View Full Version : Search Hijack problem
mlleeder
2009-02-09, 18:09
About 5-6 days ago, I noticed that google search was not behaving properly; search items redirect to unrelated advertising sites.
I've not noticed any other problems; my computer is a bit slow, but my hard drive is fairly full, so I've chalked it up to that.
I've read the instructions in the forum "stickys" and believe I've followed them faithfully: disabled Teatimer and restarted, downloaded HijackThis 2.0.2 and ResetTeaTimer.bat; saved on my desktop; installed and run ResetTeaTimer.bat and HijackThis; Log file is pasted below.
Other info - I've used Spybot for several years; just downloaded and installed the newest version last week. Unfortunately, I was foolish enough to uninstall the prior version several days before installing the new version (I thought the new version of AdAware clashed with it - they'd been running happily together before I upgraded to AdAware's new version). I wonder if this is when the infection happened?!
My schedule - I will be available most of this week, except for a few morning appointments, so I promise to follow up promptly to any help you are gracious enough to provide.
Thanks in advance for your help.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:46:15 AM, on 2/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Magazine Utilities\InstaBack\InstaBack.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\1-Click Answers\agtserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Documents and Settings\mldellafera\Desktop\HiJackThis.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.isp.com/members/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - "C:\Program Files\Naturalsoft\NaturalReader66\IsRegSpy.exe" (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\Naturalsoft\NaturalReader66\NVRIEbar.dll
O3 - Toolbar: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBitZ.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [InstaBack] C:\Program Files\PC Magazine Utilities\InstaBack\InstaBack.exe /a /t
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: APEX Weight Center 1.1.0.685 - https://application.bodybugg.com/files/static/install/bmapex_1_1_0_685.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.bniva.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128433495656
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231504347_6c3d6b95c6ed016308cf506847cbb6c9&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nrc.webex.com/client/T25L/event/ieatgpc.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 18531 bytes
Hello and Welcome to Safer Networking,
My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.
Please observe these rules while we work:
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Please continue to respond until I give you the "All Clear"
If you follow these instructions, everything should go smoothly.
1 - Download and Run Malwarebytes' Anti-Malware
Please download Malwarebytes Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) and save it to your desktop.
alternate download link 1 (http://malwarebytes.gt500.org/mbam-setup.exe)
alternate download link 2 (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html)
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
If you encounter any problems while downloading the updates, manually download them from here (http://www.malwarebytes.org/mbam/database/mbam-rules.exe) and just double-click on mbam-rules.exe to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
2 - download and run RSIT
Download random's system information tool (RSIT) by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open. Please post the contents of both log.txt<- (will be maximized) and info.txt<- (will be minimized)
3 - Status Check
Please reply with
1.the logs from RSIT (log.txt ,info.txt)
2. the Malwarebytes' Anti-Malware Log
Thanks peku006
mlleeder
2009-02-14, 17:04
Peku, thank you so much for getting in touch with me this week; looks like you're swamped with requests for help!
I followed your instructions, some notes on the scan are below. The logs for MBAM and RSIT are included in separate replies.
Additional info/notes:
1. FYI, MBAM did not request a reboot
2. Other Anti-virus programs: I permanently disabled TeaTimer when I first followed the forum instructions, but did not permanently disable AdAware or Norton. After I ran the original HJT log, I let Adaware and Norton continue to run; however Adaware had not been running checks as scheduled. Norton continued to run each night, but found nothing.
Last night, Norton ran while MBAM was scanning Network Drive Y, which is the only other computer on this network (MBAM had already finished scanning drive (C:)) Norton found and quarantined Trojan Pidief D. In case you are interested in seeing this, the full notification text is:
Scan type: Scheduled Scan
Event: Threat Found!
Threat: Trojan.Pidief.D
File: C:\Documents and Settings\mldellafera\Local Settings\Temporary Internet Files\Content.IE5\C4ACFS6N\1[1].pdf
Location: Quarantine
Computer: MARYLOU
User: mldellafera
Action taken: Quarantine succeeded
Date found: Saturday, February 14, 2009 2:45:44 AM
-----------------------------------------------------
Sorry, I didn't remember if I was supposed to disable all virus/adware software before running these checks. If you'd like me to do so and re-run MBAM and RSIT, please let me know.
See next reply for MBAM log
mlleeder
2009-02-14, 17:07
Malwarebytes' Anti-Malware 1.34
Database version: 1760
Windows 5.1.2600 Service Pack 3
2/14/2009 8:35:51 AM
mbam-log-2009-02-14 (08-35-51).txt
Scan type: Full Scan (C:\|D:\|E:\|Y:\|Z:\|)
Objects scanned: 409539
Time elapsed: 8 hour(s), 14 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Files Infected:
C:\WINDOWS\system32\cpnprt2.cid (Adware.Agent) -> Quarantined and deleted successfully.
mlleeder
2009-02-14, 17:09
Logfile of random's system information tool 1.05 (written by random/random)
Run by mldellafera at 2009-02-14 09:44:11
Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (15%) free of 73 GB
Total RAM: 1023 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:44:35 AM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\PC Magazine Utilities\InstaBack\InstaBack.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\1-Click Answers\agtserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\MLDELL~4\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\MLDELL~4\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\mldellafera\Desktop\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\mldellafera\Desktop\mldellafera.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.isp.com/members/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - "C:\Program Files\Naturalsoft\NaturalReader66\IsRegSpy.exe" (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\Naturalsoft\NaturalReader66\NVRIEbar.dll
O3 - Toolbar: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBitZ.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [InstaBack] C:\Program Files\PC Magazine Utilities\InstaBack\InstaBack.exe /a /t
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: APEX Weight Center 1.1.0.685 - https://application.bodybugg.com/files/static/install/bmapex_1_1_0_685.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.bniva.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128433495656
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231504347_6c3d6b95c6ed016308cf506847cbb6c9&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nrc.webex.com/client/T25L/event/ieatgpc.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 19051 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Ad-Aware Scan (Daily).job
C:\WINDOWS\tasks\Ad-Aware Update (Daily).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DA9E178C-F2ED-4041-9CC1-A147E59BE11E}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00011268-E188-40DF-A514-835FCD78B1BF}]
IE7Pro BHO - C:\Program Files\IEPro\iepro.dll [2009-02-04 752744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B1B0D47-95F7-4bad-9309-A945B655AE61}]
NVRShowBar - C:\Program Files\Naturalsoft\NaturalReader66\IsRegSpy.exe []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-19 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 657904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
MSN Toolbar Helper - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll [2008-12-04 83800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-19 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-12-19 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
{7754C418-F62E-44aa-B169-E719E718BCFD} - 1-Click Answers - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll [2005-12-14 458752]
{0BF43445-2F28-4351-9252-17FE6E806AA0}
- []
{BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - NVRIEbar.IEbar - C:\Program Files\Naturalsoft\NaturalReader66\NVRIEbar.dll [2007-05-16 401408]
{97bceb59-cfcd-4b16-a863-b3f72cf9f196} - BitZipperSearch Toolbar - C:\Program Files\BitZipperSearch\tbBitZ.dll [2008-04-16 1524760]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-19 136600]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-09-13 155648]
"IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2004-10-30 385024]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2005-05-12 344064]
"PCMService"=C:\Program Files\Dell\Media Experience\PCMService.exe [2004-04-11 290816]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2005-03-04 606208]
"DVDLauncher"=C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [2005-02-23 53248]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2004-02-29 66680]
"vptray"=C:\PROGRA~1\SYMANT~1\VPTray.exe [2004-03-12 124128]
"Synchronization Manager"=C:\WINDOWS\system32\mobsync.exe [2008-04-13 143360]
"tgcmd"=C:\Program Files\support.com\bin\tgcmd.exe /server []
"IntelliPoint"=C:\Program Files\Microsoft IntelliPoint\point32.exe [2005-06-10 217088]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
""= []
"InstaBack"=C:\Program Files\PC Magazine Utilities\InstaBack\InstaBack.exe [2006-09-24 1525248]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"pdfFactory Pro Dispatcher v3"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe [2007-11-07 507904]
"FinePrint Dispatcher v5"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe [2007-11-07 507904]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-11-07 111936]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-11-04 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-29 509784]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2009-02-11 399504]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-06-29 68856]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe [2005-04-25 1339392]
"updateMgr"=C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe [2006-03-30 313472]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
1-Click Answers.lnk - C:\Program Files\1-Click Answers\answers.exe
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
DataViz Inc Messenger.lnk - C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
C:\Documents and Settings\mldellafera\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
ButtonBoogie.lnk - C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
HotSync Manager.lnk - C:\Program Files\Palm\HOTSYNC.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-05-13 46080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll [2004-09-07 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
C:\WINDOWS\system32\NavLogon.dll [2004-03-12 83176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
C:\WINDOWS\system32\PCANotify.dll [2002-02-15 24638]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-13 239616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2008-05-26 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoBandCustomize"=0
"NoMovingBands"=0
"NoCloseDragDropBands"=0
"NoActiveDesktop"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE"="C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Disabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service"
"C:\Program Files\Palm\HOTSYNC.EXE"="C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Macromedia\Contribute 3\Contribute.exe"="C:\Program Files\Macromedia\Contribute 3\Contribute.exe:*:Enabled:Contribute"
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe"="C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager"
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8"
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"="C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HDHBClient.exe"="C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HDHBClient.exe:LocalSubNet:Enabled:HD HeartBeat 2"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
"D:\Setup.exe"="D:\Setup.exe:*:Enabled:Setup"
"C:\Documents and Settings\mldellafera\My Documents\SW\LinkSys Music Bridge WMB54G\WMB54G_SetupWizard\WMB54G_20071113\Setup.exe"="C:\Documents and Settings\mldellafera\My Documents\SW\LinkSys Music Bridge WMB54G\WMB54G_SetupWizard\WMB54G_20071113\Setup.exe:*:Enabled:Setup"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\IEPro\MiniDM.exe"="C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe"="C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client"
"C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE"="C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program"
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE"="C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service"
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe"="C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe"="C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004"
"C:\Program Files\Macromedia\Contribute 3\Contribute.exe"="C:\Program Files\Macromedia\Contribute 3\Contribute.exe:*:Enabled:Contribute"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe"="C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07e21d83-7b3f-11dc-8b0a-006073e05b18}]
shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{08cb1032-9195-11da-8a23-0013ce332cf0}]
shell\AutoRun\command - E:\JDSecure\Windows\JDSecure31.exe
======File associations======
.js - edit - "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1"
.js - open - "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"
======List of files/folders created in the last 1 months======
2009-02-14 09:44:11 ----D---- C:\rsit
2009-02-13 18:47:15 ----D---- C:\Documents and Settings\mldellafera\Application Data\Malwarebytes
2009-02-13 18:47:03 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-02-13 18:47:02 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-02-11 16:34:18 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-11 16:02:29 ----D---- C:\011a6d442f8a389c7ce4
2009-02-11 16:01:00 ----D---- C:\WINDOWS\SxsCaPendDel
2009-02-09 10:44:54 ----D---- C:\WINDOWS\ERDNT
2009-02-09 10:44:01 ----D---- C:\Program Files\ERUNT
2009-02-06 11:32:41 ----D---- C:\Documents and Settings\mldellafera\Application Data\MiniDm
2009-02-05 21:21:44 ----D---- C:\Program Files\FeedStation
2009-02-05 21:21:39 ----D---- C:\Program Files\FeedDemon
2009-02-05 21:20:03 ----D---- C:\Program Files\IEPro
2009-02-05 21:20:03 ----D---- C:\Documents and Settings\mldellafera\Application Data\IEPro
2009-02-04 15:50:25 ----D---- C:\Program Files\Coupons
2009-01-29 18:29:45 ----A---- C:\WINDOWS\system32\lsdelete.exe
2009-01-29 18:01:32 ----HDC---- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-23 10:50:38 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-01-23 08:10:34 ----D---- C:\Documents and Settings\mldellafera\Application Data\TweetDeckFast.73B3E7AF072990ED6C9064BFA59785ED18ADD5D0.1
2009-01-23 08:10:09 ----D---- C:\Program Files\TweetDeck
2009-01-23 08:10:02 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-01-15 20:52:20 ----D---- C:\Documents and Settings\mldellafera\Application Data\iTSfv
======List of files/folders modified in the last 1 months======
2009-02-14 09:44:16 ----D---- C:\WINDOWS\Temp
2009-02-14 09:43:59 ----D---- C:\WINDOWS\Prefetch
2009-02-14 09:05:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-02-14 08:46:28 ----SD---- C:\WINDOWS\Tasks
2009-02-14 08:35:51 ----RD---- C:\Program Files
2009-02-14 08:35:51 ----D---- C:\WINDOWS\system32
2009-02-13 18:47:07 ----D---- C:\WINDOWS\system32\drivers
2009-02-13 17:37:20 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-02-13 06:32:06 ----D---- C:\WINDOWS\system32\inetsrv
2009-02-13 05:08:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-02-12 19:10:14 ----D---- C:\WINDOWS\system32\FxsTmp
2009-02-12 19:01:46 ----D---- C:\WINDOWS
2009-02-12 18:22:58 ----D---- C:\Program Files\Symantec AntiVirus
2009-02-12 18:22:44 ----A---- C:\WINDOWS\ModemLog_Conexant D110 MDC V.92 Modem.txt
2009-02-11 19:41:36 ----D---- C:\WINDOWS\Microsoft.NET
2009-02-11 19:41:28 ----RSD---- C:\WINDOWS\assembly
2009-02-11 16:39:50 ----D---- C:\Program Files\Internet Explorer
2009-02-11 16:39:49 ----HD---- C:\Config.Msi
2009-02-11 16:39:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 16:35:58 ----HD---- C:\WINDOWS\inf
2009-02-11 16:35:24 ----D---- C:\WINDOWS\ie7updates
2009-02-11 16:35:18 ----HD---- C:\WINDOWS\$hf_mig$
2009-02-11 16:35:01 ----A---- C:\WINDOWS\imsins.BAK
2009-02-11 16:20:01 ----SHD---- C:\WINDOWS\Installer
2009-02-11 16:14:50 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-02-11 16:13:23 ----D---- C:\WINDOWS\WinSxS
2009-02-11 16:04:35 ----D---- C:\WINDOWS\system32\XPSViewer
2009-02-11 16:04:29 ----D---- C:\WINDOWS\system32\en-US
2009-02-11 16:04:21 ----RSD---- C:\WINDOWS\Fonts
2009-02-10 19:04:12 ----D---- C:\WINDOWS\Help
2009-02-10 18:33:53 ----D---- C:\Documents and Settings\mldellafera\Application Data\WeatherBug
2009-02-09 15:39:17 ----A---- C:\WINDOWS\wininit.ini
2009-02-09 08:36:14 ----D---- C:\WINDOWS\Registration
2009-02-09 08:35:57 ----D---- C:\Program Files\Mozilla Firefox
2009-02-09 08:35:09 ----D---- C:\Documents and Settings\mldellafera\Application Data\Mozilla
2009-02-08 13:33:17 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-08 13:18:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-02-08 12:47:37 ----D---- C:\Program Files\Real
2009-02-08 12:47:08 ----D---- C:\Program Files\Rhapsody
2009-02-06 13:53:17 ----SHD---- C:\WINDOWS\CSC
2009-02-04 18:22:42 ----D---- C:\Program Files\Apoint
2009-02-04 12:55:40 ----D---- C:\Documents and Settings\mldellafera\Application Data\AdobeUM
2009-02-03 18:21:12 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-01 12:24:44 ----D---- C:\i386
2009-02-01 12:24:38 ----D---- C:\dell
2009-01-30 07:51:34 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-01-29 18:03:23 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-01-29 18:01:11 ----D---- C:\Program Files\Lavasoft
2009-01-23 08:10:14 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-01-23 08:10:02 ----D---- C:\Program Files\Common Files
2009-01-23 08:09:33 ----D---- C:\Documents and Settings\mldellafera\Application Data\Adobe
2009-01-16 21:35:14 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-01-15 21:26:41 ----D---- C:\Documents and Settings
2009-01-15 07:57:14 ----D---- C:\Documents and Settings\mldellafera\Application Data\PC Magazine Utilities
2009-01-15 07:56:27 ----D---- C:\Program Files\PC Magazine Utilities
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2004-08-18 16128]
R1 AW_HOST;AW_HOST; C:\WINDOWS\system32\drivers\aw_host5.sys [2002-02-11 33496]
R1 awlegacy;awlegacy; C:\WINDOWS\System32\Drivers\awlegacy.sys [2000-09-11 10816]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 NetworkX;NetworkX; C:\WINDOWS\system32\ckldrv.sys [2008-03-17 19584]
R1 RCFOX;SonicWALL IPsec Driver; \??\C:\WINDOWS\system32\Drivers\RCFOX.sys []
R1 SAVRT;SAVRT; \??\C:\Program Files\Symantec AntiVirus\savrt.sys []
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2004-03-11 263616]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.1.0.1; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2005-09-30 17056]
R2 LxrJD31d;LxrJD31d; \??\C:\WINDOWS\system32\Drivers\LxrJD31d.sys []
R2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys [2007-03-27 8413]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2004-03-17 13059]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2004-08-31 11354]
R2 SAVRTPEL;SAVRTPEL; \??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys []
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2004-11-16 108791]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-05-13 1132544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2004-05-26 44928]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2003-07-24 139604]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2008-04-17 15464]
R3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2005-10-21 49920]
R3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2005-10-21 16496]
R3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2005-10-22 21568]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.SYS [2005-05-03 1033728]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys [2005-05-03 208384]
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP; C:\WINDOWS\system32\DRIVERS\iwca.sys [2004-08-12 234496]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\naveng.sys []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20090213.003\navex15.sys []
R3 rcvpn;SonicWALL VPN Adapter; C:\WINDOWS\system32\DRIVERS\rcvpn.sys [2003-08-20 23180]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 STAC97;SigmaTel C-Major Audio; C:\WINDOWS\system32\drivers\STAC97.sys [2005-03-10 273168]
R3 SymEvent;SymEvent; \??\C:\Program Files\Symantec\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2004-03-11 16288]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP; C:\WINDOWS\system32\DRIVERS\w29n51.sys [2004-10-21 3210496]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-05-03 705408]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
S1 omci;OMCI WDM Device Driver; C:\WINDOWS\system32\DRIVERS\omci.sys [2004-02-13 17153]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 cmvad;C-Media Wi-Sonic Wireless Audio Interface; C:\WINDOWS\system32\drivers\cmudaxv.sys []
S3 DSKACT2;DSKACT2; \??\C:\DOCUME~1\MLDELL~4\LOCALS~1\Temp\DSKACT2.SYS []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 HSF_DP;HSF_DP; C:\WINDOWS\system32\DRIVERS\HSF_DP.sys [2004-06-17 1041536]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2004-01-09 16509]
S3 PCASp50;PCASp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\PCASp50.sys []
S3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2005-06-10 21760]
S3 slabbus;CP2101 USB Composite Device driver (WDM); C:\WINDOWS\system32\DRIVERS\slabbus.sys [2004-03-25 52384]
S3 slabser;CP2101 USB to UART Bridge Controller Drivers; C:\WINDOWS\system32\DRIVERS\slabser.sys [2004-03-25 84512]
S3 umpusbxp;BodyMedia Serial Port Driver; C:\WINDOWS\system32\DRIVERS\umpusbxp.sys [2005-11-09 75584]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 Ar1trmp;Ar1trmp; C:\WINDOWS\system32\drivers\Ar1trmp.sys []
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-04 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-05-13 364544]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [2004-02-29 255096]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [2004-02-29 242808]
R2 Crypkey License;Crypkey License; C:\WINDOWS\system32\crypserv.exe [2008-05-07 122880]
R2 DefWatch;Symantec AntiVirus Definition Watcher; C:\Program Files\Symantec AntiVirus\DefWatch.exe [2004-03-12 29928]
R2 EvtEng;EvtEng; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2004-09-07 86016]
R2 IISADMIN;IIS Admin; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-12-19 152984]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-29 950096]
R2 LxrJD31s;Lexar JD31; C:\WINDOWS\system32\LxrJD31s.exe [2008-12-26 71168]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [2005-03-03 356352]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 RegSrvc;RegSrvc; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2004-09-07 139264]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2004-09-07 360521]
R2 SMTPSVC;Simple Mail Transfer Protocol (SMTP); C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 SQLWriter;SQL Server VSS Writer; c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2007-02-10 89968]
R2 Symantec AntiVirus;Symantec AntiVirus; C:\Program Files\Symantec AntiVirus\Rtvscan.exe [2004-03-12 1221864]
R2 W3SVC;World Wide Web Publishing; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-13 15360]
R2 WLANKEEPER;WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [2004-09-07 225353]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2006-02-15 72704]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872]
S2 DWMRCS;DameWare Mini Remote Control; C:\WINDOWS\SYSTEM32\DWRCS.EXE -service []
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 182768]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 awhost32;pcAnywhere Host Service; C:\Program Files\Symantec\pcAnywhere\awhost32.exe [2002-02-15 114749]
S3 ccPwdSvc;Symantec Password Validation; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [2004-02-29 87160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2007-05-14 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Macromedia Licensing Service;Macromedia Licensing Service; C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [2005-11-09 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RampartSvc;SonicWall VPN Client Service; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [2004-08-16 114786]
S3 SavRoam;SAVRoam; C:\Program Files\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 SNDSrvc;Symantec Network Drivers Service; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [2004-03-11 193760]
S3 SQLBrowser;SQL Server Browser; c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
mlleeder
2009-02-14, 17:13
info.txt logfile of random's system information tool 1.05 2009-02-14 09:44:44
======Uninstall list======
-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->MsiExec.exe /I{688A3383-3CE7-4094-9188-9C39D1E4FCB6}
-->MsiExec.exe /I{F543B12A-13F5-487E-9314-F7D25E1BBE3E}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
1-Click Answers-->C:\Program Files\1-Click Answers\Answers.exe /Un
7-Zip 4.57-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Acrobat 7.1.0 Professional-->msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color Common Settings-->MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}
Adobe Color EU Extra Settings-->MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Recommended Settings-->MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Illustrator CS3-->C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exe
Adobe Illustrator CS3-->MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe PhotoDeluxe 2.0-->C:\WINDOWS\uninst.exe -f"C:\Program Files\PhotoDeluxe 2.0\DeIsL1.isu"
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Setup-->MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}
Adobe Stock Photos 1.0-->MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
AIM Pro-->MsiExec.exe /X{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AvantGo Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A90DCEC1-22DE-11D4-B8A9-0050DAB648C6}\setup.exe" -l0x9 CP
Avery Wizard 3.0-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{6B10045E-6789-49C4-BFED-52575F5B76BF}
AviSynth 2.5-->"C:\Program Files\AviSynth 2.5\Uninstall.exe"
BitZipperSearch Toolbar-->C:\PROGRA~1\BITZIP~2\UNWISE.EXE C:\PROGRA~1\BITZIP~2\INSTALL.LOG
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Broadcom Management Programs 2-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{64A77F14-0E08-4A97-A859-E93CFF428756} /l1033
Business Plan Pro 2006-->MsiExec.exe /X{6450335D-D87C-4003-812F-7E879866A74E}
Canon PhotoRecord-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoRecord\Uninst.isu" -c"C:\Program Files\Canon\PhotoRecord\Program\uninstdll.dll"
Canon PowerShot A40 WIA Driver-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PowerShot A40 WIA\Uninst.isu" -c"C:\Program Files\Canon\PowerShot A40 WIA\UNSTD113.dll"
Canon S530D-->C:\WINDOWS\system32\CNMCP43.EXE -@C:\WINDOWS\IsUninst.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S530D Installer\Inst\DeIsL2.isu" -pCanon S530D-c"C:\BJPrinter\CNMWINDOWS\Canon S530D Installer\Inst\bjinst.dll
Canon Utilities Easy-PhotoPrint-->C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Canon\Easy-PhotoPrint\Uninst.isu" -c"C:\Program Files\Canon\Easy-PhotoPrint\EZUNINST.DLL"
Canon Utilities PhotoStitch 3.1-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\PhotoStitch\Uninst.isu"
Canon Utilities RAW Image Converter-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RAW Image Converter\Uninst.isu"
Canon Utilities RemoteCapture 2.2-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\RemoteCapture\Uninst.isu"
Canon Utilities ZoomBrowser EX-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Canon\ZoomBrowser EX\Uninst.isu" -c"C:\Program Files\Canon\ZoomBrowser EX\Program\uninstallutilities.dll"
CCM5011 version 5-->"C:\Program Files\Malsoft\ccm\unins000.exe"
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Coupon Printer for Windows-->"C:\Program Files\Coupons\uninstall.exe" "/U:C:\Program Files\Coupons\Uninstall\uninstall.xml"
CP2101 USB to UART Bridge Controller-->C:\WINDOWS\system32\uninstall.exe C:\WINDOWS\system32\uninstall.ini
DameWare NT Utilities-->MsiExec.exe /I{5C22BC85-450C-43F1-A3E7-75843031F40C}
DameWare NT Utilities-->MsiExec.exe /I{8D9FA93D-7899-4C3F-B78C-17A0B1F68E62}
Dell Digital Jukebox Driver-->C:\Program Files\Dell\Digital Jukebox Drivers\DrvUnins.exe /s
Dell Media Experience-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.exe" -uninstall
Dell Picture Studio v3.0-->MsiExec.exe /I{AF06CAE4-C134-44B1-B699-14FBDB63BD37}
Dell Support 3.1-->MsiExec.exe /X{548EEA8E-8299-497F-8057-811D2D7097DC}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Documents To Go-->MsiExec.exe /X{666733A8-48DB-471C-A17F-80C64C96B88D}
EarthLink setup files-->MsiExec.exe /X{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
FeedDemon-->"C:\Program Files\FeedDemon\unins000.exe"
FeedStation-->"C:\Program Files\FeedStation\unins000.exe"
ffdshow (remove only)-->"C:\Program Files\ffdshow\uninstall.exe"
FinePrint-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpinst5.exe /uninstall
GdiplusUpgrade-->MsiExec.exe /I{5421155F-B033-49DB-9B33-8F80F233D4D5}
Get High Speed Internet!-->MsiExec.exe /I{7A3F0566-5E05-4919-9C98-456F6B5CF831}
Google Earth-->MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
GuruNet-->C:\PROGRA~1\GuruNet\GNUninst.exe C:\PROGRA~1\GuruNet\INSTALL.LOG
HijackThis 2.0.2-->"C:\Documents and Settings\mldellafera\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344)-->"C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Extended Capabilities 4.7-->C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 4.7-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
hp LaserJet 4200 Uninstaller-->C:\Program Files\Hewlett-Packard\LJ4200\Uninstall\unhp.exe ciuninst.ini
HP Product Assistant-->MsiExec.exe /I{36FDBE6E-6684-462B-AE98-9A39A1B200CC}
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Update-->MsiExec.exe /X{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}
IE7Pro-->C:\Program Files\IEPro\uninst.exe
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
InstaBack 1.0-->"C:\Program Files\PC Magazine Utilities\InstaBack\unins000.exe"
Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe
Intellisync for Verizon iobi-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{862F30A1-EC84-4F8E-AED0-43326DE35F0A}\Setup.exe" -l0x9 VerizonUninstall
Internal Network Card Power Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F528948-0E80-4C96-B455-DE4167CB1DF7}\setup.exe" -l0x9 UNINSTALL APPDRVNT4
Internet Explorer Default Page-->MsiExec.exe /I{35BDEFF1-A610-4956-A00D-15453C116395}
iTSfv 5.60.24.1 BETA-->"C:\Documents and Settings\mldellafera\My Documents\Applications\iTSfv\unins000.exe"
iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371}
J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Jasc Paint Shop Photo Album 5-->MsiExec.exe /I{4192EAC0-6B36-4723-B216-D0E86E7757AC}
Jasc Paint Shop Pro Studio, Dell Editon-->MsiExec.exe /I{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}
Java 2 Runtime Environment, SE v1.4.2_03-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Java(TM) SE Runtime Environment 6 Update 1-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
JD Secure 3.1-->C:\WINDOWS\System32\JDSecure31.exe /u
KeySuite (TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8B76CB9B-3204-4AFF-8C1B-8C4896D70000}\Setup.exe" -l0x9 UNINSTALLING
Kinko's File Prep Tool-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{39245BB8-10C3-4348-BE83-D23138080341}\Setup.exe" -Uninstall
Kybtec World Clock 3.3.1.1-->MsiExec.exe /I{25D4A6A6-BFBF-49AF-89CA-635A468B0515}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE
LiveUpdate 2.0 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Dreamweaver 8-->MsiExec.exe /I{0837A661-FEC3-48B3-876C-91E7D32048A9}
Macromedia Dreamweaver MX 2004-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}\Setup.exe" -l0x9 mmUninstall
Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Malsoft CCM 5-->C:\WINDOWS\UnDeploy.exe "C:\Program Files\Malsoft\CCM\Deploy.log"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
mCore-->MsiExec.exe /I{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}
mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
MetaFrame Presentation Server Client-->MsiExec.exe /I{2C42ED1E-6315-4E63-89E6-057EA114EBB8}
mHlpDell-->MsiExec.exe /I{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Base Smart Card Cryptographic Service Provider Package-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Meeting 2005-->MsiExec.exe /I{5E8858EC-6B09-4939-99F2-5678073A0327}
Microsoft Office Live Meeting 2007-->MsiExec.exe /I{E3CD4EA8-68BB-46E8-9E79-20A417A82C53}
Microsoft Office Project Professional 2003-->MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio MUI (English) 2007-->MsiExec.exe /X{90120000-0054-0409-0000-0000000FF1CE}
Microsoft Office Visio Professional 2007 Trial-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall VISPROR /dll OSETUP.DLL
Microsoft Office Visio Professional 2007-->MsiExec.exe /X{91120000-0051-0000-0000-0000000FF1CE}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 (SQLEXPRESS)-->MsiExec.exe /I{B0F9497C-52B4-4686-8E73-74D866BBDF59}
Microsoft SQL Server 2005-->"c:\Program Files\Microsoft SQL Server\90\Setup Bootstrap\ARPWrapper.exe" /Remove
Microsoft SQL Server Management Studio Express-->MsiExec.exe /I{20608BFA-6068-48FE-A410-400F2A124C27}
Microsoft SQL Server Native Client-->MsiExec.exe /I{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Vista Upgrade Advisor-->MsiExec.exe /I{962DE60D-D080-4E77-BD0C-F97A179C50B7}
mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mIWCA-->MsiExec.exe /I{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}
mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
MobileMe Control Panel-->MsiExec.exe /I{924EB80F-C2BB-4B9F-8412-88BBA937393F}
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
Mozilla Firefox (3.0.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MSN Toolbar-->MsiExec.exe /I{10C69612-017B-45F5-B986-7D113D5A2EA3}
MSN-->C:\Program Files\MSN\MsnInstaller\msninst.exe /Action:ARP
mSSO-->MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit-->MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401}
MyFax SendFax Outlook Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{71009363-B52E-4E12-8CB1-B53D05F710BD}\Setup.exe" -l0x9
MyWay Search Assistant-->MsiExec.exe /X{E7559288-223B-453C-9F06-340E3BE21E39}
mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NaturalReader-->MsiExec.exe /I{E8B11B05-5D7C-479B-95F0-71E311FB7982}
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NetZeroInstallers-->MsiExec.exe /X{352310C3-E46B-42D3-8F32-54721FDD72D9}
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenOffice.org Installer 1.0-->MsiExec.exe /X{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}
Opera 9.26-->MsiExec.exe /X{FB706A00-C234-4716-AB1F-27DCB192C664}
Palm Desktop-->MsiExec.exe /X{D30F886A-8CFB-4515-AFEC-A34C3E7D2CA8}
Palm Desktop-->MsiExec.exe /X{E89D78B8-28F7-412F-8B26-C684739CBBDC}
Palo Alto Software's Application Manager 8.2-->MsiExec.exe /X{BAD00139-E284-4F6C-AA94-FB637462DEEB}
PaulVoice-->MsiExec.exe /I{4E223C50-BBB0-4645-89C5-694A765FEF60}
PC Magazine ButtonBoogie 2.1.1-->"C:\Program Files\PC Magazine Utilities\ButtonBoogie\unins000.exe"
PC Magazine Defrag-A-File 2.0.2-->"C:\Program Files\PC Magazine Utilities\Defrag-A-File\unins000.exe"
PC Magazine DiskAction v2.4-->"C:\Program Files\PC Magazine Utilities\DiskAction 2\unins000.exe"
PC Magazine DiskPie Pro-->"C:\Program Files\PC Magazine Utilities\DiskPiePro\unins000.exe"
PC Magazine File Utility Pack-->"C:\Program Files\PC Magazine Utilities\File Utility Pack\unins000.exe"
PC Magazine InstaBack 2.0-->"C:\Program Files\PC Magazine Utilities\InstaBack 2\unins000.exe"
PC Magazine NoteWhen 2.0-->"C:\Program Files\PC Magazine Utilities\NoteWhen\unins000.exe"
PC Magazine TaskPower 3-->"C:\Program Files\PC Magazine Utilities\TaskPower\unins000.exe"
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
pdfFactory Pro-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppinst3.exe /uninstall
PM FASTrack® 5.2.1-->C:\Program Files\PM FASTrack®\uninst.exe
PowerDVD 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
Qualxserve Service Agreement-->MsiExec.exe /X{0F756CD9-4A1E-409B-B101-601DDC4C03AA}
QuickBooks Pro 2006-->msiexec.exe /I {688A3383-3CE7-4094-9188-9C39D1E4FCB6} UNIQUE_NAME="pro" QBFULLNAME="QuickBooks Pro 2006" ADDREMOVE=1
QuickBooks Simple Start Special Edition-->msiexec.exe /I {F543B12A-13F5-487E-9314-F7D25E1BBE3E} UNIQUE_NAME="atomlimited" QBFULLNAME="QuickBooks Simple Start Special Edition" ADDREMOVE=1
Quicken 2006-->MsiExec.exe /X{2818095F-FB6C-42C8-827E-0A406CC9AFF5}
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL APPDRVNT4 - ALL
QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Serif PagePlus 9.0 Resource CD-ROM-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8E263CF8-3864-4041-9AFF-5DF8CDACFB3E}\Setup.exe" -l0x9
Serif PagePlus 9.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCA541B4-00B4-4D20-B38D-6623BF2F68BF}\Setup.exe" -l0x9
ShotSender 1.0-->"C:\Program Files\PC Magazine Utilities\ShotSender\unins000.exe"
SkyCaddie Desktop-->"C:\Program Files\SkyGolf\SkyCaddie Desktop\UninstSkyCaddie.exe"
SmartDraw 2008-->C:\PROGRA~1\SMARTD~2\UNWISE.EXE C:\PROGRA~1\SMARTD~2\INSTALL.LOG
SmartFTP Client 2.0-->MsiExec.exe /I{C169D3BB-9A27-43F5-9979-09A0D65FE95C}
Sonic Audio module-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic MyDVD LE-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicWALL Global VPN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}\setup.exe" -l0x9 -FromCPL
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Symantec AntiVirus-->MsiExec.exe /I{848AC794-8B81-440A-81AE-6474337DB527}
Symantec pcAnywhere-->MsiExec.exe /I{D05E8183-866A-11D3-97DF-0000F8D8F2E9}
Time Zone Clock V2.0-->"C:\Program Files\Time Zone Clock V2.0\unins000.exe"
Time Zone Data Update Tool for Microsoft Office Outlook-->MsiExec.exe /X{95120000-0038-0409-0000-0000000FF1CE}
TimePanic-->MsiExec.exe /I{99A595FB-8449-4442-ACC5-B0D2E95B1849}
TweetDeck-->MsiExec.exe /X{9728CCF8-D40B-4DB9-2C48-D34C2392AEE9}
Update for Windows XP (KB943729)-->"C:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Verizon iobi-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{57CB4859-8E9F-4482-983D-BC34C2F0B85A} UNINSTALL
Video Converter 3-->C:\Program Files\Xilisoft\Video Converter 3\Uninstall.exe
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
WebCyberCoach 3.2 Dell-->"C:\Program Files\WebCyberCoach\b_Dell\WCC_Wipe.exe" "WebCyberCoach ext\wtrb" /inf "engine.inf,RealUninstallSection,,4" /infcfg "enginecf.inf,RealUninstallSection,,4"
WebEx-->C:\WINDOWS\DOWNLO~1\atcliun.exe
WebIQ Client Software-->C:\WINDOWS\system32\WebIQInstall.exe /u
Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)-->rundll32.exe C:\PROGRA~1\DIFX\7AA84A78695B31A503D9537A76801D74E0FD14BD\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\WINDOWS\system32\DRVSTORE\RoundTable_F29D632BDCC1844B9B7688A0A4B4DA9E716B76FF\RoundTable.inf
Windows Genuine Advantage v1.3.0254.0-->MsiExec.exe /I{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Messenger 5.0-->MsiExec.exe /I{ABEB838C-A1A7-4C5D-B7E1-8B4314B10138}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Workstation-->C:\IDEAFISH\Uninstal.exe
======Hosts File======
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
======Security center information======
AV: Lavasoft Ad-Watch Live! Anti-Virus
System event log
Computer Name: MARYLOU
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.
Record Number: 245164
Source Name: Service Control Manager
Time Written: 20081227171224.000000-300
Event Type: information
User: MARYLOU\mldellafera
Computer Name: MARYLOU
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.
Record Number: 245163
Source Name: Service Control Manager
Time Written: 20081227171223.000000-300
Event Type: information
User:
Computer Name: MARYLOU
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the running state.
Record Number: 245162
Source Name: Service Control Manager
Time Written: 20081227171223.000000-300
Event Type: information
User:
Computer Name: MARYLOU
Event Code: 7035
Message: The Pml Driver HPZ12 service was successfully sent a start control.
Record Number: 245161
Source Name: Service Control Manager
Time Written: 20081227171223.000000-300
Event Type: information
User: MARYLOU\mldellafera
Computer Name: MARYLOU
Event Code: 7036
Message: The Pml Driver HPZ12 service entered the stopped state.
Record Number: 245160
Source Name: Service Control Manager
Time Written: 20081227171222.000000-300
Event Type: information
User:
Application event log
Computer Name: MARYLOU
Event Code: 6
Message:
Could not scan 1 files inside C:\Documents and Settings\mldellafera\My Documents\Development\bonusbooksfolder2\Zip bonusbooksfolder2\The-Master-Key-System.zip due to extraction errors encountered by the Decomposer Engines.
Record Number: 397261
Source Name: Symantec AntiVirus
Time Written: 20090211025245.000000-300
Event Type: warning
User:
Computer Name: MARYLOU
Event Code: 6
Message:
Could not scan 1 files inside C:\Documents and Settings\mldellafera\My Documents\Development\bonusbooksfolder1\Zip bonusbooksfolder1\bywaystoblessedness.zip due to extraction errors encountered by the Decomposer Engines.
Record Number: 397260
Source Name: Symantec AntiVirus
Time Written: 20090211025244.000000-300
Event Type: warning
User:
Computer Name: MARYLOU
Event Code: 6
Message:
Could not scan 1 files inside C:\Documents and Settings\mldellafera\My Documents\Development\bonusbooksfolder1\Zip bonusbooksfolder1\artandscienceofpersonalmagnetism.zip due to extraction errors encountered by the Decomposer Engines.
Record Number: 397259
Source Name: Symantec AntiVirus
Time Written: 20090211025243.000000-300
Event Type: warning
User:
Computer Name: MARYLOU
Event Code: 6
Message:
Could not scan 1 files inside C:\Documents and Settings\mldellafera\My Documents\Development\bonusbooksfolder1\Zip bonusbooksfolder1\AbundanceSubliminals.zip due to extraction errors encountered by the Decomposer Engines.
Record Number: 397258
Source Name: Symantec AntiVirus
Time Written: 20090211025243.000000-300
Event Type: warning
User:
Computer Name: MARYLOU
Event Code: 6
Message:
Could not scan 1 files inside C:\Documents and Settings\mldellafera\My Documents\Cyberlink\DRP ebook Tech Republic.zip due to extraction errors encountered by the Decomposer Engines.
Record Number: 397257
Source Name: Symantec AntiVirus
Time Written: 20090211025241.000000-300
Event Type: warning
User:
======Environment variables======
"ASLOGDIR"=C:\Program Files\Intuit\QuickBooks 2006\
"CLASSPATH"=.;C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc.jar;C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=1
"OS"=Windows_NT
"Path"=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Symantec\pcAnywhere\;C:\Program Files\Common Files\Adobe\AGL;c:\Program Files\Microsoft SQL Server\90\Tools\binn\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 13 Stepping 8, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0d08
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"QTJAVA"=C:\Program Files\Java\jre1.6.0_07\lib\ext\QTJava.zip
-----------------EOF-----------------
mlleeder
2009-02-14, 17:56
Just re-booted my computer, and Google Search now works properly - what a relief!
Also, sorry for having to use multiple replies, but when I tried to put all the logs in one reply, I got a notification that I had to reduce the size to 160000 characters from 192000 (not sure these were the exact numbers). So, I decided to break them up by log.
If that's difficult to work with, just advise me how you would prefer to see them.
Thanks again, I'll keep watching for your posts re next steps. Hope you're having a good weekend!
mlleeder
2009-02-14, 18:31
Sorry for the bad info in the last post. Maybe I imagined it, but it actually seemed to work properly after I initially rebooted. Maybe not..
Anyway, the search links are again unrelated to the content found.
I realize, of course, that we aren't finished (but I thought I might be able to use Google/IE7 in the meantime).
No problem; I look forward to your next instructions!
Hi mlleeder
Please download OTScanIt2 from Geeks to Go (http://oldtimer.geekstogo.com/OTScanIt2.exe) or Bleeping Computer (http://download.bleepingcomputer.com/oldtimer/OTScanIt2.exe). Save it to your desktop.
Double click on OTScanIt2.exe to run it.
Click on Extract. Once done, you will be prompted. Click OK and click Close.
Double click on the OTScanIt2 folder. Double click on OTScanIt2.exe to run it.
Under Rookit Search, select Yes.
Click on Run Scan at the top left hand corner.
When done, Notepad will open. Please post this log in your next reply.
Thanks peku006
mlleeder
2009-02-14, 21:15
Thanks for your quick reply.
I will paste the log in the next reply. It may need to be 2 replies; the forum message I'm receiving is:
"The following errors occurred with your submission:
The text that you have entered is too long (187297 characters). Please shorten it to 64000 characters long."
I thought I was getting it because I was trying to preview, but it won't let me submit either. So, I'll work around it. Sure hope I'm not doing something wrong.....
Below is info on another Norton message I received while ScanIt was running (I believe) - from Norton's AutoProtect Scan - text below:
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan Horse
File: C:\WINDOWS\TEMP\77.tmp
Location: Quarantine
Computer: MARYLOU
User: SYSTEM
Action taken: Quarantine succeeded : Access denied
Date found: Saturday, February 14, 2009 1:25:13 PM
Was 77.tmp related to OTScanit2? If so, let me know if I need to disable Norton and/or AdAware, both of which are resident.
mlleeder
2009-02-14, 21:34
[code]
OTScanIt2 logfile created on: 2/14/2009 1:21:02 PM - Run 1
OTScanIt2 by OldTimer - Version 1.0.7.1 Folder = C:\Documents and Settings\mldellafera\Desktop\OTScanIt2
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1023.40 Mb Total Physical Memory | 201.84 Mb Available Physical Memory | 19.72% Memory free
2.40 Gb Paging File | 1.51 Gb Available in Paging File | 62.71% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072;
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.99 Gb Total Space | 11.09 Gb Free Space | 15.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive Z: | 70.99 Gb Total Space | 11.09 Gb Free Space | 15.62% Space Free | Partition Type: *NT5CSC
Computer Name: MARYLOU
Current User Name: mldellafera
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Whitelist: On
File Age = 30 Days
[Processes - Safe List]
1xconfig.exe -> %ProgramFiles%\Intel\Wireless\Bin\1XConfig.exe -> [2004/09/07 16:03:40 | 00,245,760 | ---- | M] (Intel)
aawservice.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/01/29 18:02:48 | 00,950,096 | ---- | M] (Lavasoft)
aawtray.exe -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/01/29 18:02:49 | 00,509,784 | ---- | M] (Lavasoft)
acrotray.exe -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe -> [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.)
agtserv.exe -> %ProgramFiles%\1-Click Answers\agtserv.exe -> [2005/12/14 15:11:26 | 00,020,480 | ---- | M] (Answers Corporation)
answers.exe -> %ProgramFiles%\1-Click Answers\answers.exe -> [2005/12/14 15:12:46 | 00,647,168 | ---- | M] (Answers Corporation)
apntex.exe -> %ProgramFiles%\Apoint\ApntEx.exe -> [2004/08/19 14:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.)
apoint.exe -> %ProgramFiles%\Apoint\Apoint.exe -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.)
ati2evxx.exe -> %SystemRoot%\system32\ati2evxx.exe -> [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.)
atiptaxx.exe -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe -> [2005/05/12 21:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
buttonboogie.exe -> %ProgramFiles%\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe -> [2007/06/06 08:19:24 | 00,303,104 | ---- | M] (Ziff Davis Media, Inc.)
ccapp.exe -> %CommonProgramFiles%\Symantec Shared\ccApp.exe -> [2004/02/29 16:44:46 | 00,066,680 | ---- | M] (Symantec Corporation)
ccevtmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2004/02/29 16:44:48 | 00,255,096 | ---- | M] (Symantec Corporation)
ccsetmgr.exe -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation)
cidaemon.exe -> %SystemRoot%\system32\cidaemon.exe -> [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
cidaemon.exe -> %SystemRoot%\system32\cidaemon.exe -> [2004/08/04 07:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation)
crypserv.exe -> %SystemRoot%\system32\Crypserv.exe -> [2008/05/07 18:29:38 | 00,122,880 | ---- | M] (CrypKey (Canada) Ltd.)
defwatch.exe -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation)
dvdlauncher.exe -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe -> [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
dvzincmsgr.exe -> %CommonProgramFiles%\DataViz\DvzIncMsgr.exe -> [2005/12/15 13:34:59 | 00,024,576 | ---- | M] ()
evteng.exe -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
fpdisp5a.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\fpdisp5a.exe -> [2007/11/07 11:41:39 | 00,507,904 | ---- | M] (FinePrint Software, LLC)
fppdis3a.exe -> %SystemRoot%\system32\spool\drivers\w32x86\3\fppdis3a.exe -> [2007/11/07 11:39:35 | 00,507,904 | ---- | M] (FinePrint Software, LLC)
googletoolbarnotifier.exe -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/06/29 23:59:26 | 00,068,856 | ---- | M] (Google Inc.)
googleupdaterservice.exe -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/01/07 12:38:47 | 00,182,768 | ---- | M] (Google)
hotsync.exe -> %ProgramFiles%\Palm\HOTSYNC.EXE -> [2004/01/09 11:34:50 | 00,299,008 | ---- | M] (Palm, Inc.)
hpqgalry.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqgalry.exe -> [2004/11/04 19:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.)
hpqtra08.exe -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2004/11/04 19:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.)
hpwuschd2.exe -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
hpzipm12.exe -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
iexplore.exe -> %ProgramFiles%\Internet Explorer\iexplore.exe -> [2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
ifrmewrk.exe -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe -> [2004/10/30 14:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
inetinfo.exe -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
instaback.exe -> %ProgramFiles%\PC Magazine Utilities\InstaBack\InstaBack.exe -> [2006/09/24 12:35:28 | 01,525,248 | ---- | M] (Ziff Davis Media Inc.)
ipodservice.exe -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
issch.exe -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe -> [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
ituneshelper.exe -> %ProgramFiles%\iTunes\iTunesHelper.exe -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
jqs.exe -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/19 14:24:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> %ProgramFiles%\Java\jre6\bin\jusched.exe -> [2008/12/19 14:24:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
lxrjd31s.exe -> %SystemRoot%\system32\LxrJD31s.exe -> [2008/12/26 21:47:26 | 00,071,168 | ---- | M] ()
mdm.exe -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
mdnsresponder.exe -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
nicconfigsvc.exe -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2009/01/26 12:13:22 | 00,485,376 | ---- | M] (OldTimer Tools)
outlook.exe -> %ProgramFiles%\Microsoft Office\OFFICE11\OUTLOOK.EXE -> [2005/07/05 14:14:27 | 00,196,296 | ---- | M] (Microsoft Corporation)
pcmservice.exe -> %ProgramFiles%\Dell\Media Experience\PCMService.exe -> [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.)
point32.exe -> %ProgramFiles%\Microsoft IntelliPoint\point32.exe -> [2005/06/10 04:21:01 | 00,217,088 | ---- | M] (Microsoft Corporation)
quickset.exe -> %ProgramFiles%\Dell\QuickSet\quickset.exe -> [2005/03/04 11:26:08 | 00,606,208 | ---- | M] ()
regsrvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
rtvscan.exe -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> [2004/03/12 15:17:46 | 01,221,864 | ---- | M] (Symantec Corporation)
s24evmon.exe -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
searchfilterhost.exe -> %SystemRoot%\system32\searchfilterhost.exe -> [2008/05/26 22:17:56 | 00,087,552 | ---- | M] (Microsoft Corporation)
searchindexer.exe -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
searchprotocolhost.exe -> %SystemRoot%\system32\searchprotocolhost.exe -> [2008/05/26 22:18:18 | 00,184,832 | ---- | M] (Microsoft Corporation)
sqlservr.exe -> %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation)
sqlwriter.exe -> %ProgramFiles%\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation)
ssonsvr.exe -> %ProgramFiles%\Citrix\ICA Client\ssonsvr.exe -> [2004/02/21 00:08:54 | 00,016,656 | ---- | M] ()
unsecapp.exe -> %SystemRoot%\system32\wbem\unsecapp.exe -> [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation)
vptray.exe -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe -> [2004/03/12 15:18:32 | 00,124,128 | ---- | M] (Symantec Corporation)
weather.exe -> %ProgramFiles%\AWS\WeatherBug\Weather.exe -> [2005/04/25 16:03:00 | 01,339,392 | ---- | M] (AWS Convergence Technologies, Inc.)
wlkeeper.exe -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
wmiprvse.exe -> %SystemRoot%\system32\wbem\wmiprvse.exe -> [2008/04/13 19:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation)
zcfgsvc.exe -> %ProgramFiles%\Intel\Wireless\Bin\ZCfgSvc.exe -> [2004/09/07 16:08:02 | 00,389,120 | ---- | M] (Intel Corporation)
[Win32 Services - Safe List]
(Adobe LM Service) Adobe LM Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Adobe Systems Shared\Service\Adobelmsvc.exe -> [2006/02/15 16:38:12 | 00,072,704 | ---- | M] (Adobe Systems)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.)
(aspnet_state) ASP.NET State Service [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation)
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %SystemRoot%\system32\ati2evxx.exe -> [2005/05/13 02:43:50 | 00,364,544 | ---- | M] (ATI Technologies Inc.)
(awhost32) pcAnywhere Host Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec\pcAnywhere\AWHOST32.EXE -> [2002/02/15 10:51:00 | 00,114,749 | ---- | M] (Symantec Corporation)
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(ccEvtMgr) Symantec Event Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccEvtMgr.exe -> [2004/02/29 16:44:48 | 00,255,096 | ---- | M] (Symantec Corporation)
(ccPwdSvc) Symantec Password Validation [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\ccPwdSvc.exe -> [2004/02/29 16:44:52 | 00,087,160 | ---- | M] (Symantec Corporation)
(ccSetMgr) Symantec Settings Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Symantec Shared\ccSetMgr.exe -> [2004/02/29 16:44:54 | 00,242,808 | ---- | M] (Symantec Corporation)
(clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation)
(Crypkey License) Crypkey License [Win32_Own | Auto | Running] -> %SystemRoot%\system32\Crypserv.exe -> [2008/05/07 18:29:38 | 00,122,880 | ---- | M] (CrypKey (Canada) Ltd.)
(DefWatch) Symantec AntiVirus Definition Watcher [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\DefWatch.exe -> [2004/03/12 15:17:10 | 00,029,928 | ---- | M] (Symantec Corporation)
(DWMRCS) DameWare Mini Remote Control [Win32_Own | Auto | Stopped] -> -> File not found
(EvtEng) EvtEng [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\EvtEng.exe -> [2004/09/07 16:02:40 | 00,086,016 | ---- | M] (Intel Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2007/05/14 14:41:33 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -> [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Win32_Own | Auto | Running] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/01/07 12:38:47 | 00,182,768 | ---- | M] (Google)
(helpsvc) Help and Support [Win32_Shared | Auto | Running] -> %SystemRoot%\pchealth\helpctr\binaries\pchsvc.dll -> [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation)
(IDriverT) InstallDriver Table Manager [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -> [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation)
(IISADMIN) IIS Admin [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> %ProgramFiles%\iPod\bin\iPodService.exe -> [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.)
(JavaQuickStarterService) Java Quick Starter [Win32_Own | Auto | Running] -> %ProgramFiles%\Java\jre6\bin\jqs.exe -> [2008/12/19 14:24:40 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWService.exe -> [2009/01/29 18:02:48 | 00,950,096 | ---- | M] (Lavasoft)
(LxrJD31s) Lexar JD31 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\LxrJD31s.exe -> [2008/12/26 21:47:26 | 00,071,168 | ---- | M] ()
(Macromedia Licensing Service) Macromedia Licensing Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Macromedia Shared\Service\Macromedia Licensing.exe -> [2005/11/09 12:28:10 | 00,069,632 | ---- | M] (Macromedia)
(MDM) Machine Debug Manager [Win32_Own | Auto | Running] -> %CommonProgramFiles%\Microsoft Shared\VS7DEBUG\MDM.EXE -> [2003/06/19 22:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation)
(MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2007/02/10 04:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Win32_Own | Disabled | Stopped] -> %ProgramFiles%\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2005/10/14 01:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation)
(NetTcpPortSharing) Net.Tcp Port Sharing Service [Win32_Shared | Disabled | Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -> [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation)
(NICCONFIGSVC) NICCONFIGSVC [Win32_Own | Auto | Running] -> %ProgramFiles%\Dell\NicConfigSvc\NicConfigSvc.exe -> [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(Pml Driver HPZ12) Pml Driver HPZ12 [Win32_Own | Auto | Running] -> %SystemRoot%\system32\HPZipm12.exe -> [2007/08/09 02:27:52 | 00,073,728 | ---- | M] (HP)
(RampartSvc) SonicWall VPN Client Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -> [2004/08/16 17:03:50 | 00,114,786 | ---- | M] (SonicWALL, Inc.)
(RegSrvc) RegSrvc [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\RegSrvc.exe -> [2004/09/07 16:02:04 | 00,139,264 | ---- | M] (Intel Corporation)
(S24EventMonitor) Spectrum24 Event Monitor [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\S24EvMon.exe -> [2004/09/07 16:05:10 | 00,360,521 | ---- | M] (Intel Corporation )
(SavRoam) SavRoam [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Symantec AntiVirus\SavRoam.exe -> [2004/03/12 15:18:06 | 00,169,192 | ---- | M] (symantec)
(SMTPSVC) Simple Mail Transfer Protocol (SMTP) [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(SNDSrvc) Symantec Network Drivers Service [Win32_Own | On_Demand | Stopped] -> %CommonProgramFiles%\Symantec Shared\SNDSrvc.exe -> [2004/03/11 14:58:32 | 00,193,760 | ---- | M] (Symantec Corporation)
(SQLBrowser) SQL Server Browser [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2007/02/10 04:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation)
(SQLWriter) SQL Server VSS Writer [Win32_Own | Auto | Running] -> %ProgramFiles%\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2007/02/10 04:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation)
(Symantec AntiVirus) Symantec AntiVirus [Win32_Own | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Rtvscan.exe -> [2004/03/12 15:17:46 | 01,221,864 | ---- | M] (Symantec Corporation)
(W3SVC) World Wide Web Publishing [Win32_Shared | Auto | Running] -> %SystemRoot%\system32\inetsrv\inetinfo.exe -> [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation)
(WLANKEEPER) WLANKEEPER [Win32_Own | Auto | Running] -> %ProgramFiles%\Intel\Wireless\Bin\WLKEEPER.exe -> [2004/09/07 16:12:32 | 00,225,353 | ---- | M] (Intel® Corporation)
(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation)
(WSearch) Windows Search [Win32_Own | Auto | Running] -> %SystemRoot%\system32\searchindexer.exe -> [2008/05/26 22:18:44 | 00,439,808 | ---- | M] (Microsoft Corporation)
(WudfSvc) Windows Driver Foundation - User-mode Driver Framework [Win32_Shared | On_Demand | Stopped] -> %SystemRoot%\system32\WudfSvc.dll -> [2006/09/28 18:56:14 | 00,055,808 | ---- | M] (Microsoft Corporation)
[Driver Services - Safe List]
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.1.0.1 [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\AegisP.sys -> [2005/09/30 14:16:59 | 00,017,056 | ---- | M] (Meetinghouse Data Communications)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\aliide.sys -> [2004/08/04 07:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\Apfiltr.sys -> [2004/11/16 16:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.)
(APPDRV) APPDRV [Kernel | System | Running] -> %SystemRoot%\system32\drivers\APPDRV.SYS -> [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc)
(asc) asc [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc.sys -> [2004/08/04 07:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\asc3550.sys -> [2004/08/04 07:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(ati2mtag) ati2mtag [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ati2mtag.sys -> [2005/05/13 02:46:20 | 01,132,544 | ---- | M] (ATI Technologies Inc.)
(awlegacy) awlegacy [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AWLEGACY.SYS -> [2000/09/11 10:51:00 | 00,010,816 | ---- | M] (Symantec Corporation)
(AW_HOST) AW_HOST [Kernel | System | Running] -> %SystemRoot%\system32\drivers\AW_HOST5.sys -> [2002/02/11 10:51:00 | 00,033,496 | ---- | M] (Symantec Corporation)
(bcm4sbxp) Broadcom 440x 10/100 Integrated Controller XP Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\bcm4sbxp.sys -> [2004/05/26 20:18:18 | 00,044,928 | ---- | M] (Broadcom Corporation)
(cdrbsdrv) cdrbsdrv [Kernel | System | Running] -> %SystemRoot%\system32\drivers\CDRBSDRV.SYS -> [2004/03/08 12:55:50 | 00,013,567 | ---- | M] (B.H.A Corporation)
(CmdIde) CmdIde [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\cmdide.sys -> [2004/08/04 07:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\dac2w2k.sys -> [2004/08/04 07:00:00 | 00,179,584 | ---- | M] (Mylex Corporation)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\dne2000.sys -> [2003/07/24 19:55:50 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\e100b325.sys -> [2001/08/17 12:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(GEARAspiWDM) GEAR ASPI Filter Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\GEARAspiWDM.sys -> [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.)
(Gernuwa) Gernuwa [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\GERNUWA.SYS -> [2001/10/09 10:51:00 | 00,014,944 | ---- | M] (Symantec Corporation)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2005/10/21 18:58:52 | 00,049,920 | ---- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2005/10/21 18:58:58 | 00,016,496 | ---- | M] (HP)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2005/10/22 06:22:48 | 00,021,568 | ---- | M] (HP)
(HSFHWICH) HSFHWICH [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSFHWICH.sys -> [2005/05/03 15:08:50 | 00,208,384 | ---- | M] (Conexant Systems, Inc.)
(HSF_DP) HSF_DP [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\HSF_DP.sys -> [2004/06/17 20:55:04 | 01,041,536 | ---- | M] (Conexant Systems, Inc.)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_DPV.SYS -> [2005/05/03 15:09:28 | 01,033,728 | ---- | M] (Conexant Systems, Inc.)
(IWCA) Intel Wireless Connection Agent Miniport for Win XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\iwca.sys -> [2004/08/12 08:44:04 | 00,234,496 | ---- | M] (Intel Corporation)
(kbdhid) Keyboard HID Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\kbdhid.sys -> [2008/04/13 13:39:48 | 00,014,592 | ---- | M] (Microsoft Corporation)
(Lbd) Lbd [File_System | Boot | Running] -> %SystemRoot%\system32\drivers\Lbd.sys -> [2009/01/29 18:02:53 | 00,064,160 | ---- | M] (Lavasoft AB)
(LxrJD31d) LxrJD31d [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\LxrJD31d.sys -> [2008/12/26 21:47:26 | 00,069,824 | ---- | M] ()
(MCSTRM) MCSTRM [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mcstrm.sys -> [2007/03/27 08:21:39 | 00,008,413 | ---- | M] (RealNetworks, Inc.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2004/03/17 12:04:14 | 00,013,059 | ---- | M] (Conexant)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\mraid35x.sys -> [2004/08/04 07:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(NAVENG) NAVENG [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090213.003\NAVENG.SYS -> [2009/02/13 04:00:00 | 00,089,104 | ---- | M] (Symantec Corporation)
(NAVEX15) NAVEX15 [Kernel | On_Demand | Running] -> %CommonProgramFiles%\Symantec Shared\VirusDefs\20090213.003\NAVEX15.SYS -> [2009/02/13 04:00:00 | 00,876,112 | ---- | M] (Symantec Corporation)
(NetworkX) NetworkX [Kernel | System | Running] -> %SystemRoot%\system32\Ckldrv.sys -> [2008/03/17 11:45:52 | 00,019,584 | ---- | M] ()
(nv) nv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(omci) OMCI WDM Device Driver [Kernel | System | Stopped] -> %SystemRoot%\system32\drivers\omci.sys -> [2004/02/13 16:46:00 | 00,017,153 | ---- | M] (Dell Inc)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\PalmUSBD.sys -> [2004/01/09 11:35:14 | 00,016,509 | ---- | M] (Palm, Inc.)
(Point32) Microsoft IntelliPoint Filter Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\point32.sys -> [2005/06/10 04:21:01 | 00,021,760 | ---- | M] (Microsoft Corporation)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2005/01/26 01:03:00 | 00,020,576 | ---- | M] (Sonic Solutions)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1080.sys -> [2004/08/04 07:00:00 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql12160.sys -> [2004/08/04 07:00:00 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ql1280.sys -> [2004/08/04 07:00:00 | 00,049,024 | ---- | M] (QLogic Corporation)
(RCFOX) SonicWALL IPsec Driver [Kernel | System | Running] -> %SystemRoot%\system32\drivers\RCFOX.SYS -> [2004/07/27 11:50:52 | 00,078,032 | ---- | M] (SonicWALL, Inc.)
(rcvpn) SonicWALL VPN Adapter [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\rcvpn.sys -> [2003/08/20 14:01:22 | 00,023,180 | ---- | M] (SonicWALL, Inc.)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> %SystemRoot%\system32\drivers\s24trans.sys -> [2004/08/31 08:53:04 | 00,011,354 | ---- | M] (Intel Corporation)
(SAVRT) SAVRT [Kernel | System | Running] -> %ProgramFiles%\Symantec AntiVirus\savrt.sys -> [2004/02/09 15:43:56 | 00,301,200 | R--- | M] (Symantec Corporation)
(SAVRTPEL) SAVRTPEL [Kernel | Auto | Running] -> %ProgramFiles%\Symantec AntiVirus\Savrtpel.sys -> [2004/02/09 15:43:56 | 00,037,008 | R--- | M] (Symantec Corporation)
(sdbus) sdbus [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\sdbus.sys -> [2008/04/13 13:36:44 | 00,079,232 | ---- | M] (Microsoft Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(slabbus) CP2101 USB Composite Device driver (WDM) [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slabbus.sys -> [2004/03/25 19:37:08 | 00,052,384 | ---- | M] (MCCI)
(slabser) CP2101 USB to UART Bridge Controller Drivers [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\slabser.sys -> [2004/03/25 19:36:48 | 00,084,512 | ---- | M] (MCCI)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sparrow.sys -> [2004/08/04 07:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(STAC97) SigmaTel C-Major Audio [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\STAC97.sys -> [2005/03/10 22:56:06 | 00,273,168 | ---- | M] (SigmaTel, Inc.)
(symc810) symc810 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc810.sys -> [2004/08/04 07:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\symc8xx.sys -> [2004/08/04 07:00:00 | 00,032,640 | ---- | M] (LSI Logic)
(SymEvent) SymEvent [Kernel | On_Demand | Running] -> %ProgramFiles%\Symantec\SYMEVENT.SYS -> [2004/03/04 23:46:46 | 00,082,832 | ---- | M] (Symantec Corporation)
(SYMREDRV) SYMREDRV [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\symredrv.sys -> [2004/03/11 14:58:08 | 00,016,288 | ---- | M] (Symantec Corporation)
(SYMTDI) SYMTDI [Kernel | System | Running] -> %SystemRoot%\system32\drivers\symtdi.sys -> [2004/03/11 14:58:10 | 00,263,616 | ---- | M] (Symantec Corporation)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_hi.sys -> [2004/08/04 07:00:00 | 00,028,384 | ---- | M] (LSI Logic)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\sym_u3.sys -> [2004/08/04 07:00:00 | 00,030,688 | ---- | M] (LSI Logic)
(ultra) ultra [Kernel | Disabled | Stopped] -> %SystemRoot%\system32\drivers\ultra.sys -> [2004/08/04 07:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(umpusbxp) BodyMedia Serial Port Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\umpusbxp.sys -> [2005/11/09 19:25:47 | 00,075,584 | ---- | M] (Texas Instruments)
(USBAAPL) Apple Mobile USB Driver [Kernel | On_Demand | Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.)
(w29n51) Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\w29n51.sys -> [2004/10/21 20:56:04 | 03,210,496 | ---- | M] (Intel® Corporation)
(winachsf) winachsf [Kernel | On_Demand | Running] -> %SystemRoot%\system32\drivers\HSF_CNXT.sys -> [2005/05/03 15:08:44 | 00,705,408 | ---- | M] (Conexant Systems, Inc.)
(WS2IFSL) Windows Socket 2.0 Non-IFS Service Provider Support Environment [Kernel | System | Running] -> %SystemRoot%\system32\drivers\ws2ifsl.sys -> [2004/08/04 07:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation)
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.isp.com/members/ ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://www.isp.com/members/ ->
HKEY_LOCAL_MACHINE\: Search\\"CustomizeSearch" -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://www.isp.com/members/ ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_CURRENT_USER\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_CURRENT_USER\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Default Profile] > -> C:\Documents and Settings\mldellafera\Application Data\Mozilla\FireFox\Profiles\k338bndk.default\prefs.js ->
browser.search.defaulturl -> "http://search.conduit.com/ResultsExt.aspx?ctid=CT2077543&SearchSource=3&q=" ->
browser.search.selectedEngine -> "ToggleEN Customized Web Search" ->
browser.startup.homepage -> "http://search.conduit.com/?ctid=CT2077543&SearchSource=13" ->
browser.startup.homepage_override.mstone -> "rv:1.9.0.6" ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}:6.0.02 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 ->
extensions.enabledItems -> {038cb5c7-48ea-4af9-94e0-a1646542e62b}:1.5.47.1 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6 ->
< HOSTS File > (301082 bytes and 10125 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts ->
First 25 entries...
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
127.0.0.1 123topsearch.com
127.0.0.1 www.132.com
127.0.0.1 132.com
127.0.0.1 www.136136.net
127.0.0.1 136136.net
127.0.0.1 www.163ns.com
127.0.0.1 163ns.com
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00011268-E188-40DF-A514-835FCD78B1BF} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [IE7Pro BHO] -> [2009/02/04 04:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:41 | 00,059,032 | ---- | M] (Adobe Systems Incorporated)
{0B1B0D47-95F7-4bad-9309-A945B655AE61} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
{0B1B0D47-95F7-4bad-9309-A945B655AE61} [HKCU] -> %ProgramFiles%\Naturalsoft\NaturalReader66\IsRegSpy.exe [NVRShowBar] -> File not found
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre6\bin\ssv.dll [Java(tm) Plug-In SSV Helper] -> [2008/12/19 14:24:41 | 00,320,920 | ---- | M] (Sun Microsystems, Inc.)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [Google Toolbar Helper] -> [2009/01/07 12:39:40 | 00,251,504 | ---- | M] ()
{AE7CD045-E861-484f-8273-0445EE161910} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF Conversion Toolbar Helper] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> %ProgramFiles%\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [Google Toolbar Notifier BHO] -> [2009/01/07 12:39:00 | 00,657,904 | ---- | M] (Google Inc.)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> %ProgramFiles%\MSN\Toolbar\3.0.0988.2\msneshellx.dll [MSN Toolbar Helper] -> [2008/12/04 12:29:32 | 00,083,800 | ---- | M] (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> %ProgramFiles%\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2008/12/19 14:24:39 | 00,034,816 | ---- | M] (Sun Microsystems, Inc.)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> %ProgramFiles%\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2008/12/19 14:24:41 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] -> File not found
"{0BF43445-2F28-4351-9252-17FE6E806AA0}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/01/07 12:39:40 | 00,251,504 | ---- | M] ()
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
"{7754C418-F62E-44aa-B169-E719E718BCFD}" [HKLM] -> %ProgramFiles%\1-Click Answers\IEToolbar\AnswersToolbarU.dll [1-Click Answers] -> [2005/12/14 15:15:46 | 00,458,752 | ---- | M] (Answers Corporation)
"{97bceb59-cfcd-4b16-a863-b3f72cf9f196}" [HKLM] -> %ProgramFiles%\BitZipperSearch\tbBitZ.dll [BitZipperSearch Toolbar] -> [2008/04/16 10:06:12 | 01,524,760 | ---- | M] (Conduit Ltd.)
"{BCBF738C-4891-4B9A-959A-C6BF7F608C3A}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Value does not exist or could not be read.] -> File not found
"{BCBF738C-4891-4B9A-959A-C6BF7F608C3A}" [HKCU] -> %ProgramFiles%\Naturalsoft\NaturalReader66\NVRIEbar.dll [NVRIEbar.IEbar] -> [2007/05/16 16:39:04 | 00,401,408 | ---- | M] (www.naturalreaders.com)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\Google Toolbar\GoogleToolbar.dll [&Google Toolbar] -> [2009/01/07 12:39:40 | 00,251,504 | ---- | M] ()
WebBrowser\\"{47833539-D0C5-4125-9FA8-0819E2EAAC93}" [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [Adobe PDF] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
WebBrowser\\"{7754C418-F62E-44AA-B169-E719E718BCFD}" [HKLM] -> %ProgramFiles%\1-Click Answers\IEToolbar\AnswersToolbarU.dll [1-Click Answers] -> [2005/12/14 15:15:46 | 00,458,752 | ---- | M] (Answers Corporation)
WebBrowser\\"{8B79EE88-E62D-4AA8-B530-CC357BA112B7}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found
WebBrowser\\"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" [HKLM] -> Reg Error: Key does not exist or could not be opened. [&Yahoo! Toolbar] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Acrobat Assistant 7.0" -> %ProgramFiles%\Adobe\Acrobat 7.0\Distillr\acrotray.exe ["C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"] -> [2008/04/23 01:08:13 | 00,483,328 | ---- | M] (Adobe Systems Inc.)
"Ad-Watch" -> %ProgramFiles%\Lavasoft\Ad-Aware\AAWTray.exe [C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe] -> [2009/01/29 18:02:49 | 00,509,784 | ---- | M] (Lavasoft)
"Apoint" -> %ProgramFiles%\Apoint\Apoint.exe [C:\Program Files\Apoint\Apoint.exe] -> [2004/09/13 16:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.)
"AppleSyncNotifier" -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe] -> [2008/11/07 14:16:58 | 00,111,936 | ---- | M] (Apple Inc.)
"ATIPTA" -> %ProgramFiles%\ATI Technologies\ATI Control Panel\atiptaxx.exe [C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] -> [2005/05/12 21:00:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.)
"ccApp" -> %CommonProgramFiles%\Symantec Shared\ccApp.exe ["C:\Program Files\Common Files\Symantec Shared\ccApp.exe"] -> [2004/02/29 16:44:46 | 00,066,680 | ---- | M] (Symantec Corporation)
"Dell QuickSet" -> %ProgramFiles%\Dell\QuickSet\quickset.exe [C:\Program Files\Dell\QuickSet\quickset.exe] -> [2005/03/04 11:26:08 | 00,606,208 | ---- | M] ()
"DVDLauncher" -> %ProgramFiles%\CyberLink\PowerDVD\DVDLauncher.exe ["C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"] -> [2005/02/23 16:19:56 | 00,053,248 | ---- | M] (CyberLink Corp.)
"FinePrint Dispatcher v5" -> %SystemRoot%\system32\spool\drivers\w32x86\3\fpdisp5a.exe ["C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM] -> [2007/11/07 11:41:39 | 00,507,904 | ---- | M] (FinePrint Software, LLC)
"HP Software Update" -> %ProgramFiles%\HP\HP Software Update\hpwuSchd2.exe [C:\Program Files\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 15:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"InstaBack" -> %ProgramFiles%\PC Magazine Utilities\InstaBack\InstaBack.exe [C:\Program Files\PC Magazine Utilities\InstaBack\InstaBack.exe /a /t] -> [2006/09/24 12:35:28 | 01,525,248 | ---- | M] (Ziff Davis Media Inc.)
"IntelliPoint" -> %ProgramFiles%\Microsoft IntelliPoint\point32.exe ["C:\Program Files\Microsoft IntelliPoint\point32.exe"] -> [2005/06/10 04:21:01 | 00,217,088 | ---- | M] (Microsoft Corporation)
"IntelWireless" -> %ProgramFiles%\Intel\Wireless\Bin\iFrmewrk.exe [C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless] -> [2004/10/30 14:59:54 | 00,385,024 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> %CommonProgramFiles%\InstallShield\UpdateService\ISUSPM.exe [C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/27 16:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISUSScheduler" -> %CommonProgramFiles%\InstallShield\UpdateService\issch.exe ["C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start] -> [2004/07/27 16:50:18 | 00,081,920 | ---- | M] (InstallShield Software Corporation)
"iTunesHelper" -> %ProgramFiles%\iTunes\iTunesHelper.exe ["C:\Program Files\iTunes\iTunesHelper.exe"] -> [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.)
"OM_Monitor" -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\FirstStart.exe [C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe] -> [2005/11/29 19:19:00 | 00,040,960 | ---- | M] (OLYMPUS IMAGING CORP.)
"PCMService" -> %ProgramFiles%\Dell\Media Experience\PCMService.exe ["C:\Program Files\Dell\Media Experience\PCMService.exe"] -> [2004/04/11 20:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.)
"pdfFactory Pro Dispatcher v3" -> %SystemRoot%\system32\spool\drivers\w32x86\3\fppdis3a.exe ["C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM] -> [2007/11/07 11:39:35 | 00,507,904 | ---- | M] (FinePrint Software, LLC)
"QuickTime Task" -> %ProgramFiles%\QuickTime\QTTask.exe ["C:\Program Files\QuickTime\qttask.exe" -atboottime] -> [2008/11/04 10:30:50 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> %ProgramFiles%\Java\jre6\bin\jusched.exe ["C:\Program Files\Java\jre6\bin\jusched.exe"] -> [2008/12/19 14:24:40 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.)
"Synchronization Manager" -> %SystemRoot%\system32\mobsync.exe [%SystemRoot%\system32\mobsync.exe /logon] -> [2008/04/13 19:12:26 | 00,143,360 | ---- | M] (Microsoft Corporation)
"tgcmd" -> ["C:\Program Files\support.com\bin\tgcmd.exe" /server] -> File not found
"vptray" -> %ProgramFiles%\Symantec AntiVirus\VPTray.exe [C:\PROGRA~1\SYMANT~1\VPTray.exe] -> [2004/03/12 15:18:32 | 00,124,128 | ---- | M] (Symantec Corporation)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"OM_Monitor" -> %ProgramFiles%\OLYMPUS\OLYMPUS Master\Monitor.exe [C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart] -> [2005/11/29 19:19:00 | 00,057,344 | ---- | M] (OLYMPUS IMAGING CORP.)
"swg" -> %ProgramFiles%\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe] -> [2007/06/29 23:59:26 | 00,068,856 | ---- | M] (Google Inc.)
"updateMgr" -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe ["C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1] -> [2006/03/30 15:45:08 | 00,313,472 | ---- | M] (Adobe Systems Incorporated)
"Weather" -> %ProgramFiles%\AWS\WeatherBug\Weather.exe [C:\Program Files\AWS\WeatherBug\Weather.exe 1] -> [2005/04/25 16:03:00 | 01,339,392 | ---- | M] (AWS Convergence Technologies, Inc.)
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
%AllUsersProfile%\Start Menu\Programs\Startup\1-Click Answers.lnk -> %ProgramFiles%\1-Click Answers\answers.exe -> [2005/12/14 15:12:46 | 00,647,168 | ---- | M] (Answers Corporation)
%AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe -> [2008/05/11 16:18:04 | 00,025,214 | R--- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk -> %CommonProgramFiles%\DataViz\DvzIncMsgr.exe -> [2005/12/15 13:34:59 | 00,024,576 | ---- | M] ()
%AllUsersProfile%\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqtra08.exe -> [2004/11/04 19:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.)
%AllUsersProfile%\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk -> %ProgramFiles%\HP\Digital Imaging\bin\hpqthb08.exe -> [2004/11/04 19:50:52 | 00,053,248 | ---- | M] (Hewlett-Packard Co.)
< mldellafera Startup Folder > -> C:\Documents and Settings\mldellafera\Start Menu\Programs\Startup ->
%UserProfile%\Start Menu\Programs\Startup\Adobe Gamma.lnk -> %CommonProgramFiles%\Adobe\Calibration\Adobe Gamma Loader.exe -> [2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.)
%UserProfile%\Start Menu\Programs\Startup\ButtonBoogie.lnk -> %ProgramFiles%\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe -> [2007/06/06 08:19:24 | 00,303,104 | ---- | M] (Ziff Davis Media, Inc.)
%UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> %ProgramFiles%\ERUNT\AUTOBACK.EXE -> [2005/10/20 12:04:08 | 00,038,912 | ---- | M] ()
%UserProfile%\Start Menu\Programs\Startup\HotSync Manager.lnk -> %ProgramFiles%\Palm\HOTSYNC.EXE -> [2004/01/09 11:34:50 | 00,299,008 | ---- | M] (Palm, Inc.)
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
\\"NoBandCustomize" -> [0] -> File not found
\\"NoMovingBands" -> [0] -> File not found
\\"NoCloseDragDropBands" -> [0] -> File not found
\\"NoSetTaskbar" -> [0] -> File not found
\\"NoToolbarsOnTaskbar" -> [0] -> File not found
\\"NoSaveSettings" -> [0] -> File not found
\\"NoActiveDesktop" -> [0] -> File not found
\\"ClassicShell" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"DisableRegistryTools" -> [0] -> File not found
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
Answers... -> %ProgramFiles%\1-Click Answers\Html\atiemenu.htm [file:C:\Program Files\1-Click Answers\Html\atiemenu.htm] -> [2005/12/14 15:04:06 | 00,000,376 | ---- | M] ()
Convert link target to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert link target to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selected links to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert selection to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to Adobe PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
Convert to existing PDF -> %ProgramFiles%\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html] -> [2006/12/18 04:18:14 | 00,231,160 | ---- | M] (Adobe Systems Incorporated)
E&xport to Microsoft Excel -> %ProgramFiles%\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000] -> [2005/05/27 03:06:52 | 10,095,808 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{000002a3-84fe-43f1-b958-f2c3ca804f1a}:{CD275D4E-791A-4993-9D4D-6A071EDD2709} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [Button: IE7Pro Grab and Drag] -> [2009/02/04 04:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{000002a3-84fe-43f1-b958-f2c3ca804f1a}:{CD275D4E-791A-4993-9D4D-6A071EDD2709} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [Menu: IE7Pro Grab and Drag] -> [2009/02/04 04:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [Button: IE7Pro Preferences] -> [2009/02/04 04:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8}:{B119EB0C-C021-46CF-85B0-34A760E0D5FE} [HKLM] -> %ProgramFiles%\IEPro\IEPro.dll [Menu: IE7Pro Preferences] -> [2009/02/04 04:59:14 | 00,752,744 | ---- | M] (IE7Pro.com)
{669B269B-0D4E-41FB-A3D8-FD67CA94F646}:Exec [HKLM] -> [Button: ComcastHSI] -> File not found
{8828075D-D097-4055-AA02-2DBFA9D85E8A}:Exec [HKLM] -> [Button: Support] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{97809617-3937-4F84-B335-9BB05EF1A8D4}:Exec [HKLM] -> [Button: Help] -> File not found
{d81ca86b-ef63-42af-bee3-4502d9a03c2d}:http://wwws.musicmatch.com/mmz/openWebRadio.html [HKLM] -> [Button: MUSICMATCH MX Web Player] -> File not found
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{e2e2dd38-d088-4134-82b7-f2ba38496583}:Exec [HKLM] -> %SystemRoot%\network diagnostic\xpnetdiag.exe [Menu: @xpsp3res.dll,-20001] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: @C:\Program Files\Messenger\Msgslang.dll,-61144] -> [2003/08/05 21:29:48 | 01,578,160 | ---- | M] (Microsoft Corporation)
{FB5F1910-F110-11d2-BB9E-00C04F795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: @C:\Program Files\Messenger\Msgslang.dll,-61144] -> [2003/08/05 21:29:48 | 01,578,160 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{669B269B-0D4E-41FB-A3D8-FD67CA94F646}" [HKLM] -> [ComcastHSI] -> File not found
CmdMapping\\"{8828075D-D097-4055-AA02-2DBFA9D85E8A}" [HKLM] -> [Support] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2006/10/26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{97809617-3937-4F84-B335-9BB05EF1A8D4}" [HKLM] -> [Help] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [@C:\Program Files\Messenger\Msgslang.dll,-61144] -> [2003/08/05 21:29:48 | 01,578,160 | ---- | M] (Microsoft Corporation)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5266 domain(s) found. ->
49 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5291 domain(s) found. ->
*.update_microsoft.com [http] -> Trusted sites ->
*.update_microsoft.com [https] -> Trusted sites ->
www.update_microsoft.com [https] -> Trusted sites ->
download_windowsupdate.com [http] -> Trusted sites ->
52 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{05D96F71-87C6-11D3-9BE4-00902742D6E0} [HKLM] -> http://www.bniva.com/qp2.cab [QuickPlace Class] ->
{0CCA191D-13A6-4E29-B746-314DEE697D83} [HKLM] -> http://upload.facebook.com/controls/FacebookPhotoUploader5.cab [Facebook Photo Uploader 5] ->
{0E5F0222-96B9-11D3-8997-00104BD12D94} [HKLM] -> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB [PCPitstop Utility] ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [HKLM] -> http://office.microsoft.com/officeupdate/content/opuc3.cab [Office Update Installation Engine] ->
{493ACF15-5CD9-4474-82A6-91670C3DD66E} [HKLM] -> http://www.linkedin.com/cab/LinkedInContactFinderControl.cab [LinkedIn ContactFinderControl] ->
{4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} [HKLM] -> http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab [WebIQ Technology Client] ->
{6414512B-B978-451D-A0D8-FCFDF33E833C} [HKLM] -> http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128433495656 [WUWebControl Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://sdlc-esd.sun.com/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab?AuthParam=1231504347_6c3d6b95c6ed016308cf506847cbb6c9&GroupName=JSC&FilePath=/ESD5/JSCDL/jre/6u11-b90/jinstall-6u11-windows-i586-jc.cab&File=jinstall-6u11-windows-i586-jc.cab&BHost=javadl.sun.com [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab [Java Plug-in 1.4.2_03] ->
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab [Java Plug-in 1.5.0_05] ->
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_06] ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_10] ->
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] ->
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab [Java Plug-in 1.6.0_02] ->
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab [Java Plug-in 1.6.0_03] ->
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab [Java Plug-in 1.6.0_05] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab [Java Plug-in 1.6.0_11] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{D821DC4A-0814-435E-9820-661C543A4679} [HKLM] -> http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx [CRLDownloadWrapper Class] ->
{DCDC28C5-831C-43EA-9C02-78872CCCA409} [HKLM] -> http://thesecret.tv/movie/player/vivid_ocx.jpeg [VPlayer Control] ->
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> https://nrc.webex.com/client/T25L/event/ieatgpc.cab [GpcContainer Class] ->
APEX Weight Center 1.1.0.685 [HKLM] -> https://application.bodybugg.com/files/static/install/bmapex_1_1_0_685.cab [Reg Error: Key does not exist or could not be opened.] ->
Microsoft XML Parser for Java [HKLM] -> file://C:\WINDOWS\Java\classes\xmldso.cab [Reg Error: Key does not exist or could not be opened.] ->
< DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{0A12CC8C-2D90-4990-9276-58BA4802B2B5} -> (Broadcom 440x 10/100 Integrated Controller) ->
{35039EE2-A6D0-432E-A637-077957553065} -> () ->
{522BE6A8-93C1-47C7-9838-F55A4124C472} -> (Intel(R) PRO/Wireless 2200BG Network Connection) ->
{5F7E28D9-41C7-45E2-9627-74DF8655AB55} -> (1394 Net Adapter) ->
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
AtiExtEvent -> %SystemRoot%\system32\ati2evxx.dll -> [2005/05/13 02:43:54 | 00,046,080 | ---- | M] (ATI Technologies Inc.)
mlleeder
2009-02-14, 21:42
IntelWireless -> %ProgramFiles%\Intel\Wireless\Bin\LgNotify.dll -> [2004/09/07 16:08:06 | 00,110,592 | ---- | M] (Intel Corporation)
NavLogon -> %SystemRoot%\system32\NavLogon.dll -> [2004/03/12 15:17:24 | 00,083,176 | ---- | M] (Symantec Corporation)
PCANotify -> %SystemRoot%\system32\PCANotify.dll -> [2002/02/15 10:51:00 | 00,024,638 | ---- | M] (Symantec Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> %ProgramFiles%\Windows Desktop Search\MSNLNamespaceMgr.dll [] -> [2008/05/26 22:19:02 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Macromedia\Contribute 3\Contribute.exe" -> C:\Program Files\Macromedia\Contribute 3\Contribute.exe [C:\Program Files\Macromedia\Contribute 3\Contribute.exe:*:Enabled:Contribute] -> File not found
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" -> C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004] -> [2004/03/02 09:55:28 | 12,169,216 | ---- | M] (Macromedia, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2003/08/05 21:29:48 | 01,578,160 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" -> C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe [C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007] -> [2008/03/26 23:00:54 | 06,187,528 | ---- | M] (Microsoft Corporation)
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" -> C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe [C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client] -> [2004/08/16 17:05:12 | 00,917,601 | ---- | M] (SonicWALL, Inc.)
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE" -> C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE [C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service] -> [2002/02/15 10:51:00 | 00,114,749 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" -> C:\Program Files\Symantec\pcAnywhere\awrem32.exe [C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service] -> [2002/02/15 10:51:00 | 00,172,092 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE" -> C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE [C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program] -> [2002/02/15 10:51:00 | 00,507,964 | ---- | M] (Symantec Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 13:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019] -> [2008/04/13 19:12:34 | 00,141,312 | ---- | M] (Microsoft Corporation)
"C:\Documents and Settings\mldellafera\My Documents\SW\LinkSys Music Bridge WMB54G\WMB54G_SetupWizard\WMB54G_20071113\Setup.exe" -> C:\Documents and Settings\mldellafera\My Documents\SW\LinkSys Music Bridge WMB54G\WMB54G_SetupWizard\WMB54G_20071113\Setup.exe [C:\Documents and Settings\mldellafera\My Documents\SW\LinkSys Music Bridge WMB54G\WMB54G_SetupWizard\WMB54G_20071113\Setup.exe:*:Enabled:Setup] -> [2008/12/13 15:07:31 | 09,403,008 | ---- | M] (Linksys)
"C:\Program Files\America Online 9.0\waol.exe" -> C:\Program Files\America Online 9.0\waol.exe [C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" -> C:\Program Files\Bonjour\mDNSResponder.exe [C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour] -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe [C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" -> C:\Program Files\Common Files\AOL\ACS\AOLDial.exe [C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL] -> File not found
"C:\Program Files\IEPro\MiniDM.exe" -> C:\Program Files\IEPro\MiniDM.exe [C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM] -> [2009/02/04 04:59:16 | 00,715,912 | ---- | M] (IE7Pro.com)
"C:\Program Files\Internet Explorer\iexplore.exe" -> C:\Program Files\Internet Explorer\iexplore.exe [C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer] -> [2008/12/19 00:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" -> C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager] -> [2005/10/20 10:54:16 | 00,126,976 | ---- | M] (Intuit, Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.)
"C:\Program Files\Macromedia\Contribute 3\Contribute.exe" -> C:\Program Files\Macromedia\Contribute 3\Contribute.exe [C:\Program Files\Macromedia\Contribute 3\Contribute.exe:*:Enabled:Contribute] -> File not found
"C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe" -> C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe [C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Enabled:Dreamweaver 8] -> [2006/04/21 17:18:26 | 14,651,392 | ---- | M] (Macromedia, Inc.)
"C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" -> C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe [C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe:*:Enabled:Dreamweaver MX 2004] -> [2004/03/02 09:55:28 | 12,169,216 | ---- | M] (Macromedia, Inc.)
"C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger] -> [2003/08/05 21:29:48 | 01,578,160 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" -> C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe [C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007] -> [2008/03/26 23:00:54 | 06,187,528 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Palm\HOTSYNC.EXE" -> C:\Program Files\Palm\HOTSYNC.EXE [C:\Program Files\Palm\HOTSYNC.EXE:*:Enabled:HotSync® Manager Application] -> [2004/01/09 11:34:50 | 00,299,008 | ---- | M] (Palm, Inc.)
"C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HDHBClient.exe" -> C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HDHBClient.exe [C:\Program Files\PC Magazine Utilities\HD HeartBeat 2\HDHBClient.exe:LocalSubNet:Enabled:HD HeartBeat 2] -> File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" -> C:\Program Files\Real\RealPlayer\realplay.exe [C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer] -> [2006/06/19 10:08:09 | 00,208,941 | ---- | M] (RealNetworks, Inc.)
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe" -> C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe [C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.5] -> [2007/04/02 10:56:08 | 06,346,272 | ---- | M] (SmartSoft Ltd.)
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE" -> C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE [C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Disabled:pcAnywhere Host Service] -> [2002/02/15 10:51:00 | 00,114,749 | ---- | M] (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" -> C:\Program Files\Symantec\pcAnywhere\awrem32.exe [C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Disabled:pcAnywhere Remote Service] -> [2002/02/15 10:51:00 | 00,172,092 | ---- | M] (Symantec Corporation)
"D:\Setup.exe" -> D:\Setup.exe [D:\Setup.exe:*:Enabled:Setup] -> File not found
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 13:40:46 | 00,062,976 | ---- | M] (Microsoft Corporation)
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2004/08/10 13:04:08 | 00,000,000 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{07e21d83-7b3f-11dc-8b0a-006073e05b18}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e21d83-7b3f-11dc-8b0a-006073e05b18}\Shell
\{07e21d83-7b3f-11dc-8b0a-006073e05b18}\Shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e21d83-7b3f-11dc-8b0a-006073e05b18}\Shell\AutoRun
\{07e21d83-7b3f-11dc-8b0a-006073e05b18}\Shell\AutoRun\\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07e21d83-7b3f-11dc-8b0a-006073e05b18}\Shell\AutoRun\command
\{07e21d83-7b3f-11dc-8b0a-006073e05b18}\Shell\AutoRun\command\\"" -> E:\LaunchU3.exe [E:\LaunchU3.exe -a] -> File not found
\{08cb1032-9195-11da-8a23-0013ce332cf0}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08cb1032-9195-11da-8a23-0013ce332cf0}\Shell\AutoRun\command
\{08cb1032-9195-11da-8a23-0013ce332cf0}\Shell\AutoRun\command\\"" -> E:\JDSecure\Windows\JDSecure31.exe [E:\JDSecure\Windows\JDSecure31.exe] -> File not found
[Files/Folders - Created Within 30 Days]
2 C:\*.tmp files -> C:\*.tmp ->
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2009/02/14 13:19:57 | 00,000,000 | ---D | C]
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/14 13:18:20 | 00,656,714 | ---- | C] ()
mldellafera.exe -> %UserProfile%\Desktop\mldellafera.exe -> [2009/02/14 09:44:12 | 00,401,720 | ---- | C] (Trend Micro Inc.)
rsit -> %SystemDrive%\rsit -> [2009/02/14 09:44:11 | 00,000,000 | ---D | C]
Malwarebytes -> %AppData%\Malwarebytes -> [2009/02/13 18:47:15 | 00,000,000 | ---D | C]
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/13 18:47:07 | 00,015,504 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/13 18:47:07 | 00,000,696 | ---- | C] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/13 18:47:04 | 00,038,496 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> %AllUsersProfile%\Application Data\Malwarebytes -> [2009/02/13 18:47:03 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> %ProgramFiles%\Malwarebytes' Anti-Malware -> [2009/02/13 18:47:02 | 00,000,000 | ---D | C]
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/02/13 18:42:40 | 00,781,851 | ---- | C] ()
A new CIOs 100-day Plan.doc -> %UserProfile%\My Documents\A new CIOs 100-day Plan.doc -> [2009/02/13 11:02:10 | 00,032,768 | ---- | C] ()
AneeshChopraPresentation 20090130.pdf -> %UserProfile%\My Documents\AneeshChopraPresentation 20090130.pdf -> [2009/02/12 17:35:06 | 02,023,947 | ---- | C] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/02/11 17:04:32 | 02,876,720 | ---- | C] (Malwarebytes Corporation )
011a6d442f8a389c7ce4 -> %SystemDrive%\011a6d442f8a389c7ce4 -> [2009/02/11 16:02:29 | 00,000,000 | ---D | C]
SxsCaPendDel -> %SystemRoot%\SxsCaPendDel -> [2009/02/11 16:01:00 | 00,000,000 | ---D | C]
Stakeholder Circle Software PDF.pdf -> %UserProfile%\My Documents\Stakeholder Circle Software PDF.pdf -> [2009/02/10 13:57:17 | 00,138,469 | ---- | C] ()
Bug Report Search Hijack.doc -> %UserProfile%\My Documents\Bug Report Search Hijack.doc -> [2009/02/09 21:44:46 | 00,028,160 | ---- | C] ()
Malware University.doc -> %UserProfile%\My Documents\Malware University.doc -> [2009/02/09 21:43:48 | 00,026,624 | ---- | C] ()
MegaMillionsPrintScreen.pdf -> %UserProfile%\My Documents\MegaMillionsPrintScreen.pdf -> [2009/02/09 19:26:49 | 00,034,566 | ---- | C] ()
ERDNT -> %SystemRoot%\ERDNT -> [2009/02/09 10:44:54 | 00,000,000 | ---D | C]
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/02/09 10:44:17 | 00,000,767 | ---- | C] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/02/09 10:44:03 | 00,000,611 | ---- | C] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/09 10:44:03 | 00,000,592 | ---- | C] ()
ERUNT -> %ProgramFiles%\ERUNT -> [2009/02/09 10:44:01 | 00,000,000 | ---D | C]
erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> [2009/02/09 10:30:05 | 00,791,393 | ---- | C] (Lars Hederer )
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2009/02/09 10:30:05 | 00,401,720 | ---- | C] (Trend Micro Inc.)
ResetTeaTimer.bat -> %UserProfile%\Desktop\ResetTeaTimer.bat -> [2009/02/09 10:30:05 | 00,009,123 | ---- | C] ()
links to real sites.doc -> %UserProfile%\My Documents\links to real sites.doc -> [2009/02/09 09:29:29 | 00,026,112 | ---- | C] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/02/09 08:34:47 | 00,001,602 | ---- | C] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/02/08 13:18:36 | 00,000,963 | ---- | C] ()
SalCalc.xls -> %UserProfile%\My Documents\SalCalc.xls -> [2009/02/06 14:44:52 | 00,013,824 | ---- | C] ()
My Downloads -> %UserProfile%\My Documents\My Downloads -> [2009/02/06 11:32:41 | 00,000,000 | ---D | C]
MiniDm -> %AppData%\MiniDm -> [2009/02/06 11:32:41 | 00,000,000 | ---D | C]
My FeedStation Podcasts -> %UserProfile%\My Documents\My FeedStation Podcasts -> [2009/02/05 21:31:24 | 00,000,000 | ---D | C]
FeedDemon -> %UserProfile%\Local Settings\Application Data\FeedDemon -> [2009/02/05 21:21:50 | 00,000,000 | ---D | C]
FeedStation -> %ProgramFiles%\FeedStation -> [2009/02/05 21:21:44 | 00,000,000 | ---D | C]
FeedDemon.lnk -> %UserProfile%\Desktop\FeedDemon.lnk -> [2009/02/05 21:21:42 | 00,000,640 | ---- | C] ()
FeedDemon -> %ProgramFiles%\FeedDemon -> [2009/02/05 21:21:39 | 00,000,000 | ---D | C]
IEPro -> %ProgramFiles%\IEPro -> [2009/02/05 21:20:03 | 00,000,000 | ---D | C]
IEPro -> %AppData%\IEPro -> [2009/02/05 21:20:03 | 00,000,000 | ---D | C]
Microsoft Office Project 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Project 2003.lnk -> [2009/02/05 10:50:56 | 00,002,473 | ---- | C] ()
AdAware Screenshot 20040205.JPG -> %UserProfile%\My Documents\AdAware Screenshot 20040205.JPG -> [2009/02/05 08:05:32 | 00,000,000 | ---- | C] ()
AdAware Error 20090205.JPG -> %UserProfile%\My Documents\AdAware Error 20090205.JPG -> [2009/02/05 08:03:48 | 00,063,440 | ---- | C] ()
Thumbs.db -> %SystemDrive%\Thumbs.db -> [2009/02/04 18:22:35 | 00,004,608 | -HS- | C] ()
IE7 Stalls.pdf -> %UserProfile%\My Documents\IE7 Stalls.pdf -> [2009/02/04 17:09:22 | 00,011,534 | ---- | C] ()
Coupons -> %ProgramFiles%\Coupons -> [2009/02/04 15:50:25 | 00,000,000 | ---D | C]
HIPAA Compliance Deadlines2.doc -> %UserProfile%\My Documents\HIPAA Compliance Deadlines2.doc -> [2009/02/04 15:42:26 | 00,043,008 | ---- | C] ()
IE7 hangs.doc -> %UserProfile%\My Documents\IE7 hangs.doc -> [2009/02/04 14:57:10 | 00,029,696 | ---- | C] ()
How to clean grease from suede.doc -> %UserProfile%\My Documents\How to clean grease from suede.doc -> [2009/02/03 20:07:42 | 00,027,136 | ---- | C] ()
Ad-Aware Scan (Daily).job -> %SystemRoot%\tasks\Ad-Aware Scan (Daily).job -> [2009/02/01 15:05:01 | 00,000,468 | ---- | C] ()
ShutdownAsDefault_support.microsoft.com_kb_893056.pdf -> %UserProfile%\My Documents\ShutdownAsDefault_support.microsoft.com_kb_893056.pdf -> [2009/02/01 13:32:04 | 00,039,554 | ---- | C] ()
Windows Shutdown Default.pdf -> %UserProfile%\My Documents\Windows Shutdown Default.pdf -> [2009/01/31 17:47:49 | 00,018,985 | ---- | C] ()
lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [2009/01/29 18:29:45 | 00,015,688 | ---- | C] ()
Ad-Aware Update (Daily).job -> %SystemRoot%\tasks\Ad-Aware Update (Daily).job -> [2009/01/29 18:03:39 | 00,000,472 | ---- | C] ()
Lbd.sys -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/01/29 18:03:23 | 00,064,160 | ---- | C] (Lavasoft AB)
{83C91755-2546-441D-AC40-9A6B4B860800} -> %AllUsersProfile%\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800} -> [2009/01/29 18:01:32 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2009/01/29 18:01:31 | 00,000,867 | ---- | C] ()
MaryLouLeeder.pdf -> %UserProfile%\My Documents\MaryLouLeeder.pdf -> [2009/01/27 11:32:38 | 00,026,770 | ---- | C] ()
Driving Directions to Richmond Marriott.doc -> %UserProfile%\My Documents\Driving Directions to Richmond Marriott.doc -> [2009/01/26 22:07:27 | 00,036,352 | ---- | C] ()
Internet Explorer 7 freezes at startup.doc -> %UserProfile%\My Documents\Internet Explorer 7 freezes at startup.doc -> [2009/01/26 09:46:16 | 01,436,672 | ---- | C] ()
Jobs List.xls -> %UserProfile%\My Documents\Jobs List.xls -> [2009/01/26 08:55:10 | 00,109,568 | ---- | C] ()
MaryLouLeeder.doc -> %UserProfile%\My Documents\MaryLouLeeder.doc -> [2009/01/26 08:35:17 | 00,096,256 | ---- | C] ()
HP Product Assistant -> %AllUsersProfile%\Application Data\HP Product Assistant -> [2009/01/23 10:50:38 | 00,000,000 | ---D | C]
DFI Logic Business Accounts 2008.xls -> %UserProfile%\My Documents\DFI Logic Business Accounts 2008.xls -> [2009/01/23 09:20:35 | 00,033,280 | ---- | C] ()
TweetDeckFast.73B3E7AF072990ED6C9064BFA59785ED18ADD5D0.1 -> %AppData%\TweetDeckFast.73B3E7AF072990ED6C9064BFA59785ED18ADD5D0.1 -> [2009/01/23 08:10:34 | 00,000,000 | ---D | C]
TweetDeck.lnk -> %AllUsersProfile%\Desktop\TweetDeck.lnk -> [2009/01/23 08:10:11 | 00,000,640 | ---- | C] ()
TweetDeck -> %ProgramFiles%\TweetDeck -> [2009/01/23 08:10:09 | 00,000,000 | ---D | C]
Adobe AIR -> %CommonProgramFiles%\Adobe AIR -> [2009/01/23 08:10:02 | 00,000,000 | ---D | C]
SourceForge,_Inc -> %UserProfile%\Local Settings\Application Data\SourceForge,_Inc -> [2009/01/15 20:54:11 | 00,000,000 | ---D | C]
iTSfv -> %UserProfile%\My Documents\iTSfv -> [2009/01/15 20:52:20 | 00,000,000 | ---D | C]
iTSfv -> %AppData%\iTSfv -> [2009/01/15 20:52:20 | 00,000,000 | ---D | C]
iTSfv.lnk -> %UserProfile%\Desktop\iTSfv.lnk -> [2009/01/15 20:51:41 | 00,000,666 | ---- | C] ()
Applications -> %UserProfile%\My Documents\Applications -> [2009/01/15 20:51:40 | 00,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
2 C:\*.tmp files -> C:\*.tmp ->
3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp ->
4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp ->
323 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
Google Software Updater.job -> %SystemRoot%\tasks\Google Software Updater.job -> [2009/02/14 13:21:11 | 00,000,868 | ---- | M] ()
User_Feed_Synchronization-{DA9E178C-F2ED-4041-9CC1-A147E59BE11E}.job -> %SystemRoot%\tasks\User_Feed_Synchronization-{DA9E178C-F2ED-4041-9CC1-A147E59BE11E}.job -> [2009/02/14 13:20:00 | 00,000,434 | -H-- | M] ()
OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2009/02/14 13:18:21 | 00,656,714 | ---- | M] ()
Adobe Acrobat Speed Launcher.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk -> [2009/02/14 10:38:34 | 00,002,335 | ---- | M] ()
wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2009/02/14 10:37:05 | 00,013,728 | ---- | M] ()
Perflib_Perfdata_a0c.dat -> %AllUsersProfile%\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_a0c.dat -> [2009/02/14 10:36:35 | 00,016,384 | ---- | M] ()
Perflib_Perfdata_5f8.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5f8.dat -> [2009/02/14 10:36:16 | 00,016,384 | ---- | M] ()
SA.DAT -> %SystemRoot%\tasks\SA.DAT -> [2009/02/14 10:35:59 | 00,000,006 | -H-- | M] ()
bootstat.dat -> %SystemRoot%\bootstat.dat -> [2009/02/14 10:35:52 | 00,002,048 | --S- | M] ()
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2009/02/14 10:35:50 | 10,731,80672 | -HS- | M] ()
NTUSER.DAT -> %UserProfile%\NTUSER.DAT -> [2009/02/14 10:34:49 | 13,631,488 | -H-- | M] ()
ntuser.ini -> %UserProfile%\ntuser.ini -> [2009/02/14 10:34:09 | 00,000,278 | -HS- | M] ()
Ad-Aware Scan (Daily).job -> %SystemRoot%\tasks\Ad-Aware Scan (Daily).job -> [2009/02/13 21:30:00 | 00,000,468 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> %AllUsersProfile%\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/02/13 18:47:07 | 00,000,696 | ---- | M] ()
RSIT.exe -> %UserProfile%\Desktop\RSIT.exe -> [2009/02/13 18:42:42 | 00,781,851 | ---- | M] ()
mbam-setup.exe -> %UserProfile%\Desktop\mbam-setup.exe -> [2009/02/13 18:36:14 | 02,876,720 | ---- | M] (Malwarebytes Corporation )
Ad-Aware Update (Daily).job -> %SystemRoot%\tasks\Ad-Aware Update (Daily).job -> [2009/02/13 18:03:00 | 00,000,472 | ---- | M] ()
A new CIOs 100-day Plan.doc -> %UserProfile%\My Documents\A new CIOs 100-day Plan.doc -> [2009/02/13 14:12:30 | 00,032,768 | ---- | M] ()
QuickCalcAccounts.xls -> %UserProfile%\My Documents\QuickCalcAccounts.xls -> [2009/02/12 21:40:33 | 00,070,656 | ---- | M] ()
AneeshChopraPresentation 20090130.pdf -> %UserProfile%\My Documents\AneeshChopraPresentation 20090130.pdf -> [2009/02/12 17:35:06 | 02,023,947 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> %UserProfile%\Local Settings\Application Data\GDIPFONTCACHEV1.DAT -> [2009/02/11 16:44:20 | 00,066,784 | ---- | M] ()
FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2009/02/11 16:40:09 | 01,552,864 | ---- | M] ()
imsins.BAK -> %SystemRoot%\imsins.BAK -> [2009/02/11 16:35:01 | 00,001,374 | ---- | M] ()
PerfStringBackup.INI -> %SystemRoot%\System32\PerfStringBackup.INI -> [2009/02/11 16:14:50 | 00,673,394 | ---- | M] ()
perfh009.dat -> %SystemRoot%\System32\perfh009.dat -> [2009/02/11 16:14:50 | 00,563,840 | ---- | M] ()
perfc009.dat -> %SystemRoot%\System32\perfc009.dat -> [2009/02/11 16:14:50 | 00,115,340 | ---- | M] ()
qmgr1.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr1.dat -> [2009/02/11 15:48:43 | 00,004,646 | ---- | M] ()
qmgr0.dat -> %AllUsersProfile%\Application Data\Microsoft\Network\Downloader\qmgr0.dat -> [2009/02/11 15:48:43 | 00,004,232 | ---- | M] ()
mbamswissarmy.sys -> %SystemRoot%\System32\drivers\mbamswissarmy.sys -> [2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> %SystemRoot%\System32\drivers\mbam.sys -> [2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation)
Mary Lou Leeder Resume.pdf -> %UserProfile%\My Documents\Mary Lou Leeder Resume.pdf -> [2009/02/10 15:46:33 | 00,027,008 | ---- | M] ()
Stakeholder Circle Software PDF.pdf -> %UserProfile%\My Documents\Stakeholder Circle Software PDF.pdf -> [2009/02/10 13:57:17 | 00,138,469 | ---- | M] ()
Bug Report Search Hijack.doc -> %UserProfile%\My Documents\Bug Report Search Hijack.doc -> [2009/02/09 21:44:46 | 00,028,160 | ---- | M] ()
Malware University.doc -> %UserProfile%\My Documents\Malware University.doc -> [2009/02/09 21:43:49 | 00,026,624 | ---- | M] ()
AppleSoftwareUpdate.job -> %SystemRoot%\tasks\AppleSoftwareUpdate.job -> [2009/02/09 20:48:00 | 00,000,284 | ---- | M] ()
MegaMillionsPrintScreen.pdf -> %UserProfile%\My Documents\MegaMillionsPrintScreen.pdf -> [2009/02/09 19:26:50 | 00,034,566 | ---- | M] ()
wininit.ini -> %SystemRoot%\wininit.ini -> [2009/02/09 15:39:17 | 00,000,108 | ---- | M] ()
hosts -> %SystemRoot%\System32\drivers\etc\hosts -> [2009/02/09 11:36:58 | 00,301,082 | R--- | M] ()
ERUNT AutoBackup.lnk -> %UserProfile%\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk -> [2009/02/09 10:44:17 | 00,000,767 | ---- | M] ()
NTREGOPT.lnk -> %UserProfile%\Desktop\NTREGOPT.lnk -> [2009/02/09 10:44:03 | 00,000,611 | ---- | M] ()
ERUNT.lnk -> %UserProfile%\Desktop\ERUNT.lnk -> [2009/02/09 10:44:03 | 00,000,592 | ---- | M] ()
SearchFolder.inf -> %SystemDrive%\SearchFolder.inf -> [2009/02/09 10:35:52 | 00,000,003 | -H-- | M] ()
mldellafera.exe -> %UserProfile%\Desktop\mldellafera.exe -> [2009/02/09 09:52:13 | 00,401,720 | ---- | M] (Trend Micro Inc.)
HiJackThis.exe -> %UserProfile%\Desktop\HiJackThis.exe -> [2009/02/09 09:52:13 | 00,401,720 | ---- | M] (Trend Micro Inc.)
erunt-setup.exe -> %UserProfile%\Desktop\erunt-setup.exe -> [2009/02/09 09:42:09 | 00,791,393 | ---- | M] (Lars Hederer )
ResetTeaTimer.bat -> %UserProfile%\Desktop\ResetTeaTimer.bat -> [2009/02/09 09:41:06 | 00,009,123 | ---- | M] ()
links to real sites.doc -> %UserProfile%\My Documents\links to real sites.doc -> [2009/02/09 09:29:29 | 00,026,112 | ---- | M] ()
Mozilla Firefox.lnk -> %AllUsersProfile%\Desktop\Mozilla Firefox.lnk -> [2009/02/09 08:34:47 | 00,001,602 | ---- | M] ()
Spybot - Search & Destroy.lnk -> %UserProfile%\Desktop\Spybot - Search & Destroy.lnk -> [2009/02/08 13:33:17 | 00,000,963 | ---- | M] ()
hosts.20090209-113658.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090209-113658.backup -> [2009/02/08 13:27:14 | 00,301,082 | R--- | M] ()
hosts.20090208-132714.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090208-132714.backup -> [2009/02/08 13:27:00 | 00,301,082 | R--- | M] ()
SalCalc.xls -> %UserProfile%\My Documents\SalCalc.xls -> [2009/02/06 14:47:24 | 00,013,824 | ---- | M] ()
FeedDemon.lnk -> %UserProfile%\Desktop\FeedDemon.lnk -> [2009/02/05 21:21:42 | 00,000,640 | ---- | M] ()
Microsoft Office Project 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Project 2003.lnk -> [2009/02/05 10:51:54 | 00,002,473 | ---- | M] ()
Microsoft Office Outlook 2003.lnk -> %UserProfile%\Desktop\Microsoft Office Outlook 2003.lnk -> [2009/02/05 10:49:56 | 00,002,521 | ---- | M] ()
hosts.20090208-132700.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090208-132700.backup -> [2009/02/05 10:35:49 | 00,301,082 | R--- | M] ()
Perflib_Perfdata_5c0.dat -> %SystemRoot%\Temp\Perflib_Perfdata_5c0.dat -> [2009/02/05 10:27:23 | 00,016,384 | ---- | M] ()
AdAware Screenshot 20040205.JPG -> %UserProfile%\My Documents\AdAware Screenshot 20040205.JPG -> [2009/02/05 08:05:11 | 00,000,000 | ---- | M] ()
AdAware Error 20090205.JPG -> %UserProfile%\My Documents\AdAware Error 20090205.JPG -> [2009/02/05 08:03:10 | 00,063,440 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/02/04 18:23:03 | 00,007,680 | ---- | M] ()
Thumbs.db -> %SystemDrive%\Thumbs.db -> [2009/02/04 18:22:35 | 00,004,608 | -HS- | M] ()
IE7 hangs.doc -> %UserProfile%\My Documents\IE7 hangs.doc -> [2009/02/04 17:35:44 | 00,029,696 | ---- | M] ()
IE7 Stalls.pdf -> %UserProfile%\My Documents\IE7 Stalls.pdf -> [2009/02/04 17:09:23 | 00,011,534 | ---- | M] ()
HIPAA Compliance Deadlines2.doc -> %UserProfile%\My Documents\HIPAA Compliance Deadlines2.doc -> [2009/02/04 15:42:27 | 00,043,008 | ---- | M] ()
How to clean grease from suede.doc -> %UserProfile%\My Documents\How to clean grease from suede.doc -> [2009/02/03 20:07:43 | 00,027,136 | ---- | M] ()
MRT.exe -> %SystemRoot%\System32\MRT.exe -> [2009/02/03 18:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation)
Time Log FEW.xls -> %UserProfile%\My Documents\Time Log FEW.xls -> [2009/02/03 17:48:19 | 00,123,392 | ---- | M] ()
hosts.20090205-103549.backup -> %SystemRoot%\System32\drivers\etc\hosts.20090205-103549.backup -> [2009/02/01 14:04:39 | 00,300,940 | R--- | M] ()
ShutdownAsDefault_support.microsoft.com_kb_893056.pdf -> %UserProfile%\My Documents\ShutdownAsDefault_support.microsoft.com_kb_893056.pdf -> [2009/02/01 13:32:04 | 00,039,554 | ---- | M] ()
Thumbs.db -> %SystemRoot%\Thumbs.db -> [2009/02/01 12:25:22 | 00,007,680 | -HS- | M] ()
Windows Shutdown Default.pdf -> %UserProfile%\My Documents\Windows Shutdown Default.pdf -> [2009/01/31 17:47:49 | 00,018,985 | ---- | M] ()
lsdelete.exe -> %SystemRoot%\System32\lsdelete.exe -> [2009/01/30 18:03:39 | 00,015,688 | ---- | M] ()
Lbd.sys -> %SystemRoot%\System32\drivers\Lbd.sys -> [2009/01/29 18:02:53 | 00,064,160 | ---- | M] (Lavasoft AB)
Ad-Aware.lnk -> %AllUsersProfile%\Desktop\Ad-Aware.lnk -> [2009/01/29 18:01:31 | 00,000,867 | ---- | M] ()
MaryLouLeeder.pdf -> %UserProfile%\My Documents\MaryLouLeeder.pdf -> [2009/01/27 11:32:38 | 00,026,770 | ---- | M] ()
Driving Directions to Richmond Marriott.doc -> %UserProfile%\My Documents\Driving Directions to Richmond Marriott.doc -> [2009/01/26 22:07:28 | 00,036,352 | ---- | M] ()
Internet Explorer 7 freezes at startup.doc -> %UserProfile%\My Documents\Internet Explorer 7 freezes at startup.doc -> [2009/01/26 09:46:16 | 01,436,672 | ---- | M] ()
Jobs List.xls -> %UserProfile%\My Documents\Jobs List.xls -> [2009/01/26 08:55:10 | 00,109,568 | ---- | M] ()
MaryLouLeeder.doc -> %UserProfile%\My Documents\MaryLouLeeder.doc -> [2009/01/26 08:32:59 | 00,096,256 | ---- | M] ()
1-Click Answers.lnk -> %AllUsersProfile%\Start Menu\Programs\Startup\1-Click Answers.lnk -> [2009/01/26 07:03:21 | 00,000,710 | ---- | M] ()
DFI Logic Business Accounts 2008.xls -> %UserProfile%\My Documents\DFI Logic Business Accounts 2008.xls -> [2009/01/25 17:52:26 | 00,033,280 | ---- | M] ()
TweetDeck.lnk -> %AllUsersProfile%\Desktop\TweetDeck.lnk -> [2009/01/23 08:10:11 | 00,000,640 | ---- | M] ()
mshtml.dll -> %SystemRoot%\System32\mshtml.dll -> [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation)
mshtml.dll -> %SystemRoot%\System32\dllcache\mshtml.dll -> [2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation)
iTSfv.lnk -> %UserProfile%\Desktop\iTSfv.lnk -> [2009/01/15 20:51:41 | 00,000,666 | ---- | M] ()
opa12.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa12.dat -> [2008/06/29 23:22:50 | 00,008,474 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2007/12/10 12:48:02 | 00,065,536 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\History\History.IE5\index.dat -> [2007/12/10 12:48:02 | 00,049,152 | ---- | M] ()
index.dat -> %SystemRoot%\Temp\Cookies\index.dat -> [2007/12/10 12:48:02 | 00,032,768 | ---- | M] ()
hhcolreg.dat -> %AllUsersProfile%\Application Data\Microsoft\HTML Help\hhcolreg.dat -> [2007/04/04 15:06:54 | 00,001,417 | ---- | M] ()
opa11.dat -> %AllUsersProfile%\Application Data\Microsoft\OFFICE\DATA\opa11.dat -> [2005/10/23 19:39:48 | 00,011,068 | ---- | M] ()
q.dat -> %UserProfile%\Local Settings\Temp\pft4B.tmp\Custom\AU_AD_Q\config\q.dat -> [2005/01/14 09:23:22 | 00,000,824 | R--- | M] ()
q.dat -> %UserProfile%\Local Settings\Temp\pft1C.tmp\Custom\AU_AD_Q\config\q.dat -> [2005/01/14 09:23:22 | 00,000,824 | R--- | M] ()
q.dat -> %UserProfile%\Local Settings\Temp\pft13.tmp\Custom\AU_AD_Q\config\q.dat -> [2005/01/14 09:23:22 | 00,000,824 | R--- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 0 bytes -> %SystemDrive%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %SystemRoot%\Thumbs.db:encryptable
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[CatchMe Rootkit Scan by GMER]
< Windows folder & sub-folders >
scanning hidden processes ...
IPC error: 2 The system cannot find the file specified.
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1
< Document and Settings folder & sub folders >
scanning hidden files ...
IPC error: 2 The system cannot find the file specified.
C:\Documents and Settings\mldellafera\Application Data\Microsoft\Internet Explorer\Quick Launch\88.9-89.1 Live Stream.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Application Data\Microsoft\Internet Explorer\Quick Launch\Thesaurus.com.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\10 Sites to Help You Land a Tech Job - 1. Dice.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\10 Techie Gifts for Your Valentine - 10. For the Humorous Spouse.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\15 Web Sites for Managing (and Saving) Money - Smart Spending - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\AirSet - Organize busy work & family lives with shared online calendars, contacts & lists - AirSet.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\CD Baby CHARLES F. HAANEL The Master Key System.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\Google (2).url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\Google.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\Grass Wall Décor walls Pier 1 Imports.url:favicon 2494 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\Lifehacker, the Productivity and Software Guide.url:favicon 9062 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\The Secret Teachers Official Web Site of The Secret Movie.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\Wachovia.com Logout.url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\20070419\Web Design Courses - Online Class Catalog.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\NorthShore Care Supply--Puppy Training Pads.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\Pitfalls with Solutions for Aspiring CIOs.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\CreditCheckMate (01) - Free Downloads on ZDNet Shareware, Trialware, Evaluation Software.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\Holiday Gift Guide.url:favicon 6598 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\NNHC_5th_Conference_Call_Packet.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\Our Favorite 100 Blogs 2007 - Our 100 Favorite Blogs - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\Seven Things IT Can Do to Meet Legal's Needs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\The golden age of change management.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\Williams-Sonoma Catalog.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 13\Women in IT and in Charge - CIO Decisions magazine.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 14 2008\How to innovate IT if your budget is cut.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 14 2008\Shifting IT business models in time of economic crisis.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\Amazon.com John Adams (HBO Miniseries) Paul Giamatti, Laura Linney Movies & TV.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\DORIE GREENSPAN Pumpkin, Packed with Bread and Cheese A Recipe in Progress.url:favicon 2862 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\DR planning Chilling lessons played out on the big screen.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\E-junkie Shopping Cart for selling downloads & tangible goods.url:favicon 1334 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\LinkedIn Chuck Wickens.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\Meatloaf Recipes - Recipes & Tips for Making Meat Loaf.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\QuadraMed Candidate Portal.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\RealClearPolitics - Battle for the House of Representatives.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\United States Congress - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 2 2008\United States Constitution - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 21 2008\BORLAND® Change Management Self Assessment.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 21 2008\Capital One Credit Cards, Home and Auto Loans, Banking, Small Business Credit Card.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 21 2008\Dog Videos.url:favicon 4150 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 21 2008\Photoblitz 8 Digital Photo Frame - PF8e Target.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 25 2008\This American Life - Radio Archive.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 25 2008\Volunteer Opportunities Volunteer Virginia - Virginia Service.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 25 2008\VolunteerMatch - Opportunity Search.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 28\10 Things You Should Know About Virtualization - See More Slide Shows Like This One!.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 28\10 Tips To Secure Your Laptop -- Wireless Security -- InformationWeek.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 28\circuitcity.com Consumer Electronics.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 28\Wireless USB - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 6\Alibris Charlaine Harris.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 6\DCRP Review Olympus Stylus 710.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 6\Dog Videos.url:favicon 4150 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 6\Hypersoft Live Tv (rar), from Hypersoft - Free Downloads on ZDNet Shareware, Trialware, Evaluation Software.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 6\SearchCIO.com Salary and Careers Special Report.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 6\The Top 9 Ways to Improve Customer Loyalty.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Nov 6\Wachovia.com Logout.url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\Compare Web Hosting Plans.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Computers and Information Technology - Online directory of web links and information resources of interest to nonprofits..url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\25 Tips for a Better Wiki Deployment.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\AHRQ Time Motion Study Knowledge Library.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Busy Buddy Squirrel Dude Medium - Dog Toys at Arcata Pet Supplies.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Digg - News.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Discover How You Can Create, Manage and Deliver the Best Customer Experience.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Discussions - alt.home.repair Google Groups.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Dog Harness for Dog Trainers.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\gijon spain - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Glance - Thank you for using Glance!.url:favicon 25214 bytes
C:\Documents and Settings\mldellafera\Favorites\Golf Info, News, Shop, Travel & Community @ ABC-of-Golf.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Golf Link.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Google Image Result for http--www.cosmedix.com-images-products-p_image_defy.jpg.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Google Image Result for http--www.garyrhardingdesign.com-images-TriangularVennDiagramNew-1.png.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Google Image Result for http--www.naturalgolf.com-images-ballOnTee.jpg.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Home\Sakura Slipcovers.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\How I got a Windows Vista refund from HP equiliberate.url:favicon 5430 bytes
C:\Documents and Settings\mldellafera\Favorites\How to Buy a Digital Photo Frame - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\How To Find Paid Public Speaking Jobs - Business White Papers, Webcasts and Case Studies BNET.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\How to Set Up a Blog for Beginners - Mahalo.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\How To Sharpen An Image - Advanced Photo Sharpening PhotoshopSupport.com.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\HTML Color Names.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\http--www.cellphoneshop.net-.url:favicon 6598 bytes
C:\Documents and Settings\mldellafera\Favorites\http--www.convert-ringtones.com-index.jsp.url:favicon 2038 bytes
C:\Documents and Settings\mldellafera\Favorites\http--www.ie7pro.com-firstrun-English.html.url:favicon 22486 bytes
C:\Documents and Settings\mldellafera\Favorites\http--www.jrcigars.com-index.cfmpage=cigars.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\HyperOffice Trial Site.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\iHealthBeat - Reporting Technology's Impact on Health Care.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Liter to Gallon - Quart - Pint - Cup - Ounce Conversion.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\LiveLeak.com - Redefining the Media.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Locations.url:favicon 1386 bytes
C:\Documents and Settings\mldellafera\Favorites\Login - SmarterStats.url:favicon 14806 bytes
C:\Documents and Settings\mldellafera\Favorites\LyricsMode.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Maine Oak Parsons Tables with Deer Isle Granite, Marble, Ceramic Tiles hand crafted in Maine by Acorn Wood Products.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Remote SQL Server Deployment.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Research, Statistics, Data & Systems.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Respond Yellow Pages Directory.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Review of more than 21 web conferencing services.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\SP3 without using Windows Update.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Spay Day 2009 Online Pet Photo Contest.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Speaker Systems\Compare Logitech X-540 5.1 Powered Speaker System Prices - Shop for PC Speakers at mySimon.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Speaker Systems\Speaker Systems - PC - Home Entertainment, Speakers for ZEN, Speakers for iPod, Portable Speaker.url:favicon 5430 bytes
C:\Documents and Settings\mldellafera\Favorites\Spiffy Dog Quick-Dry Air Collars.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Square Pub Table - Brown (42) Target.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Stainless Steel Repair and Restoration.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Virginia Career Network (Richmond, VA) - Meetup.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\vision-resume.com Resume portfolio, personal website, interactive resume, template resumes, online marketing.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Asian Food from Pocky to Miso Asian Food Grocer.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 27\academy vet clinic loc Chester, VA - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 27\Is the Internet Over - Columns by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 27\Princeton Review educates itself in business performance management.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 27\Richmond SPCA.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\Business process decisions require executive involvement, not just support.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\Cancer Patients, Lost in a Maze of Uneven Care - New York Times.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\Contact Us - Shell Point Retirement Community - Fort Myers, Florida (2).url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\Contact Us - Shell Point Retirement Community - Fort Myers, Florida.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\ROI success begins and ends with accountability.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\Strategic IT-business alignment for SMBs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\wachovia loc westbrook avenue richmond, VA - Google Maps (2).url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Aug 31\wachovia loc westbrook avenue richmond, VA - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Science of Cooking.url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\SearchCIO.com Information Governance Strategies.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\SearchCIO.com Information Management Strategies.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\SearchCIO.com SAP Resource Center for CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Seattle Senior Community Technology Recommendations.url:favicon 24542 bytes
C:\Documents and Settings\mldellafera\Favorites\SEO Help And Tools For New Webmasters SEONoobs.Com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\CompUSA.com - Garmin International nuvi 200 GPS Receiver - 0100062110 - Electronics » GPS » GPS Devices.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\Independence Golf Club Championship Golf Course.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\IT shops deal with growth -- and flat budgets.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\IT's Most Taxing Tasks.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\ITIL strategies for CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\September 2007 Research Cost Management - Cost Management Slide 12.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\SmartDraw Customer Information.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 11\Wachovia.com Logout.url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 14\Four Things You Don't Know about Your Network That Put You at Risk.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 14\Managing Unstructured Data 10 Key Requirements.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 14\optimus emr - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 14\rack mounted Definition.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 14\Rack unit - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Free web conferencing software & meeting solutions that are truly free.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Free Website Template.url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\FreeSerifSoftware - free software downloads.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\CD Baby CHARLES F. HAANEL The Master Key System.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Photoshop\Photoshop Adjustments photo - Isabel Cutler photos at pbase.com.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Photoshop Drawing Creating a Flower Vase Tutorial.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Photoshop Pen Tool, Vector Paths.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Phrases Engine - Stork Avenue.url:favicon 1082 bytes
C:\Documents and Settings\mldellafera\Favorites\Website Development Stages Access eCommerce Guide.url:favicon 340 bytes
C:\Documents and Settings\mldellafera\Favorites\Westside Wholesale, Inc. - Lutron 600 Watt 3-Way Ariadni Dimmer - White.url:favicon 2318 bytes
C:\Documents and Settings\mldellafera\Favorites\Westside Wholesale, Inc..url:favicon 2318 bytes
C:\Documents and Settings\mldellafera\Favorites\What is CGI - Knowledge Base.url:favicon 2550 bytes
C:\Documents and Settings\mldellafera\Favorites\Time deposit - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Time Zone Check.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Time Zones.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Transforming HC group\home centered care - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Transforming HC group\home-based healthcare - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Transforming HC group\project budget staffing excel - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Transforming HC group\the future of health care - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Transforming HC group\transforming health care - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Transforming HC group\transforming healthcare delivery - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Money supply - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\MS Reseller.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\My 10 favorite Windows programs of all time Ed Bott’s Microsoft Report ZDNet.com.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\AirSet - Organize busy work & family lives with shared online calendars, contacts & lists - AirSet.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\AirSet - Organize busy work & family lives with shared online calendars, contacts & lists.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Al Mackey's Photoshop Tutorial, Table of Contents.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Albumart.org - CD and DVD cover searchengine.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\amazon.com Chia Cat Grass Planter Featuring Sylvester & Tweety, 1 Kit Health & Personal Care.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\amazon.com Foldable Fork Step Stand Bicycle Bike Chrome Sports & Outdoors.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\amazon.com Used and New PM FASTrack PMP Exam Simulation Software, Version 5.2.0.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Election 2008\Barack Obama Change We Can Believe In Health Care (2).url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\Election 2008\Barack Obama Change We Can Believe In Health Care.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\Election 2008\John McCain 2008 - John McCain for President (2).url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Election 2008\John McCain 2008 - John McCain for President.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Interviewing like a pro -- mistakes to avoid.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Invention marketing forum..url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Invest FAQ Advice Mutual-Fund Expenses.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Iomega 160GB Silver eGo Hi-Speed USB 2.0 Portable External Hard Drive - Buy.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\iPod Speakers.url:favicon 7782 bytes
C:\Documents and Settings\mldellafera\Favorites\IT Articles\Compliance management How to keep the IT auditors away.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\IT Articles\Gartner Restructuring top concern for CEOs in 2009.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\IT Articles\Internet Explorer cannot display the webpage.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\IT Articles\Liquid and Dry Measurement Equivalents.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\IT Articles\Minimizing Security-Related Total Cost of Ownership.url:favicon 2038 bytes
C:\Documents and Settings\mldellafera\Favorites\IT Articles\Radio Times Radio WHYY.url:favicon 350 bytes
C:\Documents and Settings\mldellafera\Favorites\IT Audit & Inventory, USB Endpoint Security & Data Loss Protection, Software Asset Management.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\IT ROI strategies for CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Visual Studio Express Download.url:favicon 25214 bytes
C:\Documents and Settings\mldellafera\Favorites\walmart.com Coleman 54-Quart Stainless Steel Cooler Camping.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\WAMU Online Account Access.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Water-Powered Weeder - Lee Valley Tools.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Buy Art from Corey Bieber Souichi Coffee Table.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Buy.com - AF17.0 LCD PROTECTION FILTER 17IN PROTECT-ANTI-GLARE-CONTRAST - AF17.0.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Care.com - Care Provider Profile Happy Paws.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Care.com - Care Provider Profile.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\HEALTHeCAREERS Network Career Center - Healthcare Career Tools.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\480 McLaws Cir, Williamsburg, VA 23185 to 1010 Kingsmill Rd, Williamsburg, VA 23185 - Google Maps.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\About Quadramed - Management Team (2).url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\About Quadramed - Management Team.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\Epic.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\Forrester IT industry demands better collaborative, integrated data.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\HealthcareITNews.com Career Center.url:favicon 1082 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\HIMSS (Healthcare Information and Management Systems Society).url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\HIMSS - HIT EVENT Industry Solutions Webinar - IBM Meeting and Exceeding Compliance Regulations While Increasing Productivity.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\Hotel Accomodations.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\IT Knowledge Exchange Forgot Password.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\Nassim Nicholas Taleb the prophet of boom and doom - Times Online.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\QuadraMed Candidate Portal.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\Today's Best Part-Time Jobs - Business White Papers, Webcasts and Case Studies BNET (2).url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\Today's Best Part-Time Jobs - Business White Papers, Webcasts and Case Studies BNET.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Career\WHYY.url:favicon 350 bytes
C:\Documents and Settings\mldellafera\Favorites\Paul Miesing's Strategic Audit.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Peregrine Falcon Page of Pennsylvania.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Personal Health Records on the Internet.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Personal Medical Recordkeeping Includes Links to Sites.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Pet Airways.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Health Information Privacy.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Health Literacy Presentations & Workshops.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Health, Science and Society Dr. Mike Magee's Biography.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\HealthcareITNews.com Career Center JobSpot.url:favicon 1082 bytes
C:\Documents and Settings\mldellafera\Favorites\HealthcareITNews.com Career Center.url:favicon 1082 bytes
mlleeder
2009-02-14, 21:46
C:\Documents and Settings\mldellafera\Favorites\healthnex eHealth Trends.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Healthy & Secure Computing.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Open Source Web Design - Download and upload free web designs..url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Pet Food Recall Spreadsheet.url:favicon 2550 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\Analyzing Your Business's Strengths, Weaknesses, Opportunities, and Threats - Business White Papers, Webcasts and Case Studies - BNET.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\Growing budgets fuel SMB hardware spending.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\Health Data Management Leahy, Kennedy Push Privacy Bill (July 19, 2007).url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\Software Guide for Retirement Communities - Google Search (2).url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\Software Guide for Retirement Communities - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\technology in healthcare - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\Mid-Market Report Emerging Technologies.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\skilled nursing facility - Google Search (2).url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\skilled nursing facility - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 16\IBM The CIO innovation agenda--Transforming IT for business advantage - Business White Papers, Webcasts and Case Studies - BNET.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\TV Planner.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Types of Commercial Phone Systems Buyer Zone.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Undermount Kitchen Sinks.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Usability Week 2008 Conference Nielsen Norman Group.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\President-CEO of Virginia Credit Union to be Executive-in-Residence at Longwood.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Price Waterhouse Healthcare Page.url:favicon 15086 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\1363_DD_FILE_Health_Scope_Report_Draft.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\A Health System Analysis Approach to Health Outcomes in Medicare Clients With Chronic Illnesses..url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\All Senior Project Manager Jobs in Richmond, VA Indeed.com.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\Cost Benefit Analysis - Decision Making from Mind Tools.url:favicon 2550 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\Cost Benefit Analysis Example.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\Find Senior Project Manager jobs at Dice.com.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\IBM Rational Unified Process - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Proj Mgr Jobs Terms\Systems thinking - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Project management - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Project management for CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Teething Puppy Toys.url:favicon 6598 bytes
C:\Documents and Settings\mldellafera\Favorites\Thai Food & Recipes Temple of Thai.url:favicon 3774 bytes
C:\Documents and Settings\mldellafera\Favorites\Thai restaurants\Amazon.com - Your Account.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\The 10 Best Sites for Baby Boomers.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\The Best USB Keys - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\The Daily Dish By Andrew Sullivan (October 27, 2008) - Drudge's Latest.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\The Golf Warehouse.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Journal of Medical Internet Research.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jul 2\Branding drives Volvo, FedEx and CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jul 2\Build a Web 2.0 Platform and Employees Will Use It.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Jul 2\Capital One Online Account Services Recent Activity.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jul 2\iHealthBeat - Reporting Technology's Impact on Health Care.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Jul 2\pressure mount system - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jul 2\SWOT Analysis Software - Download SmartDraw FREE to easily create SWOT analyses and marketing graphics!.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Jul 2\Technology in Continuing Care Retirement Communities - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\July 9 2008 1\AMS ADVANTAGE Vendor Self Service.url:favicon 22798 bytes
C:\Documents and Settings\mldellafera\Favorites\July 9 2008 1\Registration.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\July 9 2008 1\tweety bird sylvester cat grass - Google Search.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\July 9 2008 1\Who Is Running the Most Secure Browser.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\July 9 2008 2\Bargain Hunt External Hard Drives - News and Analysis by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\July 9 2008 2\Doctors Press Senate to Undo Medicare Cuts - NYTimes.com.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\July 9 2008 2\Risk assessment frameworks easy to employ.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\30 Communities Apply To Participate in HHS' EHR Demonstration - iHealthBeat.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\42 Southgate Square, Colonial Heights, VA - Google Maps.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\Disruptive outsourcing Flexibility at a fixed price##.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\File Download.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\Geek Girls Revenge of the Nerdettes Newsweek Culture Newsweek.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\June_Update_PDF.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\Modern Healthcare Online.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 16 08\Simpleology WebCockpit.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 22 Tablist\SWOT Analysis Software - Download SmartDraw FREE to easily create SWOT analyses and marketing graphics!.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 22 Tablist\Target Furniture.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 26\Build a Web 2.0 Platform and Employees Will Use It.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 26\Conversation - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 26\Strategic planning - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 26\SWOT Analysis Software - Download SmartDraw FREE to easily create SWOT analyses and marketing graphics!.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 26\Technology in Continuing Care Retirement Communities - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008\Career advice in 'remarkably robust' market##.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008\Google Health Launches to Questions About Privacy.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008\Taking on Excel, and Winning, Sort Of. Enterprise Anti-matter ZDNet.com.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008-2\1932735038 Book Price Comparison.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008-2\Amazon.com PM Fastrack Books.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008-2\Interviewing like a pro -- mistakes to avoid.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008-2\Mastercard CIO Rob Reeg on PPM (news podcast).url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008-2\pmi central virginia - Google Search.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Jun 5 2008-2\Wachovia.com Logout.url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\June 20\SWOT Analysis Software - Download SmartDraw FREE to easily create SWOT analyses and marketing graphics!.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Keystrokes 4 Cash VIP Members Area.url:favicon 2550 bytes
C:\Documents and Settings\mldellafera\Favorites\Chess is Fun.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Chillbuster Vent-Free Gas Log Nuisance ODS Pilot Shut-down Corrective Tips.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\choicehotels.com Room Availability.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\CIO Insight Podcasts.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Simply Hired Salary Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Skillet Macaroni & Cheese Recipe.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sky Golf Sky Caddie SG5 GPS - BHMGolf.com - Best Prices On Golf Equipment On The Web Guaranteed! Sky Golf Sky Caddie GPS.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Bed Bath & Beyond Monaco Bar Stool.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Beef Tataki\385 north's tataki of beef (marinated beef).url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\Beef Tataki\beef tataki - Google Search.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Beef Tataki\Ginger Beef Tataki with Lemon-Soy Dipping Sauce Recipe at Epicurious.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Beef Tataki\Japanese Beef Steak Salad - Beef tataki salad - Japanese recipe.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Beef Tataki\Steak Tataki with Citrus Ponzu Texas Monthly September 2003.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Behavioral Interview Questions.url:favicon 3750 bytes
C:\Documents and Settings\mldellafera\Favorites\Best Hot Crab Dip - Allrecipes.url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\Better Living Through Design Funky Rugs.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\bikeman Power Grip Sport Pedal & Strap Set Black 34.95.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\About The Prometheus Institute.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Additional Anti-Spyware Programs.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\Cracking the Whip On IT Spending.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\Growing budgets fuel SMB hardware spending.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\Health Data Management Leahy, Kennedy Push Privacy Bill (July 19, 2007).url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\IBM The CIO innovation agenda--Transforming IT for business advantage - Business White Papers, Webcasts and Case Studies - BNET.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\Independence Golf Club Championship Golf Course.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\Internet Explorer cannot display the webpage.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\Mid-Market Report Emerging Technologies.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 18\Software Guide for Retirement Communities - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\http--www-935.ibm.com-services-us-igs-html-innovation-cio-hub3.htmlca=WMYSCIO&re=BIZ&Itnewsletters.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Best Techniques to Manage IT Costs - The Survey.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Budgeting For Uncertain Times.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Data Center Managers Share Pain Points.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Defining a Governance Model for Portals.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Electronic medical records at risk of being hacked, report warns.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Growing budgets fuel SMB hardware spending.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Key Issues for Electronic Discovery.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\Richmond.com - Restaurants & Dining - Restaurant Detail.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 20\technology - Synonyms from Thesaurus.com.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\AirTran Reservations - Confirm.url:favicon 9062 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\AirTran Reservations - Select.url:favicon 9062 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\Best Practices for Budgeting, Forecasting and Reporting.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\Brazen Careerist Five Ways To Make Yourself A Workplace Superstar -- Careers -- InformationWeek.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\Citibank Logout.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\Flight Details.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\Health Data Management Report I.T. Could Improve Finances (September 20, 2007).url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\Healthcare Financial Management The myths of benchmarking healthcare IT spending.url:favicon 2294 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\HFMA Publications.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\IT Service Management (ITSM) What It Is and Is It Right for You.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\IT-Business Alignment vs. Convergence.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\ITIL v3 - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\News Center, Press Releases, Media Kit, Press Kit, Logo, Photos, Video, Commercials - Shell Point Retirement Community - Fort Myers, Florida.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\revealed - Synonyms from Thesaurus.com.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\Verizon Wireless - My Account Logout.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29A\What is Tux - a definition from Whatis.com - see also penguin, Linux logo.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29B\facebook - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29B\Healthful Feast Banquet.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29B\Highland Glen Dr, Chesterfield, VA 23838 to 411 N Harrison St, VA 23220 - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29B\Institute for Healthcare Improvement Emerging Content.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29B\NCQA Programs Physician Recognition.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29B\The Prometheus Institute.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29C\Health Data Management Report I.T. Could Improve Finances (September 20, 2007).url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 29C\IT-Business Alignment vs. Convergence.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 3\10 Most Powerful Women in IT - An IT Pioneer.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 3\ashburn va - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 3\Top 100 Classic Websites - Top 100 Classic Web Sites - News and Analysis by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 3\Web 2.0 integration poses challenges and rewards.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 3 Reading\Relationship management essential part of IT, business alignment.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 8\Online Services - Account Login.url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 8\Independence Golf Club Championship Golf Course.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 8\IT's Most Taxing Tasks.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 8\ITIL strategies for CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Sep 8\What is point-of-sale terminal - a definition from Whatis.com - see also POS, POS terminal.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\September 2007 Research Cost Management - Cost Management Slide 12.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Sheepskin And Things Mukluks, Moccasins, Slippers, cherokee Jewelry & sheepskin Native Made Purses.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Widgetbox › My Twitter Feed Widget.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Williams-Sonoma Catalog.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Windows Web Hosting From 3Essentials Inc.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\Adobe - Online Events Event Details.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\AHRQ National Resource Center For Health IT.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\SitePoint Forums.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\Thesaurus.com.url:favicon 5222 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\web 2.0 - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\Google.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\NPR.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Work\PC Magazine Utilities Index by Name Ascending - Downloads by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\www (zude.com).url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\YonKa Authorized Internet Sales.url:favicon 568 bytes
C:\Documents and Settings\mldellafera\Favorites\YourWebPro builds and manages quality sites online.url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\Zillow Real Estate.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Systems thinking - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\talking-book-store.com - Download a Great MP3 Or WMA Audio Book Today.url:favicon 11294 bytes
C:\Documents and Settings\mldellafera\Favorites\Technical Instruction.url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\Technology for Aging\From Smart Homes to Smart Care ... - Google Book Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\TechSoup Technology Planning Links.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\E-junkie Shopping Cart for sales downloads.url:favicon 1334 bytes
C:\Documents and Settings\mldellafera\Favorites\easyDNS Members Login.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Economist.com.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\EETimesCareers.com - career resources, news, jobs and resumes in Information Technology and Engineering (Mary Lou Leeder).url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\EFT and Cat Sitting\Highland Glen Dr, Chesterfield, VA 23838 to Claybar Trail, Richmond, VA 23236 - Google Maps.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Cranky Geeks.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Creative GigaWorks S750 PC Speaker reviews - CNET Reviews.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Cuban Cigars - Buy cheap at CigarsClub online Shop.url:favicon 2494 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan 20080125\6FigureJobs - The leading site for executive job seekers, employers and executive recruiters.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan 20080125\Google.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan 20080125\InterviewUp – Job Interview Questions and Answers – common tips techniques skills advice for free.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan 20080125\SEO Help And Tools For New Webmasters SEONoobs.Com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan 20080125\USPS - Employment Forms.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan112008\Consulting.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan112008\VoIP staffing means balancing skills, expertise.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan200821\Best Practices in Interactive Marketing Drive More Value from Your Online Presence.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan200821\Google.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan200821\LG Rumor Full Review - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan200821\TechCareers.com - career resources, news, jobs and resumes in Information Technology and Engineering.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Jan200821\WITI - Growing Within Your Company Key Strategies To Achieve Success Right Where You Are.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Job Search\Calendar - Virginia Career Network (Richmond, VA) - Meetup.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Job Search\Careers - Federal Reserve Bank of Richmond.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Job Search\Defense Jobs at Northrop Grumman.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Job Search\Google.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Job Search\LinkedIn Account & Settings.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Job Search\LinkedIn Colin Konschak, MBA, FHIMSS, FACHE.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Imprivata and HIPAA - The Race to Comply.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Independence Golf Club Championship Golf Course.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Indiana University School of Informatics at IUPUI Future Students.url:favicon 2550 bytes
C:\Documents and Settings\mldellafera\Favorites\INFORMATION TECHNOLOGY PROJECTS MANAGER.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Inspire - News & Publications.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Institute for Healthcare Improvement Strategic Initiatives.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Internet Evolution - The Big Report - Web 2.0's Biggest $inkholes.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Internet Explorer 7 freezes at startup How to disable add-ons for IE7 « David’s logbook.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Mary Lou Leeder Personal Portfolio.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Mashable! - The #1 Social Networking and Social Media News Blog.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Mastercard CIO Rob Reeg on PPM (news podcast).url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\May 05 2008\ACH payment processing - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\May 05 2008\Choosing an EMR.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\May 05 2008\Dog Videos.url:favicon 4150 bytes
C:\Documents and Settings\mldellafera\Favorites\May 05 2008\Health Results Team Delaware - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\May 05 2008\Wachovia.com You have successfully logged out..url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\May 23 Elec Proc\ACH Accept Checks on your Website or Web Catalog. ACH allows internet customers to pay check by internet SMART Payment Solutions.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\May 23 Elec Proc\Centon DSP4GB-007 Data Stick Pro 4GB USB Flash Drive at CompUSA.com.url:favicon 2104 bytes
C:\Documents and Settings\mldellafera\Favorites\May 23 Elec Proc\MAPLight.org.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\May 23 Elec Proc\Rent A Coder - Fix and Finish Web Site.url:favicon 26694 bytes
C:\Documents and Settings\mldellafera\Favorites\May 23 Elec Proc\Virtual Check.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\May 23 Elec Proc\XRamp Premium SSL Certificate SSL.com Secure SSL Certificates.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\May 30 2008\AidMyTennisElbow Shop.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\May 30 2008\Google.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\May 30 2008\Making the case for capital investments.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\May 30 2008\The Dell Online Store Build Your System.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\MedHelp - Medical Information, Forums and Communities.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 4 2008\Main Page - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 4 2008\Careers - Virginia Credit Union.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 4 2008\financial institution products and services - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 4 2008\financial services Information and Much More from Answers.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 4 2008\Main Page - Wikipedia, the free encyclopedia (2).url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 4 2008\NPR Morning Edition.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 4 2008\pediatric connection - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 08 Reading\6FigureJobs Executive Newsletter. (2).url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 08 Reading\6FigureJobs Executive Newsletter..url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 08 Reading\Change management A better starting point for ITIL.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 08 Reading\Midmarket slow to adopt ITIL v3.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 08 Reading\Page 7 - How CIOs Stays Relevant with a CFO Boss.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 08 Reading\Report Planned State IT Projects To Boost Vendor Business - iHealthBeat.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\Careers - Virginia Credit Union.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\financial institution products and services - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\financial services Information and Much More from Answers.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\Fractional-reserve banking - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\Google.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\Lending And Philanthropy In The Internet Age -- Microlending -- InformationWeek.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\PayScale - Salary Survey, Salaries, Wages, Compensation Information and Analysis.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 5 2008\pediatric connection - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Find Project Manager - Electronic Healthcare Records jobs at Dice.com.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\PsiTek - The Master Key System - FREE.url:favicon 14366 bytes
C:\Documents and Settings\mldellafera\Favorites\Quickly removing scratches from CDs and DVDs Wise Bread.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Rattan Cat Litter Pan Covers - MG.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\ReadyTalk - Conference Conclusion Page.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\RealAge Aging Well Center — Mind Games.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Realspace Soho™ Shaftsbury Avenue Writing Desk With Hutch And Stool, Dark Cherry at Office Depot..url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Recruitment Puzzle Source « DudleyDoorite’s Weblog.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Release notes for Windows XP Service Pack 3.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Antique Black Coffee Table With Slate Top.url:favicon 634 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\44 project management processes - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\best electronic security for healthcare - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\Clinical System Implementation Senior Consultant (40633) job in Richmond, VA - BearingPoint, Inc SimplyHired.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\Government Health Government Healthcare Solutions eds.com.url:favicon 5430 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\Project management - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\SAP ERP on-demand challenge lofty, but not impossible.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\Sephora Benefit Cosmetics Erase Paste Concealer.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\The Dell Online Store.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 10 2008\Washington DC PMP Exam Course 4 Day Boot Camp Jun 9-12, 2008 Crosswind Project Management Inc..url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 15 2008\Government Healthcare BPO Services eds.com.url:favicon 5430 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 15 2008\Our Favorite Bluetooth Headsets - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 15 2008\peter finney eds - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 15 2008\QuadraMed Candidate Portal.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 15 2008\Rational Asset Manager demos.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 15 2008\The Dell Online Store Build Your System.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 2 2008\91 Utilities to Supercharge Windows - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 2 2008\AHIMA Health Information and Privacy Week - Electronic & Computerized Medical Records.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 2 2008\Google.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 2 2008\Light Reading - IP & Convergence - Google Goes Nuclear - Telecom News Analysis.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 2 2008\onforce_white_paper_8ways.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 2 2008\Washington DC PMP Exam Course $1695 - Crosswind Project Management Inc..url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\Buyer FAQ.url:favicon 26694 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\Government Healthcare BPO Services eds.com.url:favicon 5430 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\HIMSS State Dashboard- tracking RHIOs, HIT Grant Information, and HIT State Legislation.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\peter finney eds - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\QuadraMed Candidate Portal.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\Rational Asset Manager demos.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\The Dell Online Store Build Your System.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Apr 20 2008\Wachovia.com You have successfully logged out..url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\APTAC-Procurement Technical Assistance Centers, getting government down to business..url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Archie McPhee® Toys, Gifts & Novelties.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\5 Reasons to Deploy a Corporate Social Network.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\6 reviews - Deluxe Laptop-Reading Cart reviews in Desks & Hutches - Buzzillions.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\6FigureJobs - The leading site for executive job seekers, employers and executive recruiters.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\75 Question Lehmann Test.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\A New Tool for Boards The Strategic Audit.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\FXstyle-Templates.com - The Professional of Website Templates (Flash, Dreamweaver, Frontpage, Photoshop).url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\garbage Never Be Free MP3 Download - MP3Fiesta.com.url:favicon 6894 bytes
C:\Documents and Settings\mldellafera\Favorites\Gas Fireplace ODS Depletion Tips.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Enterprise Software Directory - Find Business Management Software at Capterra.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 22 2008\Mt Sinai School of Medicine, 1 Gustave L Levy Pl, New York, New York, New York, United States - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 22 2008\Music of the Hollows.url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 22 2008\TechCareers.com - career resources, news, jobs and resumes in Information Technology and Engineering.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 22 2008\Web 3.0 The Next Web Networking & Communications bMighty.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 22 2008\world trade center site new york city new york - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\from 117 milltown road belfast ireland to 32 ardmore road Maydown, Londonderry, Derry United Kingdom - Google Maps.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\ITIL strategies for CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\MalWare Removal • Malware Removal - University Available..url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Dr. Jeffrey Thompson’s Brainwave Music at TheRelaxationCompany.url:favicon 6598 bytes
C:\Documents and Settings\mldellafera\Favorites\Grumpy Old Bookman Nassim Nicholas Taleb The Black Swan.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Hair Care USA .url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Harris Interactive News Room Newsletters Healthcare News.url:favicon 4710 bytes
C:\Documents and Settings\mldellafera\Favorites\Pet Food Recall.url:favicon 2550 bytes
C:\Documents and Settings\mldellafera\Favorites\Pet Stow Away Car Seat - Suitcase - Pet Bed - All in One.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Petfinder PetNotes.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\PetGuys - Online Pet Products, Pet Supply Store.url:favicon 6598 bytes
C:\Documents and Settings\mldellafera\Favorites\Laurentian Chief at SoftMoc.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Leadership and strategic planning news, help and research - SearchCIO.com.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Leadership and strategy for CIOs.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Lifehacker.url:favicon 9062 bytes
C:\Documents and Settings\mldellafera\Favorites\Linksys Music Bridge Support.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Linux vs Windows web Hosting does it make a difference.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Liquid and Dry Measurement Equivalents.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\liquidplanner Online Project Management Software, Collaboration, Scheduling - Contact Info.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\PMP Exam Review Boot Camp - Crosswind Project Management Inc..url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\podrunner Exercise music for runners, spinners, or any fast-paced workout on PodcastAlley.com -- The place to find Podcasts.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\PolitiFact A service of the St. Petersburg Times and CQ.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Powhatan Democrats Links Page.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\The iPhone Is No Desktop - Columns by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\The Must-Haves for Your Mainstream Laptop - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\The spreadsheet of sunshine Who's hiring (updated) Webware - CNET.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\The Ten Greatest Hacks of All Time - Greatest Hacks 6-10 - Features by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\The Training of the Helpless Physician.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Milano Bar Stool.url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\MindFit Memory Training brain training software for healthy aging.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Minimize Outlook 2003 To Taskbar.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\Amazon.com Presentation Zen Simple Ideas on Presentation Design and Delivery (Voices That Matter) Garr Reynolds Books.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\Barack Obama and Joe Biden The Change We Need Change We Need Rally with Barack Obama in Richmond.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\Groups Challenge Warrantless E-Mail Spying Law.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\HIMSS Weekly Insider - Wednesday, October 22, 2008.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\Internet Evolution - The Big Report - Web 2.0's Biggest $inkholes.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\Tech`s Role in the Presidential Campaigns - IT Management.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\The Must-Haves for Your Mainstream Laptop - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\October 22 2008\WCVE PBS.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Amazon.com Presentation Zen Simple Ideas on Presentation Design and Delivery (Voices That Matter) Garr Reynolds Books.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Barack Obama and Joe Biden The Change We Need Youth for Obama.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Create a business impact analysis in 10 easy steps.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Groups Challenge Warrantless E-Mail Spying Law.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\HIMSS - HIT EVENT Industry Solutions Webinar -- Picis Using Business Intelligence to Optimize the Business of the OR.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\HIMSS Weekly Insider - Wednesday, October 22, 2008.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Internet Evolution - The Big Report - Web 2.0's Biggest $inkholes.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\ISYS Search Software - ISYS White papers.url:favicon 4710 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Managing IT risk in the enterprise (Expert podcast).url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Morning Edition NPR.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\NPR National Public Radio News & Analysis, World, US, Music & Arts.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\Tech`s Role in the Presidential Campaigns - IT Management.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\The Must-Haves for Your Mainstream Laptop - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\October 24 2008\WCVE PBS.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Office Online EOS - Microsoft Office Online.url:favicon 2862 bytes
C:\Documents and Settings\mldellafera\Favorites\Official Payments Corp..url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Online Florist Gerber Daisies.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Online Personal Health Record - Hunterdon Healthcare System.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\USPS - Employment Forms.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\VAHIMSS\480 McLaws Cir, Williamsburg, VA 23185 to 1010 Kingsmill Rd, Williamsburg, VA 23185 - Google Maps.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\VAHIMSS\Agenda.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\VAHIMSS\choicehotels.com Room Availability.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\VAHIMSS\HIMSS (Healthcare Information and Management Systems Society).url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\VCU Health System Jobs Healthcare careers - Yahoo! HotJobs.url:favicon 6598 bytes
C:\Documents and Settings\mldellafera\Favorites\State Industries - Solid. State..url:favicon 842 bytes
C:\Documents and Settings\mldellafera\Favorites\The Informatics Review About The Informatics Review.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\User Manuals.url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\VistaKEANE Payroll streamlines the payroll process and maintains Human Resources information..url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Bnet IT Information Resource.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Books, Kits and Tools for Caring Pumpkins!.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Bose Home Entertainment - Featured Promotion - 10% Savings on Select Bose Outdoor Speakers.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Business Insurance Quotes.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Richmond.com-New Business - New Businesses, Companies and Organizations in Richmond, Virginia.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\salary.com Salary Wizard.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Dec 10 2008\Use reports - Microsoft Office Online.url:favicon 2862 bytes
C:\Documents and Settings\mldellafera\Favorites\Dec 17\Central Virginia Waste Management Authority (CVWMA).url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Dec 17\Thinking of You Chocolate Tower.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Dec 5 08\Allrecipes Print Recipes.url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\Dec 5 08\Grimm's Complete Fairy Tales, Jacob Grimm, Book - Barnes & Noble.url:favicon 3438 bytes
C:\Documents and Settings\mldellafera\Favorites\Dec 5 08\Search Results nachos - CHOW.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Dell Coupons, HP Coupon Codes, Dell Coupon, Deals, Bargains, Freebies - Cheap Stingy Bargains.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Dell Financial Services L.P..url:favicon 4710 bytes
C:\Documents and Settings\mldellafera\Favorites\Deluxe Laptop-Reading Cart - Computer Carts at Computer Desks.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Entrez PubMed.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Epinions.com - Posts in All cosmetics for a buck....url:favicon 2494 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 13 2008\99 designs by designabot - SitePoint Design Contests.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Feb 13 2008\ibahn general - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\August 7\AHRQ National Resource Center For Health IT.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\August 7\Critical Chain Project Management - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\August 7\PM Zilla - PMP Exam Prep ( Project Management Professional ) PMP Certification Exam Preparation Tips, Tricks and Materials.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\August 7\Preparation Training for the PMP® Exam.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Baretraps Sandals at Shoe Station, The South's Largest Shoe Stores.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Citrix Systems » Case Studies by Industry.url:favicon 1078 bytes
C:\Documents and Settings\mldellafera\Favorites\Clean Run Pet Supplies.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Clinical System Implementation Senior Consultant (40633) job in Richmond, VA - BearingPoint, Inc SimplyHired.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Design and Resource Center layout (Centennial).url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Design Courses - Online Class Catalog.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Editing Sites\  - Google Search.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Editing Sites\Verve Internet Solutions, Philadelphia Web Design and Development company helps organizations bring their missions to life online.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Field Trip\ myNDMA -- Proactive Personal Health Information Management .url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Field Trip\AHRQ National Resource Center For Health IT.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Field Trip\Online Personal Health Record - Hunterdon Healthcare System.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Web Field Trip\SitePoint Forums.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\web hosting\HostReview Recommended Hosts ASP.Net Web Hosting.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\web hosting\Web hosting provider - Bluehost.com - domain hosting - PHP Hosting - cheap web hosting - Frontpage Hosting E-Commerce Web Hosting Bluehost.url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\web hosting\Web Hosting Reviews - Windows vs. Linux.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\WEB HOSTING Compare Prices, Consumer Reviews, Help, Guides, Cheap Web Hosting To Ecommerce.url:favicon 3774 bytes
C:\Documents and Settings\mldellafera\Favorites\Web-based time tracking, task management and project management Intervals.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Stefania Viscusi - 2. TMCnet Staff.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Strategic planning - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Striumph PMP Training in Richmond.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\StumbleUpon WebToolbar - Internet Slang Dictionary - Words Starting With A.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\HFMA Resource Library and Financing the Future Project.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\HHS - Health Information Technology.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\HIMSS - Vantage Point Archive.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\HIMSS Weekly Insider - Physician Podcast Series.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\HIMSS Weekly Insider - Wednesday, July 09, 2008.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\1224537671.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\AHRQ National Resource Center For Health IT.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\Amazon Online Reader One Small Step Can Change Your Life The Kaizen Way.url:favicon 17542 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\Creating a Reliable Security Policy.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\Democracy via technology Obama and the power of Web 2.0 — TotalCIO.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\Health Industry Sees Benefits, Hurdles to New Coding System - iHealthBeat.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\How to Ensure IT Job Security Despite an Economic Meltdown - TechCareers.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\Intel To Pilot New Home Health Care Monitoring Technology - iHealthBeat.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\Intellect Resources.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\NPR National Public Radio News & Analysis, World, US, Music & Arts.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\November 13 2008\Ten imperatives for midmarket IT strategy in 2009.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\NPR Podcast Directory.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 14\SCI FI Wire The News Service of the SCI FI Channel SCIFI.COM.url:favicon 2494 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 14\Wachovia.com Logout.url:favicon 7406 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 22 2008\Amazon.com Presentation Zen Simple Ideas on Presentation Design and Delivery (Voices That Matter) Garr Reynolds Books.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 22 2008\Barack Obama and Joe Biden The Change We Need Change We Need Rally with Barack Obama in Richmond.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 22 2008\Internet Evolution - The Big Report - Web 2.0's Biggest $inkholes.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 22 2008\Tech`s Role in the Presidential Campaigns - IT Management.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 22 2008\The Must-Haves for Your Mainstream Laptop - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 22 2008\WCVE PBS.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\Amazon.com Presentation Zen Simple Ideas on Presentation Design and Delivery (Voices That Matter) Garr Reynolds Books.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\Barack Obama and Joe Biden The Change We Need Change We Need Rally with Barack Obama in Richmond.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\Create a business impact analysis in 10 easy steps.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\Groups Challenge Warrantless E-Mail Spying Law.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\HIMSS Weekly Insider - Wednesday, October 22, 2008.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\Internet Evolution - The Big Report - Web 2.0's Biggest $inkholes.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\ISYS Search Software - ISYS White papers.url:favicon 4710 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\Managing IT risk in the enterprise (Expert podcast).url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\Tech`s Role in the Presidential Campaigns - IT Management.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\The Must-Haves for Your Mainstream Laptop - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 24 2008\WCVE PBS.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 5 08\AMS ADVANTAGE Vendor Self Service (2).url:favicon 22798 bytes
C:\Documents and Settings\mldellafera\Favorites\Oct 5 08\AMS ADVANTAGE Vendor Self Service.url:favicon 22798 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\Amazon.com Presentation Zen Simple Ideas on Presentation Design and Delivery (Voices That Matter) Garr Reynolds Books.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\Barack Obama and Joe Biden The Change We Need Change We Need Rally with Barack Obama in Richmond.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\Escaping the shackles of static IT mentality.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\Groups Challenge Warrantless E-Mail Spying Law.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\HIMSS Weekly Insider - Wednesday, October 22, 2008.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\Internet Evolution - The Big Report - Web 2.0's Biggest $inkholes.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\Tech`s Role in the Presidential Campaigns - IT Management.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\The Must-Haves for Your Mainstream Laptop - Reviews by PC Magazine.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\October 10 22 2008\WCVE PBS.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Slate Inlay Top And Storage Shelf Coffee Table.url:favicon 634 bytes
C:\Documents and Settings\mldellafera\Favorites\Sleep Apnea Symptoms, Causes, Diagnosis, and Treatment.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Slideshows for Downtime.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\SmartFTP Client (32-bit) - Free Software Downloads and Software Reviews - Download.com.url:favicon 29926 bytes
C:\Documents and Settings\mldellafera\Favorites\SnapFiles Shareware and Low-Cost Utilities.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\SocialToo.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\New Homes Virginia Master Planned Communities Home Builders.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Map of Italy Multimap.com.url:favicon 766 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 18 08\Dining Furniture Furniture Target.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 18 08\Eos Books - The Next Chapter Kim Harrison wants you to win an iPhone..url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 18 08\Iomega 160GB Silver eGo Hi-Speed USB 2.0 Portable External Hard Drive - Buy.com.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 18 08\PMP Certification - Google Search.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 23 08\QuadraMed Candidate Portal.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 23 08\AHIMA - American Health Information Management Association.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 23 08\Grid Computing Operating System for Web Applications 3tera.url:favicon 1150 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 23 08\Locations.url:favicon 1386 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 23 08\Medical Coding & Health Information Management Certification AHIMA.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 23 08\Washington DC PMP Exam Course $1695 - Crosswind Project Management Inc..url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 27 2008\About Quadramed - Management Team.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 27 2008\Are you operationally ready to recover from a nondisaster.url:favicon 894 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 27 2008\Intellect Resources.url:favicon 3638 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 27 2008\Page 10 - 8 Simple Steps to Protect Your Database.url:favicon 2238 bytes
C:\Documents and Settings\mldellafera\Favorites\Mar 27 2008\The 5th Annual World Health Care Congress.url:favicon 15558 bytes
C:\Documents and Settings\mldellafera\Favorites\March 24 08\AHIMA - American Health Information Management Association.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\Favorites\March 24 08\Locations.url:favicon 1386 bytes
C:\Documents and Settings\mldellafera\Favorites\March 24 08\Modern Healthcare Online.url:favicon 4286 bytes
C:\Documents and Settings\mldellafera\Favorites\March 24 08\News and Events at QuadraMed.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\March 24 08\RedEnvelope - herbes de provence growing kit.url:favicon 1406 bytes
C:\Documents and Settings\mldellafera\Favorites\March 24 08\Washington DC PMP Exam Course $1695 - Crosswind Project Management Inc..url:favicon 822 bytes
C:\Documents and Settings\mldellafera\Favorites\March 3 2008\Page 2 - The Cost Of Bad IT Economics.url:favicon 3262 bytes
C:\Documents and Settings\mldellafera\Favorites\March 3 2008\Public key certificate - Wikipedia, the free encyclopedia.url:favicon 318 bytes
C:\Documents and Settings\mldellafera\My Documents\SW\Vista Readiness Test.url:favicon 26694 bytes
mlleeder
2009-02-14, 21:53
I hope that was the best way to post the very long log...and that it's readable, usable, etc.
I'm happy to do whatever I have to do, but if I'm making it harder than it needs to be, please let me know.
I especially don't want to make it harder for you to review than it needs to be.
I'm sure I posted the whole log, though - without missing any lines.
...although I thought the sun might go nova before I managed to get it done! :-)
mlleeder
2009-02-14, 22:07
Famous last words....."I'm sure I got the entire report without missing any lines"......... not quite..
This was the last line submitted in Part 3 of 3:
C:\Documents and Settings\mldellafera\My Documents\SW\Vista Readiness Test.url:favicon 26694 bytes
---------------------------------------------------
here are the lines that printed immediately after that:
scan completed successfully
hidden files: 3243
< End of report >
[/code]
Hi mlleeder
I do not see anything that does not look OK.
System Slow?
You may wish to try StartupLite. (http://www.malwarebytes.org/startuplite.php) Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware (http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112)
1 - Clean temp files
Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.Double-click ATF Cleaner.exe to open it.
Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.
if you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
if you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.
Click Exit on the Main menu to close the program
2 - Kaspersky Online Scan
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.
3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad
4 - Status Check
Please reply with
1. the Kaspersky online scanner report
2. a fresh HijackThis log
Thanks peku006
mlleeder
2009-02-15, 00:04
Peku006, thanks, but the google search is still not performing properly.
Please help! should I run another kind of scan? Something's not working properly!
Here's an example:
Using Google (the search field) I searched for "Transformation" I copied the first few results and pasted them below. Note what was returned in the first two, for example - instead of redirecting me to wikipedia, the link at the end of the entry is the bogus "police-antivirus.com" which takes me to http://xp-police-av.com/lands/promo3/
The next Wikipedia hit redirects to "mostermarketplace," and so on.
Transformation (genetics) - Wikipedia, the free encyclopediaIn molecular biology, transformation is the genetic alteration of a cell resulting from the uptake, genomic incorporation, and expression of foreign genetic ...
police-antivirus.com - 38k - Cached - Similar pages
Transformation - Wikipedia, the free encyclopediaFeb 1, 2009 ... Chemical transformation, in chemistry, shows the conversion of a substrate to a product omitting the reagents or catalysts. ...
www.monstermarketplace.com/ - 28k - Cached - Similar pages
transformation - Definition from the Merriam-Webster Online DictionaryDefinition of transformation from the Merriam-Webster Online Dictionary with audio pronunciations, thesaurus, Word of the Day, and word games.
www.bankingmyway.com/mortgages - 36k - Cached - Similar pages
mlleeder
2009-02-15, 00:08
Sorry, I meant to mention - I'll run the scans (HijackThis and Kapersky) that you mentioned and send the logs. I need to run out now, so they won't show up for a few hours..so, unless you're working all night, I don't expect you'll get to them until morning....
Thanks again......
mlleeder
2009-02-15, 08:33
It complains that I need to have Java 1.5 installed. According to Java (from Control Panel), my version is:
Version 6 update 12 (build 1.6.0_12-b04)
I've tried uninstalling all Java versions, then reinstalling. I end up with version indicated above. Kapersky online scan won't run - just keeps asking for Java 1.5 or above.
If you have any instructions on how to make this run, please let me know. I'll move on to running a fresh HijackThis log.
mlleeder
2009-02-15, 08:36
OK, here's the fresh HijackThis log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:35:14 AM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\1-Click Answers\answers.exe
C:\Program Files\1-Click Answers\agtserv.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\mldellafera\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.isp.com/members/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - {0B1B0D47-95F7-4bad-9309-A945B655AE61} - "C:\Program Files\Naturalsoft\NaturalReader66\IsRegSpy.exe" (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: NVRIEbar.IEbar - {BCBF738C-4891-4B9A-959A-C6BF7F608C3A} - C:\Program Files\Naturalsoft\NaturalReader66\NVRIEbar.dll
O3 - Toolbar: BitZipperSearch Toolbar - {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - C:\Program Files\BitZipperSearch\tbBitZ.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [InstaBack] C:\Program Files\PC Magazine Utilities\InstaBack\InstaBack.exe /a /t
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ButtonBoogie.lnk = C:\Program Files\PC Magazine Utilities\ButtonBoogie\ButtonBoogie.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click Answers\answers.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: Answers... - file:C:\Program Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: APEX Weight Center 1.1.0.685 - https://application.bodybugg.com/files/static/install/bmapex_1_1_0_685.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.bniva.com/qp2.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderControl.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webiqonline.com/WebIQ/bin/WebIQ.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128433495656
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {DCDC28C5-831C-43EA-9C02-78872CCCA409} (VPlayer Control) - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://nrc.webex.com/client/T25L/event/ieatgpc.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - Unknown owner - C:\WINDOWS\SYSTEM32\DWRCS.EXE (file missing)
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicWall VPN Client Service (RampartSvc) - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 17542 bytes
Hi mlleeder
I am not yet quite sure about that "google search" trouble......I will continue searching :)
Lets´s try different online-scan
F-Secure Online Scan
Please go to F-Secure website (http://support.f-secure.com/ols3beta/start.html) to perform an online scan. Click on Start scanning at the bottom of the page.
You may be prompted to install an ActiveX before you are able to accept the License Agreement. If prompted, please install it. After installing, the Accept button will be available.
Click on Accept to accept the License Agreement.
Click on Custom Scan. Under Virus Scan Options, select the Scan whole system option.
Under Other Scan Options, select these options: Scan all files
Scan whole system for rootkits
Scan whole system for spyware
Scan inside archives
Use advanced heuristics Click Start.
It will start installing the scanner and virus definitions. Once the installation is done, it will start scanning automatically. This takes a while. Please be patient.
Click on I want decide item by item.
Under Actions, select None for all infections found.
Click Next.
Click on Show Report.
Please copy and paste this report in your next reply.
Click Finish.
Hi mlleeder
Open Notepad.
Copy the text from the box to an empty file.
Save it as export.bat to your desktop.
Choose save as all types
regedit /e C:\look.txt "HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32"
Close Notepad.
Locate Export.bat on your Desktop and double-click on it It will create a file called look.txt in C:\
Copy the entire text and past it to your reply here in this topic.
Thanks peku006
mlleeder
2009-02-15, 21:06
Thank you for the additional instructions; for your information, I want to let you know what's going on with this:
I started the F-Secure Online scan about 9:00 am EST - about 5 hours ago.
The Online Scan seems to be running fine; below is a snapshot of the F-Secure status screen as of now:
Scanning. Please wait...
Target:
C:\ + system for malware + system for rootkits
Currently scanning:
C:\Program Files\Intuit\QuickBooks 2006\Components\DownloadQB16\Patch\QB2006_Core_R6R7_msp.dat\stream 2\premier_n.chm
Scanned:
388729
Skipped:
24
Viruses:
0
Hidden items:
0
Spyware:
1
When this is finished, I will proceed with your instructions to create and run export.bat.
mlleeder
2009-02-16, 00:58
Hi, peku006, just checking in...
Hard to believe, but it's still going! As I recall, the number of files typically scanned (by AdAware, for example), is between 700000 and 800000; F-Secure is now up to about 625000.
I'm assuming it's slow because it's an Online scan, as opposed to a scan that runs locally.
I'm hoping I'll be able to have the log and the "look.txt" file posted before tomorrow (using GMT+1). Not sure you'll be able to look at it until tomorrow, though.
Regards,
mlleeder
2009-02-16, 02:41
Peku006; the scan finally finished, after almost 11 hours! I selected "Decide Item by Item" and selected "None" for Actions.
Report is below:
--------------------------
Scanning Report
Sunday, February 15, 2009 08:51:49 - 19:32:25
Computer name: MARYLOU
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
--------------------------------------------------------------------------------
Result: 9 malware found
TrackingCookie.2o7 (spyware)
System
Trojan-Downloader.Win32.Agent.caa (virus)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80000.VBN (Disinfected & Submitted)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80001.VBN (Disinfected & Submitted)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80002.VBN (Renamed & Submitted)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80003.VBN (Renamed & Submitted)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80004.VBN (Renamed & Submitted)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80005.VBN (Renamed & Submitted)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80006.VBN (Renamed & Submitted)
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80007.VBN (Renamed & Submitted)
--------------------------------------------------------------------------------
Statistics
Scanned:
Files: 693287
System: 6013
Not scanned: 150
Actions:
Disinfected: 2
Renamed: 6
Deleted: 0
None: 1
Submitted: 8
Files not scanned:
x~�@�*ONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\CSC\d7\800006AE\SETUP.WZ\WINZIP32.EX_
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MASTER.MDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MASTLOG.LDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MODEL.MDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MODELLOG.LDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MSDBDATA.MDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MSDBLOG.LDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\TEMPDB.MDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\TEMPLOG.LDF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSPCL.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\REFSAN.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\MISTRAL.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\PAPYRUS.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\FREESCPT.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNB.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNBI.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALNI.TTF
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\ZF612707.CAB\ARIALN.TTF
C:\INETPUB\CATALOG.WCI\CICL0001.000
C:\INETPUB\CATALOG.WCI\CIP10000.000
C:\INETPUB\CATALOG.WCI\CIP20000.000
C:\INETPUB\CATALOG.WCI\CIPT0000.000
C:\INETPUB\CATALOG.WCI\CISL0001.000
C:\INETPUB\CATALOG.WCI\CISP0000.000
C:\INETPUB\CATALOG.WCI\CIST0000.000
C:\INETPUB\CATALOG.WCI\CIVP0000.000
C:\INETPUB\CATALOG.WCI\INDEX.000
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT.LOG
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\TEMP\PERFLIB_PERFDATA_788.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT.LOG
C:\DOCUMENTS AND SETTINGS\MLDELLAFERA\NTUSER.DAT
C:\DOCUMENTS AND SETTINGS\MLDELLAFERA\NTUSER.DAT.LOG
C:\Documents and Settings\mldellafera\My Documents\SW\ZDnet\Free\Music_Download_Search_Engine.exe\AutoPlay\autorun.cdd\_detect.dat
C:\Documents and Settings\mldellafera\My Documents\SW\ZDnet\Free\Music_Download_Search_Engine.exe\AutoPlay\autorun.cdd\_proj.dat
C:\Documents and Settings\mldellafera\My Documents\SW\ZDnet\Free\Music_Download_Search_Engine.exe\AutoPlay\autorun.cdd\_fonts.dat
C:\Documents and Settings\mldellafera\My Documents\PUMH Documents\iTunesSetup.exe\1031.mst\stream 1
C:\Documents and Settings\mldellafera\My Documents\PUMH Documents\iTunesSetup.exe\1034.mst\stream 1
C:\Documents and Settings\mldellafera\My Documents\PUMH Documents\iTunesSetup.exe\1040.mst\stream 1
C:\Documents and Settings\mldellafera\My Documents\PUMH Documents\iTunesSetup.exe\1043.mst\stream 1
C:\DOCUMENTS AND SETTINGS\MLDELLAFERA\L��r
C:\HIBERFIL.SYS
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\PERFLIB_PERFDATA_25C.DAT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
C:\WINDOWS\CSC\d7\800006AE\SETUP.WZ\WINZIP32.EX_
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MASTER.MDF
C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL.1\MSSQL\DATA\MA�G
--------------------------------------------------------------------------------
Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Hydra: 3.6.8511, 2009-02-13
F-Secure AVP: 7.0.171, 2009-02-13
F-Secure Pegasus: 1.20.0, 1969-11-31
F-Secure Blacklight: 0.0.0
Scanning options:
Scan all files
Scan inside archives
Use Advanced heuristics
mlleeder
2009-02-16, 02:50
Peku006, below is the text from the file "C:\look.txt"
Looking forward to our next steps....
Thanks again for your help.
-----------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midimapper"="midimap.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msadpcm"="msadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.trspch"="tssoft32.acm"
"vidc.cvid"="iccvid.dll"
"vidc.I420"="msh263.drv"
"vidc.iv31"="ir32_32.dll"
"vidc.iv32"="ir32_32.dll"
"vidc.iv41"="ir41_32.ax"
"vidc.iyuv"="iyuv_32.dll"
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvu9"="tsbyuv.dll"
"vidc.yvyu"="msyuv.dll"
"wavemapper"="msacm32.drv"
"msacm.msg723"="msg723.acm"
"vidc.M263"="msh263.drv"
"vidc.M261"="msh261.drv"
"msacm.msaudio1"="msaud32.acm"
"msacm.sl_anet"="sl_anet.acm"
"msacm.iac2"="C:\\WINDOWS\\system32\\iac25_32.ax"
"vidc.iv50"="ir50_32.dll"
"msacm.l3acm"="C:\\WINDOWS\\system32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"vidc.LEAD"="LCODCCMP.DLL"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"vidc.ffds"="C:\\Program Files\\ffdshow\\ffdshow.ax"
"VIDC.MJPG"="pvmjpg21.dll"
"wave2"="wdmaud.drv"
"midi2"="wdmaud.drv"
"mixer2"="wdmaud.drv"
"aux"="wdmaud.sys"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\Terminal Server\RDP]
"wave"="rdpsnd.dll"
"mixer"="rdpsnd.dll"
"MaxBandwidth"=dword:000056b9
"wavemapper"="msacm32.drv"
"EnableMP3Codec"=dword:00000001
"midimapper"="midimap.dll"
mlleeder
2009-02-16, 03:44
FYI, just to confirm, Google Search results still return bogus sites.
mlleeder
2009-02-16, 12:21
FYI, Norton Antivirus generated the following message, in a window entitled "Symantec AntiVirus Notification":
----------------------
Scan type: Auto-Protect Scan
Event: Threat Found!
Threat: Trojan Horse
File: C:\WINDOWS\TEMP\AB.tmp
Location: Quarantine
Computer: MARYLOU
User: SYSTEM
Action taken: Quarantine succeeded : Access denied
Date found: Sunday, February 15, 2009 11:53:09 PM
--------------------------------
Ad-Aware generated the following, in a window entitled "Send Error Report to Lavasoft":
-----------------------------
Ad-Aware was shut down unexpectedly and has generated an error report.
By sending the error report to Lavasoft you can help us identify the problem and fix it.
Click OK to send the report (no other information will be sent) or Cancel if you prefer not to send it.
-----------------------------
I clicked OK to and sent the report.
mlleeder
2009-02-16, 14:22
Below is the Threat History list from recent Symantec Norton Antivirus scans on my computer, exported as a comma delimited file (csv). I am sending this list in case it will help identify what malware is causing my search hijack problem.
These files have been quarantined. Should I permanently delete them?
Date,Filename,Threat,Threat Type,Action Taken,Computer,User,Original Location,Status,Current Location,Primary Action,Secondary Action,Scan Type,Action Description
2/16/2009 2:32:37 AM,16D80001.VBN,??????,Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\,Still contains 3 infected items,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/16/2009 2:32:37 AM,Adobe.exe,Downloader,File; Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80001.VBN>>C:\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/16/2009 2:32:37 AM,Adobe.exe,Downloader,File; Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80001.VBN>>C:\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/16/2009 2:32:37 AM,Adobe.exe,Downloader,File; Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80001.VBN>>C:\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/16/2009 2:32:36 AM,16D80000.VBN,??????,Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\,Still contains 3 infected items,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/16/2009 2:32:36 AM,Adobe.exe,Downloader,File; Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80000.VBN>>C:\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/16/2009 2:32:36 AM,Adobe.exe,Downloader,File; Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80000.VBN>>C:\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/16/2009 2:32:36 AM,Adobe.exe,Downloader,File; Compressed file,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\16D80000.VBN>>C:\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
2/15/2009 11:53:09 PM,AB.tmp,Trojan Horse,File,Quarantined,MARYLOU,SYSTEM,C:\WINDOWS\TEMP\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Auto-Protect scan,The file was quarantined successfully.
2/14/2009 1:29:50 PM,82.tmp,Trojan Horse,File,Quarantined,MARYLOU,SYSTEM,C:\WINDOWS\TEMP\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Auto-Protect scan,The file was quarantined successfully.
2/14/2009 1:29:41 PM,cgtjbewx.dll,Trojan Horse,File,Quarantined,MARYLOU,mldellafera,C:\DOCUME~1\MLDELL~4\LOCALS~1\Temp\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Auto-Protect scan,The file was quarantined successfully.
2/14/2009 1:29:39 PM,7E.tmp,Trojan Horse,File,Quarantined,MARYLOU,SYSTEM,C:\WINDOWS\TEMP\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Auto-Protect scan,The file was quarantined successfully.
2/14/2009 1:25:36 PM,7B.tmp,Trojan Horse,File,Quarantined,MARYLOU,SYSTEM,C:\WINDOWS\TEMP\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Auto-Protect scan,The file was quarantined successfully.
2/14/2009 1:25:20 PM,cgtjbewx.dll,Trojan Horse,File,Quarantined,MARYLOU,mldellafera,C:\DOCUME~1\MLDELL~4\LOCALS~1\Temp\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Auto-Protect scan,The file was quarantined successfully.
2/14/2009 1:25:13 PM,77.tmp,Trojan Horse,File,Quarantined,MARYLOU,SYSTEM,C:\WINDOWS\TEMP\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Auto-Protect scan,The file was quarantined successfully.
2/14/2009 2:45:44 AM,1[1].pdf,Trojan.Pidief.D,File,Quarantined,MARYLOU,mldellafera,C:\Documents and Settings\mldellafera\Local Settings\Temporary Internet Files\Content.IE5\C4ACFS6N\,Infected,Quarantine,Clean virus from file,Quarantine infected file,Scheduled scan,The file was quarantined successfully.
Hi mlleeder
Please empty your Norton AntiVirus Quarantine. f you don't know how, click here (http://service1.symantec.com/SUPPORT/nav.nsf/docid/2000041213443506).
1 - Download anf Run OTMoveIt3
Download OTMoveIt3 (http://oldtimer.geekstogo.com/OTMoveIt3.exe) by Old Timer and save it to your Desktop.
Double-click OTMoveIt3.exe.
Copy the lines in the codebox below.
:files
C:\Windows\system32\wdmaud.sys file
:Reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"="wdmaud.drv"
Return to OTMoveIt3, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTMoveIt3
Please reply with
the OTMoveIt3 log
How is the computer running now?
mlleeder
2009-02-17, 02:10
========== FILES ==========
File/Folder C:\Windows\system32\wdmaud.sys file not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32\\"aux"|"wdmaud.drv" /E : value set successfully!
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02162009_190424
mlleeder
2009-02-17, 03:17
I can finally search using Google, and not a single bogus link in sight!
Thanks so much for sticking with this, and for taking the time to reply so far into the evening.
After seeing that Google search was working properly, I shut down/restarted - and AdAware loaded on its own again - which it hadn't been doing. I also re-loaded Symantec Anti-Virus.
I then ran my freshly updated version of Spybot, enabled TeaTimer, then Immunized.
If you have any other thoughts about additional virus/spyware protection I should consider, I'd like to hear your recommendations (I know you can't necessarily endorse a specific vendor/product).
Also, I'd really like to learn how to help as a volunteer - I have done a little research into the Malware Removal University and I noticed that UNITE offers training as well. I know it's a lot of work, but I've worked in IT for most of my career and would welcome the challenge. And, I feel strongly about volunteering in communities in which I live and work, and this would be a good way to volunteer in the virtual world/community!
I know it will take a while before I can contribute, but I'm willing - so, if you have any recommendations about with what training program I should start, I'd appreciate your input.
Thanks again, a thousand times over!
Take care,
Hi mlleeder
Great that Google works better now, the scans are fine and it looks like your machine is clean :yahoo:
If you are interested in the fight against malware, I suggest you join the forums at Malware Removal University (http://www.malwareremoval.com/university.php) :welcome:
Next we remove all used tools.
Delete RSIT from your desktop, also delete this folder C:\rsit.
Double-click OTMoveIt3.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
Disable and Enable System Restore-WINDOWS XP
This is a good time to clear your existing system restore points and establish a new clean restore point:
Turn off System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Reboot.
Turn ON System Restore
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
This will remove all restore points except the new one you just created.
Here are some free programs I recommend that could help you improve your computer's security.
Spybot Search and Destroy 1.6
Download it from here (http://www.safer-networking.org/en/mirrors/index.html). Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here (http://www.bleepingcomputer.com/tutorials/tutorial43.html)
Install SpyWare Blaster 4.0
Download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
Find here the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
Download it from here (http://www.winpatrol.com/download.html)
Here you can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Install FireTrust SiteHound
You can find information and download it from here (http://www.firetrust.com/en/products/sitehound)
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector (http://secunia.com/software_inspector/)
F-secure Health Check (http://www.f-secure.com/weblog/archives/00001356.html)
Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Please check out Tony Klein's article "How did I get infected in the first place?" (http://forums.spybot.info/showthread.php?t=279)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) how to prevent Malware.
Happy safe surfing! :bigthumb:
mlleeder
2009-02-18, 05:48
peku006, thanks for the follow-up - I'm so pleased with my system's performance now (in addition to the fact that Google Search works)!
I have completed the final cleanup steps and have copied links so I can download the recommended programs and install tomorrow. As you know, I already have and use Spybot, in addition to AdAware and Norton.
And, I'm glad you pointed me towards the "How did I get Infected Anyway" article - I had already read it once, but couldn't remember where to find it - didn't realize it was right here on Safer Networking:-)
Thanks again, and maybe I'll see you around Malware Removal University - if you still drop in there from time to time!
Best,
MaryLou
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.