HJT log-Thanks to whomever can help me!! (Non Malware Issue)

**loribrewer** · 2009-08-27, 03:52

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:38 PM, on 8/26/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mstart.exe
C:\Program Files (x86)\eFax Messenger 4.3\J2GTray.exe
C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\eFax Messenger 4.3\J2GDllCmd.exe
C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mcomm.exe
C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mlauncher.exe
C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\VSShell\Common7\IDE\Ssms.exe
C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
c:\Program Files (x86)\Common Files\Microsoft Shared\Help 8\dexplore.exe
C:\PROGRA~2\MI1933~1\OFFICE11\OUTLOOK.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\devenv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\DevServer\9.0\WebDev.WebServer.EXE
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\PDFCreator\PDFCreator.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~2\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [eFax 4.3] "C:\Program Files (x86)\eFax Messenger 4.3\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mstart.exe "/Trigger RunAtLogon"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Global Startup: eFax 4.3.lnk = C:\Program Files (x86)\eFax Messenger 4.3\J2GTray.exe
O4 - Global Startup: MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe
O4 - Global Startup: Snagit 9.lnk = C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.advancedmd.com
O15 - Trusted Zone: http://*.advancedmd.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://rs7.advancedmd.com/rs-curren...nents/smsx.cab
O16 - DPF: {5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} (PPMDForms.Forms) - https://c-app.advancedmd.com/practic.../ppmdforms.cab
O16 - DPF: {6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} (AMDSControls50.XGroupCategory) - https://c-app.advancedmd.com/practic...controls50.cab
O16 - DPF: {9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} (AMDSWSCheck.WSCheck) - https://c-app.advancedmd.com/practic...mdswscheck.cab
O16 - DPF: {B15C3921-CCFA-4403-9E6F-4470839E835E} (Leadtools.XLead) - https://c-app.advancedmd.com/practic.../leadtools.cab
O16 - DPF: {CC99A86F-EA5D-414A-8231-7C3F1B10A644} (AMDSAudio.XAudio) - https://c-app.advancedmd.com/practic.../amdsaudio.cab
O16 - DPF: {EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} (PPMDVBDownload.XShowReady) - https://c-app.advancedmd.com/practic...vbdownload.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) - https://juniper.net/dana-cached/sc/J...etupClient.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Xobni\Skype4Com.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XobniService - Xobni Corporation - C:\Program Files (x86)\Xobni\XobniService.exe

--
End of file - 12841 bytes

**katana** · 2009-08-28, 15:39

Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the HJT forum and wait for help.

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those few things, everything should go smoothly

Some of the logs I request will be quite large, You may need to split them over a couple of replies.

Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------

Please note:-
Your log shows signs that this is a 64 bit machine.
Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited.
I will do my best though

What problems are you having ?

OTScanIt

Please download OTS.exe by OldTimer and save it to your desktop.
Double click on OTS.exe to run it.
Put a checkmark in the Include 64Bit Scans box
Under Additional Scans section, put a check mark next to Reg - Uninstall List. ( you will need to scroll down)
Click on the Run Scan button at the top left hand corner.
OTS will start running. Once done, Notepad will open. Please post the contents of this Notepad file in your next reply.

**loribrewer** · 2009-08-29, 16:38

Thanks.

3 days ago, each night, my PC locks up. The first morning I found it, I had a "blue screen" (first time ever on this less than 12 mo old machine). Then next 2 mornings, I have this strange mangled graphic on the screen & the pc is locked up. I can't get it to respond & I have to hit the power button. I'm wondering if I picked up a virus or if my Mozy backups (scheduled each night) are messed up.

Thanks, Lori

OTS LOG (part 1 of 2):

[code]
OTS logfile created on: 8/29/2009 10:30:49 AM - Run 1
OTS by OldTimer - Version 3.0.10.3 Folder = C:\Users\lori\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581.11 Gb Total Space | 413.57 Gb Free Space | 71.17% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.81 Gb Free Space | 52.05% Space Free | Partition Type: NTFS
Drive E: | 4.38 Gb Total Space | 3.03 Gb Free Space | 69.13% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LORI-BIG-WORK
Current User Name: lori
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
datasafeonline.exe -> C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe -> [2009/07/07 10:23:00 | 01,779,952 | ---- | M] ()
docklogin.exe -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation)
excel.exe -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2009/07/30 07:26:38 | 00,908,280 | ---- | M] (Mozilla Corporation)
g2mcomm.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mcomm.exe -> [2009/05/27 15:20:35 | 00,031,552 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
g2mlauncher.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mlauncher.exe -> [2009/05/27 15:20:35 | 00,031,552 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
g2mstart.exe -> C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mstart.exe -> [2009/05/27 15:20:35 | 00,031,552 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
j2gdllcmd.exe -> C:\Program Files (x86)\eFax Messenger 4.3\J2GDllCmd.exe -> [2007/03/06 13:21:31 | 00,116,224 | ---- | M] (j2 Global Communications, Inc.)
j2gtray.exe -> C:\Program Files (x86)\eFax Messenger 4.3\J2GTray.exe -> [2007/03/06 13:24:42 | 00,629,248 | ---- | M] (j2 Global Communications, Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
logtransport2.exe -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe -> [2008/12/17 14:19:40 | 00,258,048 | R--- | M] (Adobe Systems Incorporated)
mcagent.exe -> c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe -> [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.)
mcmscsvc.exe -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
mcnasvc.exe -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
mcproxy.exe -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
mcsysmon.exe -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.)
mpfsrv.exe -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
msksrver.exe -> C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -> [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.)
ots.exe -> C:\Users\lori\Downloads\OTS.exe -> [2009/08/29 10:27:12 | 00,514,048 | ---- | M] (OldTimer Tools)
outlook.exe -> C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE -> [2008/04/23 15:09:50 | 00,199,688 | ---- | M] (Microsoft Corporation)
pdvddxsrv.exe -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe -> [2008/05/23 15:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.)
sdwinsec.exe -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
seaport.exe -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
snagit32.exe -> C:\Program Files (x86)\TechSmith\Snagit 9\Snagit32.exe -> [2009/01/22 09:17:58 | 07,225,672 | ---- | M] (TechSmith Corporation)
snagiteditor.exe -> C:\Program Files (x86)\TechSmith\Snagit 9\snagiteditor.exe -> [2009/01/22 09:17:58 | 08,822,600 | ---- | M] (TechSmith Corporation)
snagpriv.exe -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagPriv.exe -> [2009/01/22 09:18:02 | 00,089,928 | ---- | M] (TechSmith Corporation)
sqlbrowser.exe -> c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/07/10 02:49:34 | 00,258,072 | ---- | M] (Microsoft Corporation)
sqlservr.exe -> c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation)
tschelp.exe -> C:\Program Files (x86)\TechSmith\Snagit 9\TSCHelp.exe -> [2009/01/22 09:18:04 | 00,053,064 | ---- | M] (TechSmith Corporation)
winword.exe -> C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE -> [2009/04/21 22:34:24 | 12,314,456 | ---- | M] (Microsoft Corporation)
xobniservice.exe -> C:\Program Files (x86)\Xobni\XobniService.exe -> [2009/03/11 17:29:12 | 00,044,776 | ---- | M] (Xobni Corporation)

[Win32 Services - Safe List]
64bit-(AERTFilters) Andrea RT Filters Service [Win32_Own | Auto | Running] -> C:\Windows\SysNative\AERTSr64.exe -> [2008/07/18 08:42:16 | 00,086,016 | ---- | M] ()
64bit-(Ati External Event Utility) Ati External Event Utility [Win32_Own | Auto | Running] -> C:\Windows\SysNative\Ati2evxx.exe -> [2008/05/21 02:09:48 | 00,881,664 | ---- | M] ()
64bit-(BthServ) Bluetooth Support Service [Win32_Shared | Auto | Running] -> C:\Windows\SysNative\bthserv.dll -> [2006/11/02 07:16:35 | 00,051,200 | ---- | M] ()
64bit-(DockLoginService) Dock Login Service [Win32_Own | Auto | Running] -> C:\Program Files\Dell\DellDock\DockLogin.exe -> [2008/09/23 23:09:52 | 00,155,648 | ---- | M] (Stardock Corporation)
64bit-(McODS) McAfee Scanner [Win32_Own | On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/04/01 14:21:30 | 00,696,848 | ---- | M] (McAfee, Inc.)
64bit-(McShield) McAfee Real-time Scanner [Win32_Own | Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/03/25 10:59:30 | 00,153,920 | ---- | M] (McAfee, Inc.)
64bit-(mozybackup) MozyHome Backup Service [Win32_Own | Auto | Running] -> C:\Program Files\MozyHome\mozybackup.exe -> [2009/01/30 15:05:10 | 00,079,672 | ---- | M] (Mozy, Inc.)
64bit-(MsDtsServer100) SQL Server Integration Services 10.0 [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe -> [2008/07/10 04:40:50 | 00,214,040 | ---- | M] (Microsoft Corporation)
64bit-(MSSQLSERVER) SQL Server (MSSQLSERVER) [Win32_Own | Auto | Running] -> C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe -> [2008/07/10 08:31:06 | 57,820,696 | ---- | M] (Microsoft Corporation)
64bit-(MSSQLServerADHelper100) SQL Active Directory Helper Service [Win32_Own | Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -> [2008/07/10 08:31:00 | 00,061,976 | ---- | M] (Microsoft Corporation)
64bit-(msvsmon90) Visual Studio 2008 Remote Debugger [Win32_Own | Disabled | Stopped] -> C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -> [2008/07/29 13:20:28 | 04,737,024 | ---- | M] (Microsoft Corporation)
64bit-(ReportServer) SQL Server Reporting Services (MSSQLSERVER) [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe -> [2008/07/10 04:58:06 | 02,045,464 | ---- | M] (Microsoft Corporation)
64bit-(SQLSERVERAGENT) SQL Server Agent (MSSQLSERVER) [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE -> [2008/07/10 08:31:00 | 00,430,616 | ---- | M] (Microsoft Corporation)
64bit-(SQLWriter) SQL Server VSS Writer [Win32_Own | Auto | Running] -> c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -> [2008/07/10 05:31:10 | 00,157,720 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Stopped] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 22:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 14:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 21:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 21:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 05:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(LMIMaint) LogMeIn Maintenance Service [Win32_Own | Disabled | Stopped] -> C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe -> [2008/10/16 20:36:04 | 00,120,128 | ---- | M] (LogMeIn, Inc.)
(LogMeIn) LogMeIn [Win32_Own | Disabled | Stopped] -> C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -> [2008/07/24 18:46:08 | 00,057,920 | ---- | M] (LogMeIn, Inc.)
(mcmscsvc) McAfee Services [Win32_Own | Auto | Running] -> C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -> [2009/01/08 20:30:26 | 00,797,864 | ---- | M] (McAfee, Inc.)
(McNASvc) McAfee Network Agent [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -> [2009/01/09 11:31:16 | 02,482,848 | ---- | M] (McAfee, Inc.)
(McProxy) McAfee Proxy Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -> [2009/01/09 08:06:52 | 00,359,952 | ---- | M] (McAfee, Inc.)
(McSysmon) McAfee SystemGuards [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -> [2009/03/24 00:03:18 | 00,606,736 | ---- | M] (McAfee, Inc.)
(MpfService) McAfee Personal Firewall Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -> [2009/03/19 11:42:02 | 00,884,360 | ---- | M] (McAfee, Inc.)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 09:34:14 | 00,000,000 | ---D | M]
(MSK80Service) McAfee Anti-Spam Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -> [2009/01/09 09:22:10 | 00,026,640 | ---- | M] (McAfee, Inc.)
(MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -> [2008/11/24 22:31:10 | 29,263,712 | ---- | M] (Microsoft Corporation)
(MSSQLServerADHelper) SQL Server Active Directory Helper [Win32_Own | Disabled | Stopped] -> c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe -> [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation)
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 22:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(RapiMgr) Windows Mobile-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\rapimgr.dll -> [2007/05/31 10:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation)
(SBSDWSCService) SBSD Security Center Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -> [2009/01/26 15:31:10 | 01,153,368 | ---- | M] (Safer Networking Ltd.)
(SeaPort) SeaPort [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(SQLBrowser) SQL Server Browser [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -> [2008/07/10 02:49:34 | 00,258,072 | ---- | M] (Microsoft Corporation)
(stllssvr) stllssvr [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -> [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/02 02:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/02 02:35:15 | 00,055,846 | ---- | M] ()
(WcesComm) Windows Mobile-2003-based device connectivity [Win32_Shared | Auto | Running] -> C:\Windows\WindowsMobile\wcescomm.dll -> [2007/05/31 10:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation)
(XobniService) XobniService [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Xobni\XobniService.exe -> [2009/03/11 17:29:12 | 00,044,776 | ---- | M] (Xobni Corporation)

[Driver Services - Safe List]
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\atikmdag.sys -> [2008/05/21 02:10:02 | 04,308,992 | ---- | M] ()
64bit-(e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\e1e6032e.sys -> [2008/01/20 22:46:55 | 00,317,952 | ---- | M] ()
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2006/11/02 01:28:10 | 00,273,920 | ---- | M] ()
64bit-(iaStor) Intel AHCI Controller [Kernel | Disabled | Stopped] -> C:\Windows\SysNative\drivers\iastor.sys -> [2008/07/15 08:14:10 | 00,395,288 | ---- | M] ()
64bit-(lmimirr) lmimirr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\lmimirr.sys -> [2008/07/24 18:45:20 | 00,011,552 | ---- | M] ()
64bit-(LMIRfsClientNP) LMIRfsClientNP [File_System | Disabled | Stopped] -> C:\Windows\SysNative\LMIRfsClientNP.dll -> [2008/10/16 20:36:26 | 00,087,384 | ---- | M] ()
64bit-(LMIRfsDriver) LogMeIn Remote File System Driver [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\LMIRfsDriver.sys -> [2008/07/24 18:46:08 | 00,072,216 | ---- | M] ()
64bit-(mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfeavfk.sys -> [2009/03/25 11:06:22 | 00,102,600 | ---- | M] ()
64bit-(mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mfehidk.sys -> [2009/03/25 11:06:22 | 00,307,400 | ---- | M] ()
64bit-(mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mferkdk.sys -> [2009/03/25 10:59:38 | 00,040,904 | ---- | M] ()
64bit-(mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\mfesmfk.sys -> [2009/03/25 11:06:22 | 00,049,480 | ---- | M] ()
64bit-(mozyFilter) mozyFilter [File_System | System | Running] -> C:\Windows\SysNative\DRIVERS\mozy.sys -> [2009/06/24 15:03:28 | 00,066,040 | ---- | M] ()
64bit-(MPFP) MPFP [Kernel | System | Running] -> C:\Windows\SysNative\Drivers\Mpfp.sys -> [2008/10/23 13:08:54 | 00,176,144 | ---- | M] ()
64bit-(PxHlpa64) PxHlpa64 [Kernel | Boot | Running] -> C:\Windows\SysNative\Drivers\PxHlpa64.sys -> [2007/11/14 04:00:00 | 00,053,488 | ---- | M] ()
64bit-(R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\atikmdag.sys -> [2008/05/21 02:10:02 | 04,308,992 | ---- | M] ()
64bit-(RsFx0102) RsFx0102 Driver [File_System | Disabled | Stopped] -> C:\Windows\SysNative\DRIVERS\RsFx0102.sys -> [2008/07/10 05:25:42 | 00,314,904 | ---- | M] ()
64bit-(RTL8169) Realtek 8169 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\DRIVERS\Rtlh64.sys -> [2008/07/10 07:28:50 | 00,170,496 | ---- | M] ()
64bit-(RtNdPt60) Realtek NDIS Protocol Driver [Kernel | Auto | Running] -> C:\Windows\SysNative\DRIVERS\RtNdPt60.sys -> [2008/07/21 07:18:30 | 00,026,624 | ---- | M] ()
64bit-(usb_rndisx) USB RNDIS Adapter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\usb8023x.sys -> [2008/01/20 22:46:52 | 00,019,456 | ---- | M] ()
64bit-(WINUSB) WinUsb Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\WinUSB.SYS -> [2008/01/20 22:46:53 | 00,036,864 | ---- | M] ()
64bit-(WpdUsb) WpdUsb [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\DRIVERS\wpdusb.sys -> [2008/01/20 22:47:28 | 00,046,080 | ---- | M] ()
(LMIInfo) LogMeIn Kernel Information Provider [Kernel | Auto | Running] -> C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys -> [2008/07/24 18:46:10 | 00,015,928 | ---- | M] (LogMeIn, Inc.)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWow64\Wbem\mpsdrv.mof -> [2006/09/18 17:35:23 | 00,001,088 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWow64\Wbem\tcpip.mof -> [2006/09/18 17:36:40 | 00,003,066 | ---- | M] ()
(WINUSB) WinUsb Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysWow64\winusb.dll -> [2008/01/20 22:49:57 | 00,016,384 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://g.msn.com/USCON/1 ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Page_Transitions" -> 1 ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ig ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\lori\AppData\Roaming\Mozilla\FireFox\Profiles\kmmj17t3.default\prefs.js ->
extensions.enabledItems -> firebug@software.joehewitt.com:1.4.2 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 ->
extensions.enabledItems -> LogMeInClient@logmein.com:1.0.0.407 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.1 ->
extensions.enabledItems -> {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.30 ->
extensions.enabledItems -> {317B5128-0B0B-49b2-B2DB-1E7560E16C74}:2.5.8 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.2 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/08/26 07:01:37 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/08/26 06:58:34 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/08/26 06:58:33 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\lori\AppData\Roaming\mozilla\Extensions -> [2009/08/12 11:23:47 | 00,000,000 | ---D | M]
-> C:\Users\lori\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/08/12 11:23:47 | 00,000,000 | ---D | M]
-> C:\Users\lori\AppData\Roaming\mozilla\Firefox\Profiles\kmmj17t3.default\extensions -> [2009/08/28 06:42:01 | 00,102,115 | ---- | M] ()
-> C:\Users\lori\AppData\Roaming\mozilla\Firefox\Profiles\kmmj17t3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/08/28 06:42:01 | 00,102,115 | ---- | M] ()
-> C:\Users\lori\AppData\Roaming\mozilla\Firefox\Profiles\kmmj17t3.default\extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74} -> [2009/08/28 06:42:01 | 00,102,115 | ---- | M] ()
-> C:\Users\lori\AppData\Roaming\mozilla\Firefox\Profiles\kmmj17t3.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a} -> [2009/08/28 06:42:01 | 00,102,115 | ---- | M] ()
-> C:\Users\lori\AppData\Roaming\mozilla\Firefox\Profiles\kmmj17t3.default\extensions\firebug@software.joehewitt.com -> [2009/08/28 06:42:01 | 00,102,115 | ---- | M] ()
-> C:\Users\lori\AppData\Roaming\mozilla\Firefox\Profiles\kmmj17t3.default\extensions\LogMeInClient@logmein.com -> [2009/08/28 06:42:01 | 00,102,115 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} -> [2009/07/30 07:26:52 | 10,728,440 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/08/26 06:58:34 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/07/30 07:26:53 | 00,023,544 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/07/30 07:26:54 | 00,137,208 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/08/26 06:58:33 | 00,000,000 | ---D | M]
np-mswmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\np-mswmp.dll -> [2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation)
npdeploytk.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeploytk.dll -> [2009/05/21 11:33:58 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.)
npLegitCheckPlugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npLegitCheckPlugin.dll -> [2009/02/06 12:44:28 | 01,447,296 | ---- | M] (Microsoft Corporation)
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/07/30 07:26:55 | 00,065,016 | ---- | M] (mozilla.org)
NPOFFICE.DLL -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\NPOFFICE.DLL -> [2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation)
nppdf32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2009/02/27 12:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.)
npqtplugin.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin.dll -> [2009/07/12 09:16:42 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin2.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin2.dll -> [2009/07/12 09:16:42 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin3.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin3.dll -> [2009/07/12 09:16:42 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin4.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin4.dll -> [2009/07/12 09:16:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin5.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin5.dll -> [2009/07/12 09:16:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin6.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin6.dll -> [2009/07/12 09:16:43 | 00,143,360 | ---- | M] (Apple Inc.)
npqtplugin7.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npqtplugin7.dll -> [2009/07/12 09:16:43 | 00,143,360 | ---- | M] (Apple Inc.)
QuickTimePlugin.class -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\QuickTimePlugin.cla -> [2009/07/12 09:16:42 | 00,004,208 | ---- | M] ()
WMP Firefox Plugin License.rtf -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin License.rtf -> [2007/03/30 10:43:58 | 00,149,569 | ---- | M] ()
WMP Firefox Plugin RelNotes.txt -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\WMP Firefox Plugin RelNotes.txt -> [2007/03/30 10:43:58 | 00,003,352 | ---- | M] ()
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/08/26 06:58:34 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/07/30 03:24:20 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/07/30 03:24:20 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/07/30 03:24:20 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/07/30 03:24:20 | 00,002,344 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/07/30 03:24:20 | 00,002,371 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/07/30 03:24:20 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/07/30 03:24:20 | 00,000,792 | ---- | M] ()
< HOSTS File > (761 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
::1 localhost
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> C:\Program Files (x86)\TechSmith\Snagit 9\DLLx64\SnagitBHO64.dll [SnagIt Toolbar Loader] -> [2009/01/22 09:17:58 | 00,082,248 | ---- | M] (TechSmith Corporation)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho64.dll [McAfee Phishing Filter] -> [2009/01/09 09:22:10 | 00,337,424 | ---- | M] ()
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> c:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/03/25 10:59:38 | 00,060,224 | ---- | M] (McAfee, Inc.)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{00C6482D-C502-44C8-8409-FCE54AD9C208} [HKLM] -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitBHO.dll [SnagIt Toolbar Loader] -> [2009/01/22 09:17:58 | 00,068,936 | ---- | M] (TechSmith Corporation)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 12:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files (x86)\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/01/09 09:22:10 | 00,246,800 | ---- | M] ()
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 11:36:18 | 00,137,600 | ---- | M] (Microsoft Corporation)
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> c:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/03/25 11:05:56 | 00,062,784 | ---- | M] (McAfee, Inc.)
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/02/17 16:11:04 | 00,408,440 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/05/21 11:33:59 | 00,041,368 | ---- | M] (Sun Microsystems, Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2008/12/08 18:01:58 | 01,067,352 | ---- | M] (Microsoft Corporation)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2008/12/08 18:01:58 | 01,067,352 | ---- | M] (Microsoft Corporation)
"{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> C:\Program Files (x86)\TechSmith\Snagit 9\SnagitIEAddin.dll [Snagit] -> [2009/01/22 09:18:00 | 00,211,272 | ---- | M] (TechSmith Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2008/12/08 18:01:58 | 01,067,352 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"" -> [] -> File not found
"Dell DataSafe Online" -> C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ["C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m] -> [2009/07/07 10:23:00 | 01,779,952 | ---- | M] ()
"LogMeIn GUI" -> C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe ["C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"] -> [2008/07/24 18:46:08 | 00,057,928 | ---- | M] (LogMeIn, Inc.)
"RtHDVCpl" -> C:\Windows\RAVCpl64.exe [RAVCpl64.exe] -> [2008/07/18 08:42:18 | 06,431,232 | ---- | M] (Realtek Semiconductor)
"Skytel" -> [Skytel.exe] -> File not found
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 22:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
"Windows Mobile Device Center" -> C:\Windows\WindowsMobile\wmdc.exe [%windir%\WindowsMobile\wmdc.exe] -> [2007/05/31 10:11:56 | 00,660,360 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/02/27 17:10:28 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"Dell DataSafe Online" -> C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ["C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m] -> [2009/07/07 10:23:00 | 01,779,952 | ---- | M] ()
"eFax 4.3" -> C:\Program Files (x86)\eFax Messenger 4.3\J2GDllCmd.exe ["C:\Program Files (x86)\eFax Messenger 4.3\J2GDllCmd.exe" /R] -> [2007/03/06 13:21:31 | 00,116,224 | ---- | M] (j2 Global Communications, Inc.)
"mcagent_exe" -> C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe ["C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/01/08 20:30:26 | 00,645,328 | ---- | M] (McAfee, Inc.)
"PDVDDXSrv" -> C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe ["C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"] -> [2008/05/23 15:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.)
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/05/26 17:18:30 | 00,413,696 | ---- | M] (Apple Inc.)
"StartCCC" -> C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ["C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"] -> [2008/01/21 13:17:18 | 00,061,440 | ---- | M] (Advanced Micro Devices, Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/05/21 11:34:07 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2008/01/20 22:51:33 | 00,138,240 | ---- | M] (Microsoft Corporation)
"GoToMeeting" -> C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mstart.exe [C:\Program Files (x86)\Citrix\GoToMeeting\366\g2mstart.exe "/Trigger RunAtLogon"] -> [2009/05/27 15:20:35 | 00,031,552 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2008/01/20 22:47:57 | 01,555,968 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"ForceActiveDesktopOn" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MI1933~1\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE [res://C:\PROGRA~2\MI1933~1\OFFICE11\EXCEL.EXE/3000] -> [2009/04/21 22:43:04 | 10,351,936 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2008/12/02 23:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2008/12/02 23:27:36 | 00,187,224 | ---- | M] (Microsoft Corporation)
{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222] -> [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}:{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} [HKLM] -> C:\Windows\WindowsMobile\INetRepl.dll [Menu: @C:\Windows\WindowsMobile\INetRepl.dll,-223] -> [2007/05/31 09:21:16 | 00,176,520 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL [Button: Research] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search && Destroy Configuration] -> [2009/01/26 15:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 2 domain(s) found. ->
advancedmd.com .[*] -> Trusted sites ->
advancedmd.com .[http] -> Trusted sites ->
advancedmd.com .[https] -> Trusted sites ->
rhap-app-4-0_real.com [https] -> Trusted sites ->
rhapreg_real.com [https] -> Trusted sites ->
1 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1663ed61-23eb-11d2-b92f-008048fdd814} [HKLM] -> https://rs7.advancedmd.com/rs-current/components/smsx.cab [MeadCo ScriptX] ->
{5EF06782-55B2-4DF3-A57A-3FE8F1D2A181} [HKLM] -> https://c-app.advancedmd.com/practicemanager/ppmdcontrols/ppmdforms.cab [PPMDForms.Forms] ->
{6A6E7E91-B6EB-46B5-A545-12B8EDDD261E} [HKLM] -> https://c-app.advancedmd.com/practicemanager/ppmdcontrols/amdscontrols50.cab [AMDSControls50.XGroupCategory] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{9602B3CE-BC91-417D-B4FD-F6538C2ABB3B} [HKLM] -> https://c-app.advancedmd.com/practicemanager/ppmdcontrols/amdswscheck.cab [AMDSWSCheck.WSCheck] ->
{B15C3921-CCFA-4403-9E6F-4470839E835E} [HKLM] -> https://c-app.advancedmd.com/practicemanager/ppmdcontrols/leadtools.cab [Leadtools.XLead] ->
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab [Java Plug-in 1.6.0_14] ->
{CC99A86F-EA5D-414A-8231-7C3F1B10A644} [HKLM] -> https://c-app.advancedmd.com/practicemanager/ppmdcontrols/amdsaudio.cab [AMDSAudio.XAudio] ->
{EE8CEFA4-1F91-11D4-B31E-00C04F1D37E6} [HKLM] -> https://c-app.advancedmd.com/practicemanager/ppmdcontrols/ppmdvbdownload.cab [PPMDVBDownload.XShowReady] ->
{F27237D7-93C8-44C2-AC6E-D6057B9A918F} [HKLM] -> https://juniper.net/dana-cached/sc/JuniperSetupClient.cab [JuniperSetupClient Control] ->
{FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} [HKLM] -> https://secure.logmein.com/activex/ractrl.cab?lmi=100 [Performance Viewer Activex Control] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 68.105.28.12 68.105.29.12 68.105.28.11 ->

**loribrewer** · 2009-08-29, 16:39

< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{26D9A651-5F5E-4752-8A23-F72BA16173BE}\\DhcpNameServer -> 68.105.28.12 68.105.29.12 68.105.28.11 (Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.0)) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/03/04 15:33:31 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/03/04 15:33:31 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{00A3FE8D-95D5-41D7-9280-5C878E461F95} -> lport=5721 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{153E03E3-5879-4B37-ACD5-8DE74BA02960} -> lport=445 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system |
{2354E4C8-4BD3-4A13-AB38-5B3B3730CF98} -> rport=5679 | protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4015 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{25D3FF8E-8CDF-4E10-A78C-FBF7CF53AE18} -> lport=990 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4001 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{31C31CFA-D1D6-4D61-A623-7909C81C8846} -> lport=999 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4005 | app=%systemroot%\windowsmobile\wmdhost.exe |
{3E972CD2-0F0D-435B-8F1E-579A4961BD77} -> lport=5678 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4004 | app=%systemroot%\windowsmobile\wmdhost.exe |
{47A59FBF-B362-4B06-B2F0-601D51766BE2} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{55C4E29C-C5A4-4112-9A76-285C168943B0} -> rport=445 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system |
{7154B2AB-C57C-4C82-B3FE-4DF7481F0675} -> lport=rpc-epmap | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss |
{76E7CB2A-B6BF-4C87-A2B2-2C84CCC303C3} -> lport=137 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system |
{7E1A95ED-D908-4D36-BDD5-BBB3D1A28A99} -> lport=26675 | protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
{958D35D3-B764-45CE-A7F6-F5AD32594E8F} -> rport=139 | profile=public | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system |
{9C431687-D310-4A44-9450-0FFF4DF42218} -> lport=138 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system |
{A3AA6ED3-D401-41B6-A13E-D2FD79AF63CE} -> rport=138 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system |
{D9F0AFED-C449-4504-A302-27412D876DE1} -> rport=137 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system |
{DC3AC7E6-8E06-4FAA-B65F-82C89BE5A775} -> lport=139 | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system |
{E7E83404-DD9F-49DD-8EB3-13815B523F31} -> lport=rpc | profile=public | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{EC64F54F-0E73-414A-8CC2-3E547592D20A} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{027F47DA-2B46-480B-B26F-9045309DDB47} -> dir=in | action=allow | name=cyberlink powerdvd dx resident program | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
{1593A987-E797-4ECD-9BA3-7387054CEF40} -> profile=public | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 |
{2703FDEB-D131-422D-B8B5-84DB9AEE9F22} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{28FDCEBE-D112-44A9-B418-F63B98911765} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{2B1864EE-CAE0-40C4-B2FB-2066DD1032F8} -> profile=public | protocol=6 | dir=in | action=allow | name=dell video chat | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
{4071A4F5-E5B0-48D0-B34F-0AFCD5ACE39C} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{49596E95-1C05-4A8A-AA84-A55EC9C6596C} -> profile=public | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 |
{4E50BC23-F76F-42CD-9002-9B015F893BBD} -> dir=in | action=allow | name=cyberlink powerdvd dx | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
{5DE8DAAB-BE17-464E-862B-7A9192D036B2} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{69164DC7-2518-43B6-B39A-D9309A0A54F0} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{7AC85E1A-0AEC-41B2-9926-8E7B281C4B02} -> profile=domain | dir=in | action=allow | name=mcafee network agent | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
{83C4A299-0B5F-469B-B3F4-82924B08EA3C} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{8CDDF7CE-3493-4661-82BA-45A349BE3692} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{8D9BE987-E8E5-47D4-85F2-677D63895527} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{8E38DB8F-9F9F-4A78-94FA-B74A9FD28377} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{94F2C35F-3402-4E8E-8BAC-989A7E2078F9} -> protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{95C804F5-F1E2-4D70-81FB-280E01E5D17B} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{99459B2F-5A46-4499-A13E-63FCEBD67A72} -> protocol=6 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{A1DED520-8D36-4E86-B5FB-BBA86079598C} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{A59E68B9-02D2-422D-BC44-812B0B37C1E3} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{A6023015-A57B-4514-8E55-3716F4600349} -> profile=public | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 |
{BE07959A-14B3-446D-8D7B-C193A9630CF6} -> profile=public | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 |
{DB71369C-225D-4732-A7B9-E153A96FBE0D} -> protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{E1BF67DB-9D56-4453-AEDA-67118C4CCDCC} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=rapimgr |
{E78C5639-A447-4A88-AD79-95500B5598BA} -> protocol=17 | dir=out | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4016 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{F25E09E3-54DD-4AF5-8FF6-5C43D14CBC98} -> protocol=6 | dir=in | action=allow | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4002 | app=%systemroot%\system32\svchost.exe | svc=wcescomm |
{FCAF9DCE-21FC-4B1F-B880-E716643782A0} -> profile=public | protocol=17 | dir=in | action=allow | name=dell video chat | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 22:46:54 | 00,079,872 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->

[Registry - Additional Scans - Safe List]
< 64bit-Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0826F9E4-787E-481D-83E0-BC6A57B056D5} -> Microsoft SQL Server VSS Writer
{0C270C59-8706-42B8-A2AD-6E5EE18BC90B} -> Microsoft SQL Server 2008 Reporting Services
{0C6C4C8A-3B96-4681-90BA-0E15CDE96298} -> Microsoft SQL Server 2008 Management Studio
{0D3BCE9D-1759-41D0-8083-7B1380E7A87E} -> Microsoft SQL Server 2008 Upgrade Advisor
{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72} -> Microsoft SQL Server 2008 Management Studio
{2453DBC8-ACC4-4711-BD03-0C15353AA3D8} -> Microsoft SQL Server 2008 Reporting Services
{29C93182-34F6-3275-A18D-59326851CD57} -> Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3} -> Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF} -> Sql Server Customer Experience Improvement Program
{5340A3B5-3853-4745-BED2-DD9FF5371331} -> Microsoft SQL Server 2008 Common Files
{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E} -> Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B} -> Windows Mobile Device Center
{62EED300-E841-4083-A1D6-60B906271804} -> Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
{64D5BBC6-5270-3711-AA39-31C1087AF4E6} -> Microsoft Visual Studio 2008 Remote Debugger - ENU
{67C816AF-93F0-4C11-A355-AABC5FC00083} -> Microsoft SQL Server 2008 BI Development Studio
{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16} -> Microsoft SQL Server Native Client
{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8} -> Microsoft SQL Server 2008 Common Files
{910A147A-75D7-4ECD-A00D-727AAC0FD0E7} -> Microsoft SQL Server 2008 Client Tools
{92DBCA36-9B41-4DD1-941A-AED149DD37F0} -> Windows Mobile Device Center Driver Update
{95120000-00B9-0409-1000-0000000FF1CE} -> Microsoft Application Error Reporting
{9aa5f39c-a8de-46b0-919a-0248f8bc8490} -> Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
{9EE3BEDC-7DA6-AB3F-F4FF-612A7F4FD584} -> ccc-utility64
{A992BBAA-723D-4574-A07F-983BF8FAA3E1} -> Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
{AE479CE0-753F-49C0-B8E6-79A37403999F} -> Microsoft SQL Server 2008 BI Development Studio
{B702C53B-D809-4DD3-8C77-23EC0C948959} -> Microsoft SQL Server 2008 Integration Services
{BAACB61F-43E0-4E70-BDC9-F81CC3B22970} -> Microsoft SQL Server 2008 Client Tools
{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93} -> Microsoft SQL Server 2008 Native Client
{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF} -> Microsoft SQL Server 2008 Database Engine Shared
{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} -> Microsoft .NET Framework 3.5 SP1
{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45} -> Visual Studio .NET Prerequisites - English
{D6DA04F5-3D5C-42E2-A155-AD5030981244} -> MozyHome Remote Backup
{DF167CE3-60E7-44EA-99EC-2507C51F37AE} -> Microsoft SQL Server 2008 Database Engine Shared
{E35C24C7-231F-4AAB-8B22-A59F9A00BED3} -> Microsoft SQL Server 2008 RsFx Driver
{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91} -> Microsoft SQL Server 2008 Setup Support Files (English)
{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1} -> Microsoft Device Emulator (64 bit) version 3.0 - ENU
{F4264106-F90E-4076-98CF-1B878DB14513} -> SQL Server System CLR Types
{F5FEEB7E-F647-4D18-85BA-096750A15547} -> Microsoft SQL Server 2008 Integration Services
{F6CB42B9-F033-4152-8813-FF11DA8E6A78} -> Dell Dock
{FA7394B8-CE65-4F9E-AC99-F372AD365424} -> Microsoft SQL Server 2008 Database Engine Services
{FBD367D1-642F-47CF-B79B-9BE48FB34007} -> Microsoft SQL Server 2008 Database Engine Services
Microsoft .NET Framework 3.5 SP1 -> Microsoft .NET Framework 3.5 SP1
Microsoft SQL Server 10 -> Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 10 Release -> Microsoft SQL Server 2008 (64-bit)
Microsoft Visual Studio 2008 Remote Debugger - ENU -> Microsoft Visual Studio 2008 Remote Debugger - ENU
< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} -> PDFCreator
{00203668-8170-44A0-BE44-B632FA4D780F} -> Adobe AIR
{01C5A10F-AD9B-405B-853A-6659841A1242} -> Microsoft SQL Server 2008 Policies
{020D8396-D6D9-4B53-A9A1-83C47E2E27AA} -> Windows Live Call
{055EE59D-217B-43A7-ABFF-507B966405D8} -> ATI Catalyst Control Center
{056E7B58-F436-9614-6CD3-1DFDDD7DA470} -> CCC Help Turkish
{0626167B-F30A-79EB-9B21-80B83468961A} -> CCC Help Chinese Traditional
{08D6F386-D362-805B-05D2-79E4AB4F9CB9} -> CCC Help Korean
{08E81ABD-79F7-49C2-881F-FD6CB0975693} -> Roxio Creator Data
{09760D42-E223-42AD-8C3E-55B47D0DDAC3} -> Roxio Creator DE
{0AAA9C97-74D4-47CE-B089-0B147EF3553C} -> Windows Live Messenger
{0C19D563-5F25-4621-BF10-01F741BD283F} -> Microsoft SQL Server Compact 3.5 SP1 Design Tools English
{0DF3AE91-E533-3960-8516-B23737F8B7A2} -> Visual C++ 2008 x64 Runtime - (v9.0.30729)
{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01 -> Visual C++ 2008 x64 Runtime - v9.0.30729.01
{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1} -> Dell DataSafe Online
{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4} -> Roxio Creator Tools
{1FECF5F8-8E75-432C-9FF7-1C04F1956B54} -> Realtek Ethernet Network Card Diagnostic tool for Windows Vista
{205C6BDD-7B73-42DE-8505-9A093F35A238} -> Windows Live Upload Tool
{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} -> MSVCRT
{22E23C71-C27A-3F30-8849-BB6129E50679} -> Visual C++ 2008 IA64 Runtime - (v9.0.30729)
{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01 -> Visual C++ 2008 IA64 Runtime - v9.0.30729.01
{2390D4C3-8CC7-2074-ACB9-A22ED2E1D4E9} -> CCC Help Portuguese
{241F2BF7-69EB-42A4-9156-96B2426C7504} -> Microsoft SQL Server Compact 3.5 for Devices ENU
{26A24AE4-039D-4CA4-87B4-2F83216012FF} -> Java(TM) 6 Update 14
{2750B389-A2D2-4953-99CA-27C1F2A8E6FD} -> Microsoft SQL Server 2005 Tools Express Edition
{27C42F0C-9090-97F7-9338-B6BD6DC25BB1} -> CCC Help Japanese
{291B3A3B-F808-45B8-8113-DF232FCB6C82} -> Microsoft .NET Compact Framework 3.5
{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F} -> Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
{2B4C7E1E-E446-4740-ADB5-9842E742EE8A} -> Windows Live Toolbar
{2BE84E12-E062-F989-BA16-25D53F343033} -> Skins
{30465B6C-B53F-49A1-9EBA-A3F187AD502E} -> Roxio Update Manager
{31CAC150-58B2-F696-D9EB-2FC16C3A8FAA} -> Catalyst Control Center Localization Portuguese
{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490} -> SQL Server System CLR Types
{34475C54-DA68-DA37-E014-2ADD65AF627F} -> Catalyst Control Center Localization Hungarian
{3541D8B6-BE96-0E6B-8987-D1CE1FBF848A} -> CCC Help German
{388E4B09-3E71-4649-8921-F44A3A2954A7} -> Microsoft Visual Studio 2005 Tools for Office Runtime
{3A732171-7856-43BD-B828-39B9E2B3E195} -> Catalyst Control Center Localization Spanish
{3A762A82-618D-3CAA-B847-D074ABFA0B2E} -> MSDN Library for Visual Studio 2008 - ENU
{4207500E-1543-47F3-1695-6728E6520903} -> Catalyst Control Center Graphics Full Existing
{4453BCB7-5327-F8D1-C048-851310A389EF} -> Catalyst Control Center Localization Turkish
{4A2D8C96-7B4F-A66A-6773-23F7796F9BA2} -> CCC Help Spanish
{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A} -> Junk Mail filter update
{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7} -> Microsoft Search Enhancement Pack
{50B905E5-2466-4A3E-894E-CD5A25D54556} -> Microsoft SQL Server 2008 Books Online (August 2008)
{53F5C3EE-05ED-4830-994B-50B2F0D50FCE} -> Microsoft SQL Server Setup Support Files (English)
{57CF1BE4-1878-4E7E-8490-6D9A699B373C} -> PDFCreator
{5F4422B7-21C5-48AB-850D-3D0A8AFC6B39} -> Infragistics NetAdvantage for ASP.NET 2007 Vol. 3 CLR 2.0
{63C1109E-D977-49ED-BCE3-D00D0BF187D6} -> Windows Live Mail
{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB} -> Microsoft SQL Server Compact 3.5 SP1 Query Tools English
{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA} -> Roxio Express Labeler 3
{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D} -> Microsoft Document Explorer 2008
{6811CAA0-BF12-11D4-9EA1-0050BAE317E1} -> PowerDVD
{6956856F-B6B3-4BE0-BA0B-8F495BE32033} -> Apple Software Update
{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} -> Windows Media Player Firefox Plugin
{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2} -> Windows Live Writer
{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22} -> EDocs
{6C9F6D23-E9AD-43C9-B43A-011562AAF876} -> Windows Mobile 5.0 SDK R2 for Pocket PC
{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83} -> Roxio Creator Audio
{73E8E831-160A-6E74-1AAA-AB698E1986BC} -> CCC Help Hungarian
{76E29237-CCAB-CD1A-F8A1-6C3CFF002F26} -> Catalyst Control Center Graphics Previews Vista
{77DCDCE3-2DED-62F3-8154-05E745472D07} -> Acrobat.com
{7A33E298-5BEA-7C94-C512-1DF1C977537E} -> Catalyst Control Center Localization Italian
{7B33F480-496D-334A-BAC2-205DEC0CBC2D} -> Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148 -> Visual C++ 2008 x86 Runtime - v9.0.30729.4148
{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045} -> Dell Getting Started Guide
{7F831576-6246-42C7-B523-55B3F96509CC} -> LogMeIn
{853026E0-CD36-1790-7988-194CADDDFB25} -> ccc-core-static
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} -> Microsoft Silverlight
{8A74E887-8F0F-4017-AF53-CBA42211AAA5} -> Microsoft Sync Framework Runtime Native v1.0 (x86)
{8D8E6D0B-5A57-9ABD-AEA2-C0052401C5F6} -> Catalyst Control Center Localization Chinese Traditional
{8FB53850-246A-3507-8ADE-0060093FFEA6} -> Visual Studio Tools for the Office system 3.0 Runtime
{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} -> Choice Guard
{90120000-0021-0000-0000-0000000FF1CE} -> Microsoft Office Visual Web Developer 2007
{90120000-0021-0409-0000-0000000FF1CE} -> Microsoft Office Visual Web Developer MUI (English) 2007
{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4} -> Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
{90120000-006E-0409-0000-0000000FF1CE} -> Microsoft Office Shared MUI (English) 2007
{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{90120000-00A4-0409-0000-0000000FF1CE} -> Microsoft Office 2003 Web Components
{90120000-0115-0409-0000-0000000FF1CE} -> Microsoft Office Shared Setup Metadata MUI (English) 2007
{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E} -> Microsoft Office 2007 Service Pack 2 (SP2)
{91110409-6000-11D3-8CFE-0150048383C9} -> Microsoft Office Professional Edition 2003
{9422C8EA-B0C6-4197-B8FC-DC797658CA00} -> Windows Live Sign-in Assistant
{95E52415-B952-B013-A2AD-5163896D8B9C} -> Catalyst Control Center Graphics Full New
{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B} -> Windows Mobile 5.0 SDK R2 for Smartphone
{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E} -> Visual C++ 8.0 ATL (x86) WinSXS MSM
{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E} -> Visual C++ 8.0 CRT (x86) WinSXS MSM
{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD} -> Microsoft SQL Server Database Publishing Wizard 1.3
{A1E79477-B730-7E48-7EFF-0D1CB3202933} -> Catalyst Control Center Graphics Previews Common
{AA467959-A1D6-4F45-90CD-11DC57733F32} -> Crystal Reports Basic for Visual Studio 2008
{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB} -> Microsoft Visual Studio Tools for Applications 2.0 - ENU
{AC76BA86-7AD7-1033-7B44-A91000000001} -> Adobe Reader 9.1.2
{AC76BA86-7AD7-5464-3428-900000000004} -> Spelling Dictionaries Support For Adobe Reader 9
{B25E016C-44C2-856A-98A8-789D1E2B1C56} -> Catalyst Control Center Graphics Light
{B3076A28-345A-4d89-90A3-B68866C0DFB8} -> eFax Messenger 4.3
{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1 -> Spybot - Search & Destroy
{B463BAAF-A379-AAF1-8979-6ED69C25ED37} -> Catalyst Control Center Localization Japanese
{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD} -> Roxio Creator Copy
{B6CF1DB0-09E8-0A2E-A510-1F2F8BDE5ECF} -> CCC Help Italian
{B935C985-A17F-484B-8470-09E4FC27DC26} -> Dell-eBay
{BA0C9AAF-1327-3F06-B49C-349B4BE8F740} -> Microsoft Visual Studio 2008 Shell (integrated mode) - ENU
{BC60B681-C3A3-0363-DA09-FA9706ED9680} -> CCC Help Chinese Standard
{BD64AF4A-8C80-4152-AD77-FCDDF05208AB} -> Microsoft Sync Framework Services Native v1.0 (x86)
{BECDD3A4-FEEC-9804-4782-F31A8A842361} -> CCC Help English
{C022906C-A509-33D1-E42B-FF92F8E7BED4} -> Catalyst Control Center Core Implementation
{C688457E-03FD-4941-923B-A27F4D42A7DD} -> Microsoft SQL Server 2008 Browser
{C78EAC6F-7A73-452E-8134-DBB2165C5A68} -> QuickTime
{D035A6CA-E9DD-4B40-66F8-15842888E447} -> Catalyst Control Center Localization French
{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F} -> Microsoft Visual Studio 2008 Professional Edition - ENU
{D9D754A1-EAC5-406C-A28B-C49B1E846711} -> Windows Live Essentials
{E453921D-30B6-7692-179C-6F6112F18F81} -> Catalyst Control Center Localization Chinese Standard
{E56D39F8-2A9F-44B4-B068-A72E45A073E6} -> Safari
{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B} -> Microsoft SQL Server Compact 3.5 SP1 English
{EA853B19-A618-8D18-F4A4-6B96083DC3A3} -> Catalyst Control Center Localization Korean
{ED439A64-F018-4DD4-8BA5-328D85AB09AB} -> Roxio Creator DE
{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A} -> Microsoft .NET Compact Framework 2.0 SP2
{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} -> Microsoft SQL Server 2005 Compact Edition [ENU]
{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC} -> Realtek High Definition Audio Driver
{F20A984B-9B30-4A9E-A3AC-918AF0D85A48} -> Snagit 9.1.1
{F333A33D-125C-32A2-8DCE-5C5D14231E27} -> Visual C++ 2008 x86 Runtime - (v9.0.30729)
{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01 -> Visual C++ 2008 x86 Runtime - v9.0.30729.01
{F5E87B12-3C27-452F-8E78-21D42164FD83} -> Microsoft SQL Server 2008 Management Objects
{F69E83CF-B440-43F8-89E6-6EA80712109B} -> Windows Live Communications Platform
{F73A5B18-EB75-4B2C-B32D-9457576E2417} -> Windows Live Photo Gallery
{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF} -> Windows Live Sync
{FE46238E-2FB4-C9E1-323D-AD0DA64BED91} -> Catalyst Control Center Localization German
{FF29527A-44CD-3422-945E-981A13584000} -> VC Runtimes MSI
{FFC59020-35A5-4856-B0FB-23B95D6C2976} -> CCC Help French
Adobe AIR -> Adobe AIR
Adobe Flash Player ActiveX -> Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin -> Adobe Flash Player 10 Plugin
BC2_is1 -> Beyond Compare Version 2.4.3
com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> Acrobat.com
Dell Video Chat -> Dell Video Chat (remove only)
FileZilla Client -> FileZilla Client 3.2.6.1
HijackThis -> HijackThis 2.0.2
JuniperSetupClient Activex Control -> Juniper Networks Setup Client Activex Control
Microsoft Document Explorer 2008 -> Microsoft Document Explorer 2008
Microsoft SQL Server 2005 -> Microsoft SQL Server 2005
Microsoft Visual Studio 2005 Tools for Office Runtime -> Visual Studio 2005 Tools for Office Second Edition Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU -> Microsoft Visual Studio 2008 Professional Edition - ENU
Mozilla Firefox (3.5.2) -> Mozilla Firefox (3.5.2)
MSC -> McAfee SecurityCenter
MSDN Library for Visual Studio 2008 - ENU -> MSDN Library for Visual Studio 2008 - ENU
Rhapsody -> Rhapsody
ThumbsPlus7 -> ThumbsPlus version 7 SP2
Visual Studio Tools for the Office system 3.0 Runtime -> Visual Studio Tools for the Office system 3.0 Runtime
VisualWebDeveloper -> Microsoft Visual Studio Web Authoring Component
WinLiveSuite_Wave3 -> Windows Live Essentials
XobniMain -> Xobni
< Uninstall List [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ ->
GoToMeeting -> GoToMeeting 4.1.0.366
Juniper_Networks_Cache_Cleaner 6.1.0 -> Juniper Networks Cache Cleaner 6.1.0
Juniper_Term_Services -> Juniper Terminal Services Client
JuniperSetupClient -> Juniper Networks Setup Client

[Files/Folders - Created Within 30 Days]
Event Viewer.lnk -> C:\Users\lori\Desktop\Event Viewer.lnk -> [2009/08/28 10:20:50 | 00,001,714 | ---- | C] ()
tzres.dll -> C:\Windows\SysWow64\tzres.dll -> [2009/08/26 07:02:23 | 00,002,048 | ---- | C] (Microsoft Corporation)
tzres.dll -> C:\Windows\SysNative\tzres.dll -> [2009/08/26 07:02:23 | 00,002,048 | ---- | C] ()
lsasrv.dll -> C:\Windows\SysNative\lsasrv.dll -> [2009/08/26 07:00:34 | 01,692,160 | ---- | C] ()
kerberos.dll -> C:\Windows\SysNative\kerberos.dll -> [2009/08/26 07:00:34 | 00,656,384 | ---- | C] ()
msv1_0.dll -> C:\Windows\SysNative\msv1_0.dll -> [2009/08/26 07:00:34 | 00,268,800 | ---- | C] ()
ksecdd.sys -> C:\Windows\SysNative\drivers\ksecdd.sys -> [2009/08/26 07:00:33 | 00,515,656 | ---- | C] ()
kerberos.dll -> C:\Windows\SysWow64\kerberos.dll -> [2009/08/26 07:00:33 | 00,499,712 | ---- | C] (Microsoft Corporation)
schannel.dll -> C:\Windows\SysNative\schannel.dll -> [2009/08/26 07:00:33 | 00,338,944 | ---- | C] ()
schannel.dll -> C:\Windows\SysWow64\schannel.dll -> [2009/08/26 07:00:33 | 00,270,848 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\SysWow64\msv1_0.dll -> [2009/08/26 07:00:33 | 00,213,504 | ---- | C] (Microsoft Corporation)
wdigest.dll -> C:\Windows\SysNative\wdigest.dll -> [2009/08/26 07:00:33 | 00,205,312 | ---- | C] ()
wdigest.dll -> C:\Windows\SysWow64\wdigest.dll -> [2009/08/26 07:00:33 | 00,175,104 | ---- | C] (Microsoft Corporation)
secur32.dll -> C:\Windows\SysNative\secur32.dll -> [2009/08/26 07:00:32 | 00,094,720 | ---- | C] ()
secur32.dll -> C:\Windows\SysWow64\secur32.dll -> [2009/08/26 07:00:32 | 00,076,800 | ---- | C] (Microsoft Corporation)
lsass.exe -> C:\Windows\SysNative\lsass.exe -> [2009/08/26 07:00:32 | 00,011,264 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2009/08/26 06:58:35 | 00,001,780 | ---- | C] ()
ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2009/08/26 06:08:20 | 04,682,824 | ---- | C] ()
Apphlpdm.dll -> C:\Windows\SysNative\Apphlpdm.dll -> [2009/08/26 06:08:11 | 00,032,256 | ---- | C] ()
Apphlpdm.dll -> C:\Windows\SysWow64\Apphlpdm.dll -> [2009/08/26 06:08:10 | 00,028,672 | ---- | C] (Microsoft Corporation)
GameUXLegacyGDFs.dll -> C:\Windows\SysWow64\GameUXLegacyGDFs.dll -> [2009/08/26 06:08:09 | 04,240,384 | ---- | C] (Microsoft)
GameUXLegacyGDFs.dll -> C:\Windows\SysNative\GameUXLegacyGDFs.dll -> [2009/08/26 06:08:08 | 04,240,384 | ---- | C] ()
ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\lori\ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000002.regtrans-ms -> [2009/08/26 05:46:14 | 00,524,288 | -HS- | C] ()
ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\lori\ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000001.regtrans-ms -> [2009/08/26 05:46:14 | 00,524,288 | -HS- | C] ()
ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TM.blf -> C:\Users\lori\ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TM.blf -> [2009/08/26 05:46:13 | 00,065,536 | -HS- | C] ()
Minidump -> C:\Windows\Minidump -> [2009/08/26 05:45:43 | 00,000,000 | ---D | C]
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/08/26 05:45:20 | 39,561,6426 | ---- | C] ()
scoe -> C:\Users\lori\Desktop\scoe -> [2009/08/24 21:33:54 | 00,000,000 | ---D | C]
TEMP -> C:\TEMP -> [2009/08/22 09:31:54 | 00,000,000 | ---D | C]
Share -> C:\Users\lori\Desktop\Share -> [2009/08/21 17:59:57 | 00,000,000 | ---D | C]
keyfile3.drm -> C:\Users\lori\AppData\Local\keyfile3.drm -> [2009/08/18 13:59:00 | 00,004,096 | -H-- | C] ()
ase_installguide_winqig.pdf -> C:\Users\lori\Desktop\ase_installguide_winqig.pdf -> [2009/08/18 10:36:46 | 00,277,265 | ---- | C] ()
Microsoft Games -> C:\Users\lori\AppData\Local\Microsoft Games -> [2009/08/16 15:30:00 | 00,000,000 | ---D | C]
WebEx -> C:\ProgramData\WebEx -> [2009/08/12 11:23:47 | 00,000,000 | ---D | C]
eFax Messenger -> C:\Users\lori\AppData\Roaming\eFax Messenger -> [2009/08/12 10:46:44 | 00,000,000 | ---D | C]
eFax Messenger 4.3 Output -> C:\ProgramData\eFax Messenger 4.3 Output -> [2009/08/12 10:46:26 | 00,000,000 | ---D | C]
eFax 4.3.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.3.lnk -> [2009/08/12 10:46:25 | 00,001,849 | ---- | C] ()
eFax Compose Fax 4.3.lnk -> C:\Users\lori\Desktop\eFax Compose Fax 4.3.lnk -> [2009/08/12 10:46:25 | 00,000,920 | ---- | C] ()
eFax Messenger 4.3.lnk -> C:\Users\lori\Desktop\eFax Messenger 4.3.lnk -> [2009/08/12 10:46:25 | 00,000,913 | ---- | C] ()
eFax Messenger 4.3 Setup -> C:\ProgramData\eFax Messenger 4.3 Setup -> [2009/08/12 10:46:25 | 00,000,000 | ---D | C]
eFax Messenger 4.3 -> C:\Users\lori\Documents\eFax Messenger 4.3 -> [2009/08/12 10:46:25 | 00,000,000 | ---D | C]
eFax Messenger 4.3 -> C:\Program Files (x86)\eFax Messenger 4.3 -> [2009/08/12 10:46:23 | 00,000,000 | ---D | C]
Carter.connection.doc -> C:\Users\lori\Desktop\Carter.connection.doc -> [2009/08/12 10:40:42 | 00,025,088 | ---- | C] ()
mstscax.dll -> C:\Windows\SysNative\mstscax.dll -> [2009/08/12 04:30:41 | 02,423,296 | ---- | C] ()
mstscax.dll -> C:\Windows\SysWow64\mstscax.dll -> [2009/08/12 04:30:41 | 02,066,432 | ---- | C] (Microsoft Corporation)
atl.dll -> C:\Windows\SysNative\atl.dll -> [2009/08/12 04:30:36 | 00,088,576 | ---- | C] ()
atl.dll -> C:\Windows\SysWow64\atl.dll -> [2009/08/12 04:30:36 | 00,071,680 | ---- | C] (Microsoft Corporation)
wkssvc.dll -> C:\Windows\SysNative\wkssvc.dll -> [2009/08/12 04:30:34 | 00,202,752 | ---- | C] ()
avifil32.dll -> C:\Windows\SysNative\avifil32.dll -> [2009/08/12 04:30:32 | 00,108,544 | ---- | C] ()
mciavi32.dll -> C:\Windows\SysNative\mciavi32.dll -> [2009/08/12 04:30:32 | 00,093,184 | ---- | C] ()
avicap32.dll -> C:\Windows\SysNative\avicap32.dll -> [2009/08/12 04:30:32 | 00,076,800 | ---- | C] ()
avifil32.dll -> C:\Windows\SysWow64\avifil32.dll -> [2009/08/12 04:30:31 | 00,091,136 | ---- | C] (Microsoft Corporation)
wmp.dll -> C:\Windows\SysNative\wmp.dll -> [2009/08/12 04:30:27 | 13,426,176 | ---- | C] ()
wmp.dll -> C:\Windows\SysWow64\wmp.dll -> [2009/08/12 04:30:24 | 10,624,000 | ---- | C] (Microsoft Corporation)
wmpdxm.dll -> C:\Windows\SysNative\wmpdxm.dll -> [2009/08/12 04:30:24 | 00,368,128 | ---- | C] ()
wmpdxm.dll -> C:\Windows\SysWow64\wmpdxm.dll -> [2009/08/12 04:30:24 | 00,313,344 | ---- | C] (Microsoft Corporation)
spwmp.dll -> C:\Windows\SysNative\spwmp.dll -> [2009/08/12 04:30:23 | 00,009,216 | ---- | C] ()
spwmp.dll -> C:\Windows\SysWow64\spwmp.dll -> [2009/08/12 04:30:23 | 00,007,680 | ---- | C] (Microsoft Corporation)
msdxm.ocx -> C:\Windows\SysNative\msdxm.ocx -> [2009/08/12 04:30:21 | 00,005,120 | ---- | C] ()
dxmasf.dll -> C:\Windows\SysNative\dxmasf.dll -> [2009/08/12 04:30:21 | 00,005,120 | ---- | C] ()
msdxm.ocx -> C:\Windows\SysWow64\msdxm.ocx -> [2009/08/12 04:30:21 | 00,004,096 | ---- | C] (Microsoft Corporation)
dxmasf.dll -> C:\Windows\SysWow64\dxmasf.dll -> [2009/08/12 04:30:21 | 00,004,096 | ---- | C] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\SysNative\wmploc.DLL -> [2009/08/12 04:30:20 | 08,147,968 | ---- | C] ()
wmploc.DLL -> C:\Windows\SysWow64\wmploc.DLL -> [2009/08/12 04:30:20 | 08,147,456 | ---- | C] (Microsoft Corporation)
msdxm.tlb -> C:\Windows\SysWow64\msdxm.tlb -> [2009/08/12 04:30:20 | 00,043,520 | ---- | C] (Microsoft Corporation)
msdxm.tlb -> C:\Windows\SysNative\msdxm.tlb -> [2009/08/12 04:30:20 | 00,043,520 | ---- | C] ()
amcompat.tlb -> C:\Windows\SysWow64\amcompat.tlb -> [2009/08/12 04:30:20 | 00,018,432 | ---- | C] (Microsoft Corporation)
amcompat.tlb -> C:\Windows\SysNative\amcompat.tlb -> [2009/08/12 04:30:20 | 00,018,432 | ---- | C] ()
odors-removers_godaddy-refund.pdf -> C:\Users\lori\Desktop\odors-removers_godaddy-refund.pdf -> [2009/08/11 23:25:45 | 00,079,613 | ---- | C] ()
Juniper Networks -> C:\Users\lori\AppData\Roaming\Juniper Networks -> [2009/08/04 16:49:17 | 00,000,000 | ---D | C]
mozy.sys -> C:\Windows\SysNative\drivers\mozy.sys -> [2009/08/02 13:39:30 | 00,066,040 | ---- | C] ()
ODBC.INI -> C:\Windows\ODBC.INI -> [2009/03/08 08:56:47 | 00,000,520 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009/03/08 08:55:33 | 00,882,902 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 22:50:05 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 22:49:49 | 00,368,640 | ---- | C] ()
ractrlkeyhook.dll -> C:\Windows\SysWow64\ractrlkeyhook.dll -> [2007/08/06 11:07:30 | 00,008,784 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 08:34:27 | 00,000,240 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 08:34:27 | 00,000,219 | ---- | C] ()
OUTLPERF.INI -> C:\Windows\SysWow64\OUTLPERF.INI -> [2003/01/07 15:05:08 | 00,002,695 | ---- | C] ()
pdfcmnnt.dll -> C:\Windows\SysWow64\pdfcmnnt.dll -> [2001/10/28 16:42:30 | 00,116,224 | ---- | C] ()

[Files/Folders - Modified Within 30 Days]
7 C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\*.tmp files -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\*.tmp ->
64 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp ->
ntuser.dat -> C:\Users\lori\ntuser.dat -> [2009/08/29 10:31:42 | 03,670,016 | -HS- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\lori\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/08/29 10:29:58 | 00,006,144 | ---- | M] ()
Config.MPF -> C:\Windows\SysNative\Config.MPF -> [2009/08/29 09:48:38 | 00,023,617 | ---- | M] ()
RtlNICDiagVistaStart.job -> C:\Windows\tasks\RtlNICDiagVistaStart.job -> [2009/08/29 09:47:53 | 00,000,288 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/08/29 09:47:40 | 00,003,744 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/08/29 09:47:40 | 00,003,744 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/08/29 09:47:38 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/08/29 09:47:37 | 00,067,584 | --S- | M] ()

**loribrewer** · 2009-08-29, 16:40

hiberfil.sys -> C:\hiberfil.sys -> [2009/08/29 09:47:35 | 42,941,07135 | -HS- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/08/29 09:11:33 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/08/29 09:11:33 | 04,194,304 | ---- | M] ()
index.dat -> C:\Windows\Temp\Temporary Internet Files\Content.IE5\index.dat -> [2009/08/29 09:04:10 | 00,049,152 | -HS- | M] ()
index.dat -> C:\Windows\Temp\History\History.IE5\index.dat -> [2009/08/29 09:04:10 | 00,032,768 | -HS- | M] ()
index.dat -> C:\Windows\Temp\Cookies\index.dat -> [2009/08/29 09:04:10 | 00,016,384 | -HS- | M] ()
ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\lori\ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000001.regtrans-ms -> [2009/08/29 08:51:56 | 00,524,288 | -HS- | M] ()
ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TM.blf -> C:\Users\lori\ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TM.blf -> [2009/08/29 08:51:56 | 00,065,536 | -HS- | M] ()
mozy.blk -> C:\Windows\mozy.blk -> [2009/08/29 04:02:43 | 00,002,556 | ---- | M] ()
mozy.flt -> C:\Windows\mozy.flt -> [2009/08/29 04:02:43 | 00,000,918 | ---- | M] ()
User_Feed_Synchronization-{04249596-9CFD-486B-9FF0-BA483FF11B57}.job -> C:\Windows\tasks\User_Feed_Synchronization-{04249596-9CFD-486B-9FF0-BA483FF11B57}.job -> [2009/08/29 03:27:10 | 00,000,416 | -H-- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/08/29 00:21:59 | 00,139,444 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/08/29 00:21:59 | 00,006,072 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/08/29 00:21:59 | 00,004,200 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/08/29 00:21:59 | 00,002,208 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/08/29 00:21:59 | 00,000,000 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/08/29 00:21:59 | 00,000,000 | ---- | M] ()
Default.rdp -> C:\Users\lori\Documents\Default.rdp -> [2009/08/28 11:41:00 | 00,001,782 | -H-- | M] ()
Event Viewer.lnk -> C:\Users\lori\Desktop\Event Viewer.lnk -> [2009/08/28 10:20:50 | 00,001,714 | ---- | M] ()
App_Web_aixwsu_8.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Web_aixwsu_8.dll -> [2009/08/27 22:31:36 | 00,106,496 | ---- | M] ()
report_patientreferrals.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_patientreferrals.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,743 | ---- | M] ()
report_patientclearances.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_patientclearances.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,740 | ---- | M] ()
report_appttracking.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_appttracking.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,711 | ---- | M] ()
report_psccollections.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_psccollections.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,572 | ---- | M] ()
report_apptearlycalls.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_apptearlycalls.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,572 | ---- | M] ()
report_procfuturemonth.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_procfuturemonth.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,567 | ---- | M] ()
report_procinputmonth.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_procinputmonth.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,564 | ---- | M] ()
report_auditpdchanges.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_auditpdchanges.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,564 | ---- | M] ()
report_procloadmonth.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_procloadmonth.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,560 | ---- | M] ()
report_procloadweek.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_procloadweek.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,556 | ---- | M] ()
report_patientlimbo.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_patientlimbo.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,556 | ---- | M] ()
report_apptearlyreq.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_apptearlyreq.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,556 | ---- | M] ()
report_patientnopd.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_patientnopd.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,552 | ---- | M] ()
report_patient4wks.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_patient4wks.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,552 | ---- | M] ()
report_noshows.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\report_noshows.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,536 | ---- | M] ()
reports.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\reports.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,508 | ---- | M] ()
printgridview.aspx.dfa151d5.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\printgridview.aspx.dfa151d5.compiled -> [2009/08/27 22:31:36 | 00,000,413 | ---- | M] ()
Theme_ThemeVein.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\Theme_ThemeVein.compiled -> [2009/08/27 22:31:36 | 00,000,404 | ---- | M] ()
App_Web_kj-eak_l.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Web_kj-eak_l.dll -> [2009/08/27 22:31:35 | 00,040,960 | ---- | M] ()
App_Web_an41efm4.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Web_an41efm4.dll -> [2009/08/27 22:31:35 | 00,036,864 | ---- | M] ()
App_Web_c8s6ff2g.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Web_c8s6ff2g.dll -> [2009/08/27 22:31:35 | 00,012,800 | ---- | M] ()
patientclearances.aspx.a6bf9b5b.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientclearances.aspx.a6bf9b5b.compiled -> [2009/08/27 22:31:35 | 00,001,027 | ---- | M] ()
patientreferral.aspx.a6bf9b5b.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientreferral.aspx.a6bf9b5b.compiled -> [2009/08/27 22:31:35 | 00,001,019 | ---- | M] ()
patientcontact.aspx.a6bf9b5b.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientcontact.aspx.a6bf9b5b.compiled -> [2009/08/27 22:31:35 | 00,000,539 | ---- | M] ()
patientnotes.aspx.a6bf9b5b.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientnotes.aspx.a6bf9b5b.compiled -> [2009/08/27 22:31:35 | 00,000,531 | ---- | M] ()
patientedit.aspx.a6bf9b5b.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientedit.aspx.a6bf9b5b.compiled -> [2009/08/27 22:31:35 | 00,000,527 | ---- | M] ()
patientnew.aspx.a6bf9b5b.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientnew.aspx.a6bf9b5b.compiled -> [2009/08/27 22:31:35 | 00,000,523 | ---- | M] ()
patient.aspx.a6bf9b5b.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patient.aspx.a6bf9b5b.compiled -> [2009/08/27 22:31:35 | 00,000,511 | ---- | M] ()
drfacilitydropdowncontrol.ascx.cc671b29.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\drfacilitydropdowncontrol.ascx.cc671b29.compiled -> [2009/08/27 22:31:35 | 00,000,473 | ---- | M] ()
calendarselectcontrol.ascx.cc671b29.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\calendarselectcontrol.ascx.cc671b29.compiled -> [2009/08/27 22:31:35 | 00,000,456 | ---- | M] ()
piddropdowncontrol.ascx.cc671b29.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\piddropdowncontrol.ascx.cc671b29.compiled -> [2009/08/27 22:31:35 | 00,000,445 | ---- | M] ()
loginpwdreset.aspx.b00858bf.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\loginpwdreset.aspx.b00858bf.compiled -> [2009/08/27 22:31:35 | 00,000,413 | ---- | M] ()
loginreset.aspx.b00858bf.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\loginreset.aspx.b00858bf.compiled -> [2009/08/27 22:31:35 | 00,000,401 | ---- | M] ()
login.aspx.b00858bf.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\login.aspx.b00858bf.compiled -> [2009/08/27 22:31:35 | 00,000,381 | ---- | M] ()
App_Web_hqsmbyx2.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Web_hqsmbyx2.dll -> [2009/08/27 22:31:34 | 00,045,056 | ---- | M] ()
patientrecordeditprot.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientrecordeditprot.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,540 | ---- | M] ()
patientrecordnewprot.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientrecordnewprot.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,536 | ---- | M] ()
patientrecordselect.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientrecordselect.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,532 | ---- | M] ()
office_default.aspx.fdf7a39c.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\office_default.aspx.fdf7a39c.compiled -> [2009/08/27 22:31:34 | 00,000,530 | ---- | M] ()
emp_emailchg.aspx.fdf7a39c.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\emp_emailchg.aspx.fdf7a39c.compiled -> [2009/08/27 22:31:34 | 00,000,528 | ---- | M] ()
patientrecordview.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientrecordview.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,524 | ---- | M] ()
patientrecordedit.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientrecordedit.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,524 | ---- | M] ()
emp_default.aspx.fdf7a39c.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\emp_default.aspx.fdf7a39c.compiled -> [2009/08/27 22:31:34 | 00,000,524 | ---- | M] ()
calendardaydetail.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\calendardaydetail.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,524 | ---- | M] ()
appointtypes.aspx.fdf7a39c.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\appointtypes.aspx.fdf7a39c.compiled -> [2009/08/27 22:31:34 | 00,000,522 | ---- | M] ()
patientrecordnew.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\patientrecordnew.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,520 | ---- | M] ()
ins_default.aspx.fdf7a39c.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\ins_default.aspx.fdf7a39c.compiled -> [2009/08/27 22:31:34 | 00,000,518 | ---- | M] ()
adminaccess.aspx.fdf7a39c.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\adminaccess.aspx.fdf7a39c.compiled -> [2009/08/27 22:31:34 | 00,000,518 | ---- | M] ()
emp_record.aspx.fdf7a39c.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\emp_record.aspx.fdf7a39c.compiled -> [2009/08/27 22:31:34 | 00,000,514 | ---- | M] ()
calendarlinear.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\calendarlinear.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,510 | ---- | M] ()
reminders.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\reminders.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,492 | ---- | M] ()
noaccess.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\noaccess.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,488 | ---- | M] ()
calendar.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\calendar.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,488 | ---- | M] ()
default.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\default.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,485 | ---- | M] ()
pd_edit.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\pd_edit.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,484 | ---- | M] ()
errorpg.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\errorpg.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,484 | ---- | M] ()
color.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\color.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,476 | ---- | M] ()
pd2.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\pd2.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,468 | ---- | M] ()
pd1.aspx.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\pd1.aspx.cdcab7d2.compiled -> [2009/08/27 22:31:34 | 00,000,468 | ---- | M] ()
App_Web_w26fasow.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Web_w26fasow.dll -> [2009/08/27 22:31:33 | 00,081,920 | ---- | M] ()
App_Web_fy0tyobh.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Web_fy0tyobh.dll -> [2009/08/27 22:31:33 | 00,009,216 | ---- | M] ()
masterpage.master.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\masterpage.master.cdcab7d2.compiled -> [2009/08/27 22:31:33 | 00,000,383 | ---- | M] ()
skmControls2.DLL -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\assembly\dl3\cab9cbd5\00605093_c486c901_0\skmControls2.DLL -> [2009/08/27 22:31:32 | 00,057,344 | ---- | M] (Scott Mitchell)
App_Code.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Code.dll -> [2009/08/27 22:31:32 | 00,007,168 | ---- | M] ()
App_global.asax.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_global.asax.dll -> [2009/08/27 22:31:32 | 00,006,656 | ---- | M] ()
App_global.asax.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_global.asax.compiled -> [2009/08/27 22:31:32 | 00,000,313 | ---- | M] ()
App_Code.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\App_Code.compiled -> [2009/08/27 22:31:32 | 00,000,169 | ---- | M] ()
skcontrols.DLL -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\assembly\dl3\df9fbb4c\70fed94d_bf95c901_0\skcontrols.DLL -> [2009/08/27 22:31:31 | 00,009,728 | ---- | M] (Visa)
App_Licenses.DLL -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\16743836\3f18d7d\assembly\dl3\ee40c4b1\8ed4addf_00f9c901_0\App_Licenses.DLL -> [2009/08/27 22:31:31 | 00,004,096 | ---- | M] ()
patientnew.aspx.a6bf9b5b_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\patientnew.aspx.a6bf9b5b_CBMResult.compiled -> [2009/08/27 22:29:43 | 00,000,542 | ---- | M] ()
patientrecordnewprot.aspx.cdcab7d2_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\patientrecordnewprot.aspx.cdcab7d2_CBMResult.compiled -> [2009/08/27 22:29:40 | 00,000,548 | ---- | M] ()
calendarselectcontrol.ascx.cc671b29_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\calendarselectcontrol.ascx.cc671b29_CBMResult.compiled -> [2009/08/27 22:29:05 | 00,000,467 | ---- | M] ()
patientrecordedit.aspx.cdcab7d2_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\patientrecordedit.aspx.cdcab7d2_CBMResult.compiled -> [2009/08/27 22:25:14 | 00,000,536 | ---- | M] ()
patientrecordeditprot.aspx.cdcab7d2_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\patientrecordeditprot.aspx.cdcab7d2_CBMResult.compiled -> [2009/08/27 22:25:12 | 00,000,552 | ---- | M] ()
patientrecordnew.aspx.cdcab7d2_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\patientrecordnew.aspx.cdcab7d2_CBMResult.compiled -> [2009/08/27 22:21:45 | 00,000,532 | ---- | M] ()
App_Web_piddropdowncontrol.ascx.cc671b29.974xfqs_.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_Web_piddropdowncontrol.ascx.cc671b29.974xfqs_.dll -> [2009/08/27 22:20:56 | 00,013,824 | ---- | M] ()
app_web_piddropdowncontrol.ascx.cc671b29.974xfqs_.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\_shadow\d932b166\752931447\30025606\app_web_piddropdowncontrol.ascx.cc671b29.974xfqs_.dll -> [2009/08/27 22:20:56 | 00,013,824 | ---- | M] ()
App_Web_drfacilitydropdowncontrol.ascx.cc671b29.1s2t95g3.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_Web_drfacilitydropdowncontrol.ascx.cc671b29.1s2t95g3.dll -> [2009/08/27 22:20:56 | 00,012,800 | ---- | M] ()
app_web_drfacilitydropdowncontrol.ascx.cc671b29.1s2t95g3.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\_shadow\d932b166\755531447\30025606\app_web_drfacilitydropdowncontrol.ascx.cc671b29.1s2t95g3.dll -> [2009/08/27 22:20:56 | 00,012,800 | ---- | M] ()
App_Web_calendarselectcontrol.ascx.cc671b29.fztesscy.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_Web_calendarselectcontrol.ascx.cc671b29.fztesscy.dll -> [2009/08/27 22:20:56 | 00,012,800 | ---- | M] ()
app_web_calendarselectcontrol.ascx.cc671b29.fztesscy.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\_shadow\d932b166\749751447\30025606\app_web_calendarselectcontrol.ascx.cc671b29.fztesscy.dll -> [2009/08/27 22:20:56 | 00,012,800 | ---- | M] ()
dph8gyfi.cmdline -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\dph8gyfi.cmdline -> [2009/08/27 22:20:56 | 00,004,347 | ---- | M] ()
28vtob37.cmdline -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\28vtob37.cmdline -> [2009/08/27 22:20:56 | 00,004,331 | ---- | M] ()
tejazejr.cmdline -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\tejazejr.cmdline -> [2009/08/27 22:20:56 | 00,004,319 | ---- | M] ()
patientreferral.aspx.a6bf9b5b_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\patientreferral.aspx.a6bf9b5b_CBMResult.compiled -> [2009/08/27 22:20:56 | 00,001,022 | ---- | M] ()
drfacilitydropdowncontrol.ascx.cc671b29.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\drfacilitydropdowncontrol.ascx.cc671b29.compiled -> [2009/08/27 22:20:56 | 00,000,522 | ---- | M] ()
calendarselectcontrol.ascx.cc671b29.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\calendarselectcontrol.ascx.cc671b29.compiled -> [2009/08/27 22:20:56 | 00,000,501 | ---- | M] ()
piddropdowncontrol.ascx.cc671b29.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\piddropdowncontrol.ascx.cc671b29.compiled -> [2009/08/27 22:20:56 | 00,000,487 | ---- | M] ()
App_Web_masterpage.master.cdcab7d2.lb6uho7o.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_Web_masterpage.master.cdcab7d2.lb6uho7o.dll -> [2009/08/27 22:20:55 | 00,018,944 | ---- | M] ()
app_web_masterpage.master.cdcab7d2.lb6uho7o.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\_shadow\d932b166\738081447\30025606\app_web_masterpage.master.cdcab7d2.lb6uho7o.dll -> [2009/08/27 22:20:55 | 00,018,944 | ---- | M] ()
patientrecordview.aspx.cdcab7d2_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\patientrecordview.aspx.cdcab7d2_CBMResult.compiled -> [2009/08/27 22:20:55 | 00,000,543 | ---- | M] ()
pd_edit.aspx.cdcab7d2_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\pd_edit.aspx.cdcab7d2_CBMResult.compiled -> [2009/08/27 22:20:55 | 00,000,496 | ---- | M] ()
masterpage.master.cdcab7d2.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\masterpage.master.cdcab7d2.compiled -> [2009/08/27 22:20:55 | 00,000,421 | ---- | M] ()
xujpv5mr.cmdline -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\xujpv5mr.cmdline -> [2009/08/27 22:20:54 | 00,004,295 | ---- | M] ()
App_global.asax.kznxj4uy.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_global.asax.kznxj4uy.dll -> [2009/08/27 22:20:53 | 00,008,192 | ---- | M] ()
app_global.asax.kznxj4uy.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\_shadow\d932b166\720391447\30025606\app_global.asax.kznxj4uy.dll -> [2009/08/27 22:20:53 | 00,008,192 | ---- | M] ()
witp6p1h.cmdline -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\witp6p1h.cmdline -> [2009/08/27 22:20:53 | 00,003,981 | ---- | M] ()
drfacilitydropdowncontrol.ascx.cc671b29_CBMResult.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\drfacilitydropdowncontrol.ascx.cc671b29_CBMResult.compiled -> [2009/08/27 22:20:53 | 00,000,483 | ---- | M] ()
App_global.asax.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_global.asax.compiled -> [2009/08/27 22:20:53 | 00,000,322 | ---- | M] ()
App_Code.compiled -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_Code.compiled -> [2009/08/27 22:20:53 | 00,000,178 | ---- | M] ()
App_Code.6tbrv2ys.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\App_Code.6tbrv2ys.dll -> [2009/08/27 22:20:52 | 00,008,704 | ---- | M] ()
app_code.6tbrv2ys.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\_shadow\d932b166\717121447\30025606\app_code.6tbrv2ys.dll -> [2009/08/27 22:20:52 | 00,008,704 | ---- | M] ()
xmmqvufy.cmdline -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\xmmqvufy.cmdline -> [2009/08/27 22:20:52 | 00,003,958 | ---- | M] ()
skmControls2.DLL -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\assembly\dl3\9141e31f\00605093_c486c901_0\skmControls2.DLL -> [2009/08/27 22:20:51 | 00,057,344 | ---- | M] (Scott Mitchell)
skcontrols.DLL -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\assembly\dl3\f631b4e6\70fed94d_bf95c901_0\skcontrols.DLL -> [2009/08/27 22:20:51 | 00,009,728 | ---- | M] (Visa)
App_Licenses.DLL -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\assembly\dl3\9f1b3a54\8ed4addf_00f9c901_0\App_Licenses.DLL -> [2009/08/27 22:20:51 | 00,004,096 | ---- | M] ()
App_Web_foh4gwh_.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\biofogodorremovers\13e131ea\ac564e29\App_Web_foh4gwh_.dll -> [2009/08/26 12:00:53 | 00,029,696 | ---- | M] ()
App_Web_l8qinqql.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\biofogodorremovers\d58f73cc\5e67487e\App_Web_l8qinqql.dll -> [2009/08/26 12:00:48 | 00,029,696 | ---- | M] ()
App_Web_mgll3sl4.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\biofogodorremovers\d58f73cc\5e67487e\App_Web_mgll3sl4.dll -> [2009/08/26 12:00:48 | 00,025,088 | ---- | M] ()
App_Web_0foy8qv2.dll -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\biofogodorremovers\13e131ea\ac564e29\App_Web_0foy8qv2.dll -> [2009/08/26 11:59:37 | 00,029,696 | ---- | M] ()
bthservsdp.dat -> C:\Windows\bthservsdp.dat -> [2009/08/26 08:04:22 | 00,000,012 | ---- | M] ()
IconCache.db -> C:\Users\lori\AppData\Local\IconCache.db -> [2009/08/26 08:04:12 | 02,082,785 | -H-- | M] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2009/08/26 06:58:35 | 00,001,780 | ---- | M] ()
ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000002.regtrans-ms -> C:\Users\lori\ntuser.dat{199ce81c-9225-11de-b016-0021704b013f}.TMContainer00000000000000000002.regtrans-ms -> [2009/08/26 05:46:15 | 00,524,288 | -HS- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009/08/26 05:45:43 | 39,561,6426 | ---- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\lori\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/08/26 03:07:58 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\lori\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/08/26 03:07:58 | 00,065,536 | -HS- | M] ()
keyfile3.drm -> C:\Users\lori\AppData\Local\keyfile3.drm -> [2009/08/18 13:59:00 | 00,004,096 | -H-- | M] ()
ase_installguide_winqig.pdf -> C:\Users\lori\Desktop\ase_installguide_winqig.pdf -> [2009/08/18 10:51:45 | 00,277,265 | ---- | M] ()
vs000223.dat -> C:\ProgramData\Microsoft\VisualStudio\9.0\vs000223.dat -> [2009/08/17 03:03:20 | 00,677,178 | -H-- | M] ()
Safari.lnk -> C:\Users\Public\Desktop\Safari.lnk -> [2009/08/15 11:24:19 | 00,001,866 | ---- | M] ()
McDefragTask.job -> C:\Windows\tasks\McDefragTask.job -> [2009/08/15 01:00:00 | 00,000,356 | ---- | M] ()
eFax 4.3.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\eFax 4.3.lnk -> [2009/08/12 10:46:25 | 00,001,849 | ---- | M] ()
eFax Compose Fax 4.3.lnk -> C:\Users\lori\Desktop\eFax Compose Fax 4.3.lnk -> [2009/08/12 10:46:25 | 00,000,920 | ---- | M] ()
eFax Messenger 4.3.lnk -> C:\Users\lori\Desktop\eFax Messenger 4.3.lnk -> [2009/08/12 10:46:25 | 00,000,913 | ---- | M] ()
Carter.connection.doc -> C:\Users\lori\Desktop\Carter.connection.doc -> [2009/08/12 10:40:42 | 00,025,088 | ---- | M] ()
odors-removers_godaddy-refund.pdf -> C:\Users\lori\Desktop\odors-removers_godaddy-refund.pdf -> [2009/08/11 23:25:47 | 00,079,613 | ---- | M] ()
mcs.rma -> C:\Users\lori\AppData\Roaming\mcs.rma -> [2009/08/03 17:48:59 | 00,870,128 | ---- | M] ()
26D030 -> C:\Users\lori\AppData\Roaming\26D030 -> [2009/08/03 17:48:59 | 00,000,004 | ---- | M] ()
MozyHome Status.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MozyHome Status.lnk -> [2009/08/02 13:39:33 | 00,000,826 | ---- | M] ()
McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2009/08/01 01:00:00 | 00,000,348 | ---- | M] ()
DataSafeDotNet.exe -> C:\Users\lori\AppData\Roaming\DataSafeDotNet.exe -> [2009/07/31 07:13:07 | 08,270,752 | ---- | M] (Dell, Inc. )
0267361251192618mcinst.exe -> C:\Windows\Temp\0267361251192618mcinst.exe -> [2009/07/09 23:52:28 | 00,316,312 | ---- | M] (McAfee, Inc.)
opa11.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa11.dat -> [2009/03/11 23:04:54 | 00,011,090 | ---- | M] ()
lori.dat -> C:\ProgramData\Microsoft\User Account Pictures\lori.dat -> [2009/03/07 15:49:31 | 00,000,000 | ---- | M] ()

[Alternate Data Streams]
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >
[/code]

**katana** · 2009-08-29, 18:54

There is no obvious sign of infection, I would try disabling Mozy and see if that stops the problem.

----------------------------------------------------------------------------------------
Step 1

Open OTScanIt. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Unregister Dlls]
[Registry - Safe List]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {5C255C8A-E604-49b4-9D64-90988571CECB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "" -> []
[Files/Folders - Modified Within 30 Days]
NY -> 7 C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\*.tmp files -> C:\Users\lori\AppData\Local\Temp\Temporary ASP.NET Files\veinclinic\b8c82227\d932b166\*.tmp
NY -> 64 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp
NY -> 0267361251192618mcinst.exe -> C:\Windows\Temp\0267361251192618mcinst.exe
[Alternate Data Streams]
NY -> @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
[Empty Temp Folders]

The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system

----------------------------------------------------------------------------------------
Step 2

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
- Update Malwarebytes' Anti-Malware
- and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
- If you accidently close it, the log file is saved here and will be named like this:
- C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.

OTS Log
MBAM Log

**loribrewer** · 2009-08-29, 20:35

Will you explain what the OTScanIt "Fix" that you posted will do? What DLL's is it unregistering? Thanks.

**katana** · 2009-08-29, 22:59

It will remove some unneeded registry entries and files.
It shouldn't actually need to unregister any dll's, but if it finds any in the temp folders it will unregister them

**loribrewer** · 2009-08-30, 20:58

All Processes Killed
[Registry - Safe List]
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ not found.
[Files/Folders - Modified Within 30 Days]
File C:\Windows\Temp\0267361251192618mcinst.exe not found!
[Alternate Data Streams]
Unable to delete ADS C:\ProgramData\TEMP:5D432CE3 .
[Empty Temp Folders]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: lori
->Temp folder emptied: 0 bytes
File delete failed. C:\Users\lori\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 1277952 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\mcafee_PxqmNlkdpFLfLA7 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_BkmlBnTFDsaPRS8 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_cyiLYNc5KkItfFJ scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_iAv9MYbZlqhhbCH scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\mcmsc_jpQUWziEvX5ffv2 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_irlYulRi71yRTlf scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_Q0IelujHpyv6M97 scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_S8wiSYi0PP1ClfK scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\sqlite_TXpo90xaQGnnZoc scheduled to be deleted on reboot.
Windows Temp folder emptied: 95419653 bytes
RecycleBin emptied: 566679772 bytes

Total Files Cleaned = 632.65 mb

< End of fix log >
OTS by OldTimer - Version 3.0.10.3 fix logfile created on 08302009_143949

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_PxqmNlkdpFLfLA7 not found!
File\Folder C:\Windows\temp\mcmsc_BkmlBnTFDsaPRS8 not found!
File\Folder C:\Windows\temp\mcmsc_cyiLYNc5KkItfFJ not found!
File\Folder C:\Windows\temp\mcmsc_iAv9MYbZlqhhbCH not found!
C:\Windows\temp\mcmsc_jpQUWziEvX5ffv2 moved successfully.
File\Folder C:\Windows\temp\sqlite_irlYulRi71yRTlf not found!
File\Folder C:\Windows\temp\sqlite_Q0IelujHpyv6M97 not found!
C:\Windows\temp\sqlite_S8wiSYi0PP1ClfK moved successfully.
File\Folder C:\Windows\temp\sqlite_TXpo90xaQGnnZoc not found!

Registry entries deleted on Reboot...

**loribrewer** · 2009-08-30, 22:24

Thank you! one item infected: "Hijack.DisplayProperties" What is this? (I removed it.)

-------------------------------------------
Malwarebytes' Anti-Malware 1.40
Database version: 2719
Windows 6.0.6001 Service Pack 1

8/30/2009 4:21:55 PM
mbam-log-2009-08-30 (16-21-55).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 384063
Time elapsed: 1 hour(s), 18 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thread: HJT log-Thanks to whomever can help me!! (Non Malware Issue)

Thread Tools

Display

HJT log-Thanks to whomever can help me!! (Non Malware Issue)

OTS log

OTS Log Part 2 of 3

OTS Log part 3 of 3

OTScanIt

OldTimer Log following "Fix"

MBAM Log

Tags for this Thread

Posting Permissions