERS\rcvpn.sys [2005-11-08 24876]


--- Other Services/Drivers In Memory ---

*Deregistered* - BMLoad

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-05-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 21:10]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 14:22]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-03 14:22]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
LSP: bmnet.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\users\dpadgett\AppData\Roaming\Mozilla\Firefox\Profiles\v72z7z5q.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - component: c:\program files\WebEx\Productivity Tools\components\ocff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\users\dpadgett\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\dpadgett\AppData\Roaming\Move Networks\plugins\npqmp071705000014.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{E0F516C1-E05F-4C83-8842-0304D28E50EB} - c:\windows\system32\rhhetero.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-05-17 18:34
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msftesql]
"ImagePath"="\"c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe\" -s:MSSQL.1 -f:MSSQLSERVER"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(680)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\system32\bmnet.dll

- - - - - - - > 'Explorer.exe'(6328)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2010-05-17 18:40:14
ComboFix-quarantined-files.txt 2010-05-17 22:40
ComboFix2.txt 2010-05-17 00:30

Pre-Run: 41,734,459,392 bytes free
Post-Run: 41,708,998,656 bytes free

- - End Of File - - 9B572B10853EFFF13AC56E7E41827D9B

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 18th May 2010, 10:26 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 19th May 2010, 12:11 pm

I ran that command and rebooted. I have had no warnings from symantec for 2 days now. I would also sometimes have random web pages open in new tabs but that has stopped as well.

Thanks so much for your help, very, very appreciated!

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 19th May 2010, 10:24 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 20th May 2010, 1:13 pm

Here are the results....


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5b387290b29be341ba3b73a65521f278
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-05-14 04:50:36
# local_time=2010-05-14 12:50:36 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776638 100 95 10908199 110453919 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=131418
# found=0
# cleaned=0
# scan_time=9419
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=5b387290b29be341ba3b73a65521f278
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2010-05-20 03:16:38
# local_time=2010-05-19 11:16:38 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776638 100 95 11375994 110921714 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=132127
# found=0
# cleaned=0
# scan_time=11186

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

Re: tiserv request

Post by Belahzur on 20th May 2010, 10:42 pm

This looks good now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: tiserv request

Post by nupardo on 21st May 2010, 3:04 pm

thanks again for all your help!!!

nupardo

nupardo
Novice
Novice

Posts Posts : 19
Joined Joined : 2010-05-12
OS OS : windows vista business
Points Points : 24303
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum