Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Ertfor comes back


  • This topic is locked This topic is locked
16 replies to this topic

#1 terrors42

terrors42

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 06 July 2009 - 04:11 PM

I seem to have a trojan or something that keep reappearing back on my computer even though multiple programs have been used to remove it. As was requested I have pasted my HJS log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:09:53 PM, on 7/6/2009
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:Program Files (x86)Common FilesSymantec SharedccSvcHst.exe
C:Program Files (x86)AviraAntiVir Desktopsched.exe
C:Program Files (x86)AutodeskData Management Server 2009ServerDispatchConnectivity.WindowsService.JobDispatch.exe
C:Program Files (x86)AutodeskData Management Server 2009ServerWebserverConnectivity.EDMWS.Server.exe
C:Program Files (x86)Common FilesInterVideoRegMgriviRegMgr.exe
C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
C:Program Files (x86)Common FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSRTHDCPL.EXE
C:Program Files (x86)ATI TechnologiesATI HYDRAVISIONHydraDM.exe
C:WINDOWSSMINSTScheduler.exe
C:Program Files (x86)Common FilesSymantec SharedccApp.exe
C:Program Files (x86)VMwareVMware Workstationvmware-tray.exe
C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe
C:WINDOWSSysWOW64vmnat.exe
C:WINDOWSSysWOW64vmnetdhcp.exe
C:Program Files (x86)VMwareVMware Workstationvmware-authd.exe
C:Program Files (x86)SymantecSymantec Endpoint ProtectionRtvscan.exe
C:Program Files (x86)AviraAntiVir Desktopavguard.exe
C:Program Files (x86)SymantecSymantec Endpoint ProtectionProtectionUtilSurrogate.exe
C:LotusNotesnlnotes.exe
C:LotusNotesnaldaemn.EXE
C:LotusNotesnhldaemn.EXE
C:Program Files (x86)Common FilesAutodesk SharedServiceAdskScSrv.exe
C:Program FilesAutodeskInventor 2009Binad32lw.exe
C:DOCUME~1chrisLOCALS~1TempAdskCleanup.0001
C:Program FilesAutodeskInventor 2009Binbin32inventor32bithost.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Internet Exploreriexplore.exe
C:Program Files (x86)Trend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.usatoday.com/
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll
O4 - HKLM..Run: [StartCCC] "C:Program Files (x86)ATI TechnologiesATI.ACECore-StaticCLIStart.exe"
O4 - HKLM..Run: [Recguard] C:WINDOWSSminstRecguard.exe
O4 - HKLM..Run: [Reminder] C:WINDOWSCreatorRemind_XP.exe
O4 - HKLM..Run: [Scheduler] C:WINDOWSSMINSTScheduler.exe
O4 - HKLM..Run: [ccApp] "C:Program Files (x86)Common FilesSymantec SharedccApp.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [vmware-tray] "C:Program Files (x86)VMwareVMware Workstationvmware-tray.exe"
O4 - HKLM..Run: [Adobe Acrobat Speed Launcher] "C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrobat_sl.exe"
O4 - HKLM..Run: [Acrobat Assistant 8.0] "C:Program Files (x86)AdobeAcrobat 9.0AcrobatAcrotray.exe"
O4 - HKLM..Run: [Ad-Watch] "C:Program Files (x86)LavasoftAd-AwareAAWTray.exe"
O4 - HKLM..Run: [avgnt] "C:Program Files (x86)AviraAntiVir Desktopavgnt.exe" /min
O4 - HKCU..Run: [HydraVisionDesktopManager] "C:Program Files (x86)ATI TechnologiesATI HYDRAVISIONHydraDM.exe"
O4 - HKUSS-1-5-19..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User 'SYSTEM')
O4 - HKUS.DEFAULT..RunOnce: [tscuninstall] %systemroot%system32tscupgrd.exe (User 'Default user')
O4 - Global Startup: Start 3DxWare.lnk = C:Program Files3Dconnexion3Dconnexion 3DxWare (x64)3dxsrv.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:PROGRA~2MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.5.0binnpjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program Files (x86)Javajre1.5.0binnpjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:PROGRA~2MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:program files (x86)vmwarevmware workstationvsocklib.dll
O10 - Unknown file in Winsock LSP: c:program files (x86)vmwarevmware workstationvsocklib.dll
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1239034689369
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://jedson.webex.com/client/T26L/webex/ieatgpc.cab
O17 - HKLMSystemCCSServicesTcpipParameters: Domain = fureyfp1.fureyfp.com
O17 - HKLMSystemCS1ServicesTcpipParameters: Domain = fureyfp1.fureyfp.com
O20 - AppInit_DLLs: C:WINDOWSsystem32zofarimo.dll
O20 - Winlogon Notify: !SASWinLogon - C:Program Files (x86)SUPERAntiSpywareSASWINLO.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:Program Files (x86)AviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program Files (x86)AviraAntiVir Desktopavguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:WINDOWSsystem32Ati2evxx.exe (file missing)
O23 - Service: Autodesk Data Management Job Dispatch - Autodesk - C:Program Files (x86)AutodeskData Management Server 2009ServerDispatchConnectivity.WindowsService.JobDispatch.exe
O23 - Service: Autodesk EDM Server - Autodesk - C:Program Files (x86)AutodeskData Management Server 2009ServerWebserverConnectivity.EDMWS.Server.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:Program Files (x86)Common FilesAutodesk SharedServiceAdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:Program Files (x86)Common FilesSymantec SharedccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:Program Files (x86)Common FilesSymantec SharedccSvcHst.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:WINDOWSSystem32dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:WINDOWSsystem32services.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:Program Files (x86)Common FilesMacrovision SharedFLEXnet PublisherFNPLicensingService.exe
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:WINDOWSSystem32lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:WINDOWSsystem32imapi.exe (file missing)
O23 - Service: IviRegMgr - InterVideo - C:Program Files (x86)Common FilesInterVideoRegMgriviRegMgr.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:Program Files (x86)LavasoftAd-AwareAAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:Program Files (x86)Common FilesLightScribeLSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:PROGRA~2SymantecLIVEUP~1LUCOMS~1.EXE
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:WINDOWSsystem32msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
O23 - Service: PC Angel (PCA) - SoftThinks - C:WINDOWSSMINSTPCAngel.exe
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:WINDOWSsystem32services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:WINDOWSsystem32sessmgr.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - C:Program Files (x86)Common FilesRoxio Shared10.0SharedCOMRoxMediaDB10.exe
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:WINDOWSsystem32lsass.exe (file missing)
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:Program Files (x86)SymantecSymantec Endpoint ProtectionSmc.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:Program Files (x86)SymantecSymantec Endpoint ProtectionSNAC64.EXE
O23 - Service: stllssvr - MicroVision Development, Inc. - C:Program Files (x86)Common FilesSureThing Sharedstllssvr.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:Program Files (x86)SymantecSymantec Endpoint ProtectionRtvscan.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:Program Files (x86)VMwareVMware Workstationvmware-ufad.exe
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:WINDOWSSystem32vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:Program Files (x86)VMwareVMware Workstationvmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:WINDOWSsystem32vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:WINDOWSsystem32vmnat.exe
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:WINDOWSSystem32vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:WINDOWSsystem32wbemwmiapsrv.exe (file missing)

--
End of file - 12144 bytes

If it is any help here is a link to the start of trouble shooting these problems. from which referred. ~ OB

http://www.bleepingcomputer.com/forums/t/237822/trojanertfor-keeps-reappearing/

Merged posts. ~ OB

Edited by Orange Blossom, 08 July 2009 - 11:33 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,986 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:08:42 PM

Posted 14 July 2009 - 08:36 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 terrors42

terrors42
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 14 July 2009 - 09:42 AM

I am currently still having the same problems on my computer. Malwarebytes keeps cleaning off trojan.ertfor but this infection keeps returning. I can't seem to run the DDS program you a requesting I run. One of the versions says my system is not compatible. I am runing windows XP 64bit. I can run hijackthis if that will work.

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 PM

Posted 15 July 2009 - 04:35 AM

Hi,
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 terrors42

terrors42
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 16 July 2009 - 07:39 AM

Hey thanks for the Reply. I have run the scan and here are what the logs have.

OTL logfile created on: 7/16/2009 7:35:34 AM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\chris\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.86 Gb Total Space | 153.87 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 5.53 Gb Free Space | 46.08% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive K: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive L: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive N: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive P: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS

Computer Name: CAD2009
Current User Name: chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
PRC - C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (AMD)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\WINDOWS\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Documents and Settings\chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV:64bit: - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Autodesk Data Management Job Dispatch [Auto | Running]) -- C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
SRV - (Autodesk EDM Server [Auto | Running]) -- C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ccEvtMgr [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IASJet [On_Demand | Stopped]) -- C:\WINDOWS\SysWOW64\iasrecst.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSSQL$AUTODESKVAULT [Auto | Running]) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Netlogon [Auto | Running]) -- C:\WINDOWS\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCA [Auto | Stopped]) -- C:\WINDOWS\SMINST\PCAngel.exe (SoftThinks)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (SmcService [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (Symantec AntiVirus [On_Demand | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (ufad-ws60 [On_Demand | Stopped]) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (VMAuthdService [Auto | Running]) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP [Auto | Running]) -- C:\WINDOWS\SysWow64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service [Auto | Running]) -- C:\WINDOWS\SysWow64\vmnat.exe (VMware, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgio [System | Running]) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgio64.sys (Avira GmbH)
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (mnmdd [System | Running]) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20090715.067\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20090715.067\EX64.SYS (Symantec Corporation)
DRV - (Null [System | Running]) -- C:\WINDOWS\SysWow64\drivers\null.sys ()
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\SysWow64\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\SysWow64\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\SysWow64\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (VirtDisk [On_Demand | Stopped]) -- c:\windows\sminst\VirtDk64.sys (XSS)
DRV - (vstor2-ws60 [Auto | Running]) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/06 12:01:45 | 00,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (C:\WINDOWS\SysWow64\sdfgerfgf3f.dll) - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\SysWow64\sdfgerfgf3f.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\WINDOWS\system32\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (AMD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start 3DxWare.lnk = C:\Program Files (x86)\3Dconnexion\3Dconnexion 3DxWare (x64)\3dxsrv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15:64bit: - ..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1239034689369 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://jedson.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.2 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fureyfp1.fureyfp.com
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - File not found
O18:64bit: - Protocol\Filter: - application/x-complus - File not found
O18:64bit: - Protocol\Filter: - application/x-msdownload - File not found
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O22 - SharedTaskScheduler: {E2BA40A2-74F3-42BD-F434-2604812C8953} - sdfg54y54yhhgth6w4efvrg - C:\WINDOWS\SysWow64\sdfgerfgf3f.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/14 10:53:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/03/23 12:05:56 | 00,000,000 | ---D | M] - K:\Autodesk -- [ NTFS ]
O32 - AutoRun File - File not found - K:\AUTODESK.INV -- [ NTFS ]
O32 - AutoRun File - [2008/03/22 18:52:38 | 00,000,000 | ---D | M] - N:\AUTODESK -- [ NTFS ]
O33 - MountPoints2\{5c612047-22c2-11de-be3d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5c612047-22c2-11de-be3d-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/07/16 07:21:05 | 00,000,000 | ---- | C] () -- C:\ttk.2
[2009/07/15 09:52:52 | 00,030,887 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\PROS KEY CONFORMATION.pdf
[2009/07/15 07:35:26 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chris\Desktop\OTL.exe
[2009/07/14 15:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\IR DWG MOD
[2009/07/14 09:44:03 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/14 09:43:06 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\RSIT.exe
[2009/07/13 13:40:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\Psi junk
[2009/07/13 13:18:45 | 00,310,784 | ---- | C] () -- C:\Documents and Settings\chris\My Documents\prevx.doc
[2009/07/13 12:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/07/13 12:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/07/13 12:20:19 | 00,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/07 11:24:39 | 04,283,090 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\cs_02_3a5f.pdf
[2009/07/07 07:27:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/07 07:26:59 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iertutil.dll
[2009/07/07 07:26:59 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\urlmon.dll
[2009/07/07 07:26:59 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininet.dll
[2009/07/07 07:25:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/06 11:52:02 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\dds.scr
[2009/07/06 11:48:27 | 00,001,788 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\HijackThis.lnk
[2009/07/06 11:48:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/07/06 11:48:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\chris\Desktop\HJTInstall.exe
[2009/06/30 15:31:48 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\chris\Desktop\ATF-Cleaner.exe
[2009/06/26 11:48:08 | 00,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/26 11:47:58 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\SysWow64\drivers\ssmdrv.sys
[2009/06/26 11:47:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2009/06/26 11:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/06/23 13:57:31 | 00,054,690 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\G20911611-00-A2.pdf
[2009/06/23 13:54:19 | 00,067,569 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\8 x 10 in. cutout print.pdf
[2009/06/22 16:26:39 | 10,172,195 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\SST-1056-0026-Hollow Model.zip
[2009/06/22 09:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/06/19 11:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\My Documents\scan log
[2009/06/19 11:21:21 | 00,000,176 | -H-- | C] () -- C:\aaw7boot.cmd
[2009/06/19 11:05:38 | 00,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/19 11:02:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/19 11:02:52 | 00,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/19 11:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/06/19 11:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/06/19 11:02:20 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\chris\Desktop\Ad-AwareAE.exe
[2009/06/17 10:49:12 | 00,000,975 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Spybot - Search & Destroy.lnk
[2009/06/17 10:49:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/06/17 10:49:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/16 13:42:18 | 00,474,112 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\INNOMAG-1.5X1X6 PUMP.ipt
[2009/04/16 15:34:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\null.sys
[2009/04/06 14:30:22 | 00,172,128 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2009/04/06 14:30:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\_isusr2k.dll
[2009/04/06 14:21:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/04/06 13:22:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/01 17:48:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/01 17:27:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeW7.dll
[2009/04/01 17:27:03 | 00,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeA6.dll
[2009/04/01 17:27:03 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeP6.dll
[2009/04/01 17:27:03 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeM6.dll
[2009/04/01 17:27:03 | 00,188,416 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizePX.dll
[2009/04/01 17:27:03 | 00,020,480 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresize.dll
[2009/04/01 17:17:58 | 00,648,234 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/03/14 10:53:36 | 00,000,527 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/03/14 02:44:44 | 00,000,150 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/02/18 00:00:00 | 01,277,952 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 00:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 00:00:00 | 00,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 00:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 00:00:00 | 00,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 00:00:00 | 00,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 00:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 00:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 00:00:00 | 00,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 00:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 00:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 00:00:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 00:00:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 00:00:00 | 00,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 00:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 00:00:00 | 00,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 00:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 00:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2006/07/21 18:51:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\spwini.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\SysWow64\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/16 07:21:05 | 00,000,000 | ---- | M] () -- C:\ttk.2
[2009/07/16 07:21:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/16 07:20:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/15 16:56:37 | 00,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 11:52:13 | 00,310,784 | ---- | M] () -- C:\Documents and Settings\chris\My Documents\prevx.doc
[2009/07/15 09:52:52 | 00,030,887 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\PROS KEY CONFORMATION.pdf
[2009/07/15 07:35:29 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chris\Desktop\OTL.exe
[2009/07/14 09:43:10 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\RSIT.exe
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/07/13 12:20:32 | 00,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/07/13 11:05:39 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/09 17:03:06 | 00,570,368 | ---- | M] () -- C:\Documents and Settings\chris\My Documents\PRICE TABLES.xls
[2009/07/07 11:25:05 | 04,283,090 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\cs_02_3a5f.pdf
[2009/07/06 23:22:03 | 04,797,242 | -H-- | M] () -- C:\Documents and Settings\chris\Local Settings\Application Data\IconCache.db
[2009/07/06 11:52:03 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\dds.scr
[2009/07/06 11:48:27 | 00,001,788 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\HijackThis.lnk
[2009/07/06 11:48:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\chris\Desktop\HJTInstall.exe
[2009/06/30 15:31:49 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\chris\Desktop\ATF-Cleaner.exe
[2009/06/29 15:23:22 | 00,129,654 | ---- | M] () -- C:\inv_oktodelete.bmp
[2009/06/26 11:48:08 | 00,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/23 13:57:31 | 00,054,690 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\G20911611-00-A2.pdf
[2009/06/23 13:54:20 | 00,067,569 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\8 x 10 in. cutout print.pdf
[2009/06/22 16:26:39 | 10,172,195 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\SST-1056-0026-Hollow Model.zip
[2009/06/22 13:59:09 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\SKID DRAG SHEET.xls
[2009/06/19 11:21:21 | 00,000,176 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/06/19 11:02:52 | 00,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/19 11:02:24 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\chris\Desktop\Ad-AwareAE.exe
[2009/06/19 10:45:03 | 00,648,234 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/06/17 10:49:12 | 00,000,975 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Spybot - Search & Destroy.lnk
[2009/06/16 14:04:34 | 00,474,112 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\INNOMAG-1.5X1X6 PUMP.ipt
< End of report >





OTL Extras logfile created on: 7/16/2009 7:35:34 AM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\chris\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.86 Gb Total Space | 153.87 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 5.53 Gb Free Space | 46.08% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive K: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive L: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive N: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive P: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS

Computer Name: CAD2009
Current User Name: chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:iexplore (Microsoft Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe:*:Enabled:ProtectionUtilSurrogate (Symantec Corporation)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd (VMware, Inc.)
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:iexplore (Microsoft Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe:*:Enabled:ProtectionUtilSurrogate (Symantec Corporation)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler ()
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service (Symantec Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE:*:Enabled:SNAC64 Service (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email (Symantec Corporation)
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler ()
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service (Symantec Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE:*:Enabled:SNAC64 Service (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{12F5D482-1F43-4708-BCC5-031F10A08949}" = Symantec Endpoint Protection
"{3A7F0D51-79F1-5B9E-6F7B-AB78E7107E4C}" = ccc-utility64
"{4713fdb0-2117-4d26-9e12-bbb11350a47f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5473360E-2990-4134-A38B-5575A76C8620}" = AOEMView 2009
"{5783F2D6-7028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2009
"{5783F2D7-7005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2009
"{6138195A-00DD-47DC-A447-B352E67E2B75}" = Autodesk Autoloader 2009
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7F4DD591-1300-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2009
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84B00C24-0F99-4183-B3EE-C6262ADC0951}" = Autodesk Vault 2009 (64-bit add-ins)
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ADBA9020-D053-34F5-4B85-32335C368EC4}" = ccc-utility64
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C39417-68D4-4D75-BC86-31587EF72973}" = 3Dconnexion 3DxWare (x64)
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E86AA946-5CE2-4C21-B660-D2C186B6FDB3}" = Broadcom Management Programs
"{F0B36BD4-E562-4EB6-9164-E364B99DD2A7}" = ATI FireGLMax64
"AOEMView 2009" = AOEMView 2009
"ATI Display Driver" = ATI Display Driver
"AutoCAD Mechanical 2009" = AutoCAD Mechanical 2009
"AutoCAD Mechanical 2009 SP2" = AutoCAD Mechanical 2009 x64 SP2
"Autodesk Autoloader 2009" = Autodesk Autoloader 2009
"Autodesk Inventor Professional 2009" = Autodesk Inventor Professional 2009
"Autodesk Inventor Professional 2009 SP1" = Autodesk Inventor Professional 2009 SP1
"Autodesk Inventor Professional 2009 SP2" = Autodesk Inventor Professional 2009 SP2
"Autodesk Vault 2009 (64-bit add-ins)" = Autodesk Vault 2009 (64-bit add-ins)
"DWG TrueView 2009" = DWG TrueView 2009
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCSI" = Prevx 3.0
"pdfFactory" = pdfFactory
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"WMFDist64" = Windows Media Format 9.5 Runtime x64 Edition
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01B8B4B2-8B7C-4E2C-AB80-BBF1225DCA42}" = Catalyst Control Center - Branding
"{03B1A680-CE88-15D5-CB58-652EB5C09479}" = CCC Help Spanish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC
"{060552FC-C6C3-64BC-2AA8-5731D9572D5F}" = CCC Help Korean
"{0613356D-D155-A641-660B-7494C7624F70}" = Catalyst Control Center Localization Czech
"{07CACA47-71A8-906E-CACB-B81D88439DD1}" = Catalyst Control Center Localization Greek
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B8292E6-2A32-4826-832F-50DF06C337F5}" = CCC Help French
"{0E5AC936-E143-CB20-DD86-EFE48211307F}" = Catalyst Control Center Localization Italian
"{130F339A-7B82-8CC7-EF05-314F6F787734}" = Catalyst Control Center Localization Norwegian
"{1335CB3B-0E71-9300-BF62-6CFF07E169F8}" = CCC Help Chinese Standard
"{14337C41-22D6-49A3-1A85-523C342BB33A}" = CCC Help German
"{147EA40B-74B0-E735-419E-EF92FCFFE1CB}" = CCC Help Polish
"{1B21E7B8-FB5E-985F-67E3-2783225B7E35}" = CCC Help Czech
"{1B743E5E-EA6B-367B-89D3-0607D7DD2DDB}" = CCC Help Turkish
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2417316D-91A1-4A2C-8D18-B59C8FCD5C21}" = CCC Help Danish
"{25C45D00-7402-A152-BA07-B6CA93D98D4F}" = CCC Help Swedish
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2816306C-C75A-8838-13C5-EFA7F406CEBF}" = CCC Help Italian
"{2876D8D6-862C-AB53-5B76-451D52EF1301}" = Catalyst Control Center Graphics Full Existing
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2DC4A98F-D314-834D-1CE2-EC3D3F352EE8}" = Catalyst Control Center Localization Chinese Standard
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D5048E-A4DE-40C6-21C7-1C319C21FA17}" = CCC Help Hungarian
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{37C1053C-9195-9BA6-7744-E6F05A79F9C0}" = CCC Help Czech
"{38F2C4C8-BCC0-7CF2-107D-ACD78F43FBB2}" = Catalyst Control Center Localization Finnish
"{3B754B99-B542-39A2-272D-B74F0B2DA22B}" = Catalyst Control Center Localization Russian
"{3D6908BA-F5EC-A26C-F4AA-AAFF03DC16EE}" = CCC Help Portuguese
"{3F6FC7DA-0193-FEB2-F9B2-356F8BC3588B}" = CCC Help Chinese Traditional
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{4293FC36-C69D-639C-750B-5374AE0A569D}" = Catalyst Control Center Localization Spanish
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4DF9165A-F857-26D3-28C4-7473B5F305A4}" = CCC Help Russian
"{517F2606-1DAE-3A34-7981-0A2D14D62742}" = CCC Help Hungarian
"{51C777EC-31C9-2EF9-CA42-7C1479DE8620}" = ccc-core-preinstall
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5555B698-CCA6-51AB-7C61-D3C675162F48}" = CCC Help Finnish
"{56D55760-3007-831F-68B9-9A4E6CA9CC99}" = CCC Help English
"{58579F8F-BFC0-AF36-872C-6F9E16BAB444}" = ccc-core-preinstall
"{5CCD47C7-A3D8-90F8-0DBB-93AE1AAA2A2E}" = Catalyst Control Center Localization Swedish
"{63B8D001-0937-3663-2D3E-6D88A4714FF6}" = Skins
"{63DE9342-BA4B-3109-0DDE-F145B536E38E}" = CCC Help Chinese Traditional
"{655FB1C0-CE98-C69A-1451-F5E1C8DE22B8}" = CCC Help Spanish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6B46D6C3-545C-2E91-5048-56F3F1A0BE68}" = CCC Help Finnish
"{723E55C1-CCCC-1781-E5C7-CB41A1741F18}" = Catalyst Control Center Localization Danish
"{7264DD4C-DBED-C2D6-6208-2FE4BB30F4BC}" = CCC Help Turkish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{772B762B-7DDF-6713-8F48-5357E09A0E2A}" = Catalyst Control Center Localization Portuguese
"{779F5BB0-E9E5-A800-C903-5303825D7BC8}" = Skins
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{88FFE91D-9CBB-1350-24A2-9499D046EDF5}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0ABE0D-A2C8-F435-ED93-16852B4D440C}" = CCC Help Dutch
"{8AD7747D-4C50-2CF3-8382-9E111B488BF6}" = Catalyst Control Center Graphics Light
"{8B86E89D-5D33-1A8C-29A0-59E31AF53A71}" = Catalyst Control Center Graphics Light
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A803B7-2356-438E-4812-2EA989F932E3}" = CCC Help Polish
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9334739F-51CE-A3FD-DC7B-2584819639CD}" = CCC Help Japanese
"{948E4C36-55EF-B07F-22F0-8D5160859F9A}" = CCC Help Norwegian
"{958B0CA7-E532-675C-5E21-23711DAF19FA}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BEB5D8D-CAC9-6146-BDB9-F7C3C14D5C5D}" = Catalyst Control Center Graphics Full New
"{A0575C25-BD48-9EA4-4E10-CB642BBE6A1D}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A32BBB98-D4B5-3CC5-FF5A-0DFA8A9C5C83}" = Catalyst Control Center Localization Japanese
"{A3BDAB0B-0820-9643-9983-49D43C930686}" = CCC Help Portuguese
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BE61C7-E5E6-1C9B-657D-DC6652B1B0D6}" = Catalyst Control Center Core Implementation
"{A6796D0D-3816-35C8-6740-5B084711B0F6}" = ccc-core-preinstall
"{A813EAE1-76C4-3CD2-F732-DD709EA1FB9C}" = Catalyst Control Center Core Implementation
"{ABD251D5-B9EC-961F-59F8-471AB89CDA58}" = Catalyst Control Center Localization Korean
"{ac474156-361a-4a7b-8b6e-977781b92565}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC9AD2E3-D22C-F449-8E43-5A96034C8230}" = Catalyst Control Center Graphics Full New
"{B015EFFB-A0C5-FCE7-28CD-FF8876C8F605}" = Catalyst Control Center Localization Thai
"{B1171FBD-BC6D-B6F9-4E9E-B7A5120AB792}" = Catalyst Control Center HydraVision Full
"{B2974F75-D989-4454-05CB-587B2AEBED86}" = Catalyst Control Center Localization French
"{B4013E5D-C833-4C8D-A942-AD7BBDFD9389}" = Autodesk Vault 2009 (Client)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53D4959-F0BF-3D15-8DC7-A839906C3CCE}" = CCC Help Greek
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B75B384A-C316-4C4B-9567-E40250D0B5D5}" = 3Dconnexion Plug-In for Acrobat
"{BB9FF67B-1A16-491B-81C5-272B145FEAB7}" = Autodesk Data Management Server 2009
"{BE8019C6-F3AB-634F-510A-8C907BFF1144}" = CCC Help French
"{C2725D84-AF44-4EA7-AD2F-3C2BF484F540}" = HP Performance Tuning Framework
"{C2E6C5DB-A8AA-3215-FB6E-871461FB2530}" = Catalyst Control Center Localization Polish
"{C4AB1C47-6C61-07D0-2427-9586219AD932}" = CCC Help Russian
"{C7A21B1F-24E0-5BC2-C1DA-D086310CD8E1}" = Catalyst Control Center Graphics Full Existing
"{C862EFB2-C838-1E4B-CF4B-26E23620FF36}" = CCC Help Italian
"{CAE9A614-FBA8-52B1-4566-9D45BBE8EB39}" = Catalyst Control Center Localization Dutch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB835057-5F89-6CE3-4011-554F49BA8967}" = CCC Help Danish
"{CBBCD044-B406-4C41-A3DD-99DE6F0004D2}" = ATI Hydravision APS
"{CBC919CD-C8DD-8851-06B7-2E0D5F8E59AE}" = CCC Help English
"{CC5A20B9-D3CF-E992-91BA-FCCBA6B2D8DD}" = CCC Help Thai
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFD193BB-FC6A-68E2-0647-13A7B1DE83B3}" = Catalyst Control Center Localization Chinese Traditional
"{D26BC6C3-0735-82EC-11BE-325322F4ADED}" = Catalyst Control Center Localization Turkish
"{D36F6D14-EA35-011B-AB6D-4282BA31D2C9}" = Catalyst Control Center Graphics Previews Common
"{D3B8A9AA-D6F0-436E-AD3C-EFC33FB3C1FD}" = Catalyst Control Center Localization German
"{D6640090-91E0-2BF5-DD0A-8E49EDE8D75D}" = ccc-core-static
"{D934C35A-A826-2F9F-9562-28CA5AEE2AF4}" = CCC Help Greek
"{DCB62F30-86CB-5AB2-4CC7-6C9F7D4C7FB8}" = CCC Help Korean
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF703A4B-50F6-8CB4-9254-C369B5F07CF3}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4AA5CE1-B93A-183F-2B1E-A40C76C07A10}" = CCC Help Chinese Standard
"{E9F717C3-6C1B-6BB8-75DA-47D5D232F9E2}" = CCC Help Thai
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EFF4A973-5F73-7AD2-F9EF-0E54758C26AA}" = Catalyst Control Center Localization Hungarian
"{F0B36BD4-E562-4EB6-9164-E364B99DD2A7}" = ATI FireGLMax64
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8B95EAB-3FA4-D449-F61F-18886F40878F}" = CCC Help German
"{FA07B688-E89E-212C-4F8B-BA05B1A967C6}" = CCC Help Norwegian
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Autodesk Data Management Server 2009" = Autodesk Data Management Server 2009
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Autodesk Vault 2009 (Client)" = Autodesk Vault 2009 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HijackThis" = HijackThis 2.0.2
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDSolids_3.5" = MDSolids 3.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"SHARP AR-280 300 350 450 Series PCL Printer Driver" = SHARP AR-280/300/310/350/420/450 DM-3500/4500 Series PCL Printer Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2009 8:28:12 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine that describes
the reason for this.

Error - 7/13/2009 8:28:33 AM | Computer Name = CAD2009 | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Unable to connect to the remote server

Error - 7/13/2009 6:12:20 PM | Computer Name = CAD2009 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8307.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2009 5:47:11 PM | Computer Name = CAD2009 | Source = Application Hang | ID = 1002
Description = Hanging application vmware.exe, version 6.5.2.7026, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/15/2009 8:26:56 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1006
Description = Windows cannot bind to fureyfp1.fureyfp.com domain. (Local Error).
Group Policy processing aborted.

Error - 7/15/2009 8:26:56 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine that describes
the reason for this.

Error - 7/15/2009 8:27:12 AM | Computer Name = CAD2009 | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Unable to connect to the remote server

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1006
Description = Windows cannot bind to fureyfp1.fureyfp.com domain. (Local Error).
Group Policy processing aborted.

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine that describes
the reason for this.

Error - 7/16/2009 8:24:03 AM | Computer Name = CAD2009 | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Unable to connect to the remote server

[ System Events ]
Error - 7/15/2009 8:25:16 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/15/2009 8:25:16 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/15/2009 8:26:57 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7022
Description = The Autodesk EDM Server service hung on starting.

Error - 7/15/2009 8:26:57 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 7/16/2009 8:21:05 AM | Computer Name = CAD2009 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/16/2009 8:21:05 AM | Computer Name = CAD2009 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/16/2009 8:22:15 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/16/2009 8:22:15 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7022
Description = The Autodesk EDM Server service hung on starting.

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >




Hey thanks for the Reply. I have run the scan and here are what the logs have.

OTL logfile created on: 7/16/2009 7:35:34 AM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\chris\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.86 Gb Total Space | 153.87 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 5.53 Gb Free Space | 46.08% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive K: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive L: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive N: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive P: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS

Computer Name: CAD2009
Current User Name: chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
PRC - C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
PRC - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
PRC - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (AMD)
PRC - C:\WINDOWS\SMINST\Scheduler.exe ()
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\WINDOWS\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe (Symantec Corporation)
PRC - C:\Documents and Settings\chris\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (CSIScanner [Auto | Running]) -- C:\Program Files\Prevx\prevx.exe (Prevx)
SRV:64bit: - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Autodesk Data Management Job Dispatch [Auto | Running]) -- C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe (Autodesk)
SRV - (Autodesk EDM Server [Auto | Running]) -- C:\Program Files (x86)\Autodesk\Data Management Server 2009\Server\Webserver\Connectivity.EDMWS.Server.exe (Autodesk)
SRV - (Autodesk Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (ccEvtMgr [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IASJet [On_Demand | Stopped]) -- C:\WINDOWS\SysWOW64\iasrecst.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IviRegMgr [Auto | Running]) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (LightScribeService [Auto | Running]) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MSSQL$AUTODESKVAULT [Auto | Running]) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Netlogon [Auto | Running]) -- C:\WINDOWS\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCA [Auto | Stopped]) -- C:\WINDOWS\SMINST\PCAngel.exe (SoftThinks)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (SmcService [Auto | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe (Symantec Corporation)
SRV - (SNAC [On_Demand | Stopped]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE (Symantec Corporation)
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (Symantec AntiVirus [On_Demand | Running]) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe (Symantec Corporation)
SRV - (ufad-ws60 [On_Demand | Stopped]) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (VMAuthdService [Auto | Running]) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP [Auto | Running]) -- C:\WINDOWS\SysWow64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service [Auto | Running]) -- C:\WINDOWS\SysWow64\vmnat.exe (VMware, Inc.)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files (x86)\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (avgio [System | Running]) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgio64.sys (Avira GmbH)
DRV - (eeCtrl [System | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (mnmdd [System | Running]) -- C:\WINDOWS\SysWow64\mnmdd.dll (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20090715.067\ENG64.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files (x86)\Common Files\Symantec Shared\VirusDefs\20090715.067\EX64.SYS (Symantec Corporation)
DRV - (Null [System | Running]) -- C:\WINDOWS\SysWow64\drivers\null.sys ()
DRV - (SASDIFSV [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Stopped]) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRTSP [System | Running]) -- C:\WINDOWS\SysWow64\Drivers\SRTSP64.SYS (Symantec Corporation)
DRV - (SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\SysWow64\Drivers\SRTSPL64.SYS (Symantec Corporation)
DRV - (SRTSPX [System | Running]) -- C:\WINDOWS\SysWow64\Drivers\SRTSPX64.SYS (Symantec Corporation)
DRV - (VirtDisk [On_Demand | Stopped]) -- c:\windows\sminst\VirtDk64.sys (XSS)
DRV - (vstor2-ws60 [Auto | Running]) -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/04/06 12:01:45 | 00,000,000 | ---D | M]


Hosts file not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (C:\WINDOWS\SysWow64\sdfgerfgf3f.dll) - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\SysWow64\sdfgerfgf3f.dll File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [pdfFactory Dispatcher v3] C:\WINDOWS\system32\spool\DRIVERS\x64\3\fppdis3a.exe (FinePrint Software, LLC)
O4:64bit: - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\ATI HYDRAVISION\HydraDM.exe (AMD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Start 3DxWare.lnk = C:\Program Files (x86)\3Dconnexion\3Dconnexion 3DxWare (x64)\3dxsrv.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O15:64bit: - ..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1239034689369 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://jedson.webex.com/client/T26L/webex/ieatgpc.cab (GpcContainer Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.2 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fureyfp1.fureyfp.com
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\SysNative\mshtml.dll File not found
O18:64bit: - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\SysNative\wiascr.dll File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - File not found
O18:64bit: - Protocol\Filter: - application/x-complus - File not found
O18:64bit: - Protocol\Filter: - application/x-msdownload - File not found
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UIHost - (%SystemRoot%\system32\logonui.exe) - C:\WINDOWS\SysNative\logonui.exe File not found
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\SysWow64\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (lsass.exe) - File not found
O20:64bit: - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - File not found
O20:64bit: - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - File not found
O20:64bit: - Winlogon\Notify\cscdll: DllName - cscdll.dll - File not found
O20:64bit: - Winlogon\Notify\dimsntfy: DllName - dimsntfy.dll - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20:64bit: - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - File not found
O20:64bit: - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20:64bit: - Winlogon\Notify\termsrv: DllName - Reg Error: Key error. - File not found
O20:64bit: - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - File not found
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - File not found
O21:64bit: - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\SysNative\stobject.dll File not found
O21:64bit: - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\SysNative\WPDShServiceObj.dll File not found
O22 - SharedTaskScheduler: {E2BA40A2-74F3-42BD-F434-2604812C8953} - sdfg54y54yhhgth6w4efvrg - C:\WINDOWS\SysWow64\sdfgerfgf3f.dll File not found
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/03/14 10:53:38 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 20:01:00 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/03/23 12:05:56 | 00,000,000 | ---D | M] - K:\Autodesk -- [ NTFS ]
O32 - AutoRun File - File not found - K:\AUTODESK.INV -- [ NTFS ]
O32 - AutoRun File - [2008/03/22 18:52:38 | 00,000,000 | ---D | M] - N:\AUTODESK -- [ NTFS ]
O33 - MountPoints2\{5c612047-22c2-11de-be3d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5c612047-22c2-11de-be3d-806e6f6e6963}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/07/16 07:21:05 | 00,000,000 | ---- | C] () -- C:\ttk.2
[2009/07/15 09:52:52 | 00,030,887 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\PROS KEY CONFORMATION.pdf
[2009/07/15 07:35:26 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\chris\Desktop\OTL.exe
[2009/07/14 15:15:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\IR DWG MOD
[2009/07/14 09:44:03 | 00,000,000 | ---D | C] -- C:\rsit
[2009/07/14 09:43:06 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\RSIT.exe
[2009/07/13 13:40:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\Desktop\Psi junk
[2009/07/13 13:18:45 | 00,310,784 | ---- | C] () -- C:\Documents and Settings\chris\My Documents\prevx.doc
[2009/07/13 12:20:37 | 00,000,000 | ---D | C] -- C:\Program Files\Prevx
[2009/07/13 12:20:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/07/13 12:20:19 | 00,000,064 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/07 11:24:39 | 04,283,090 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\cs_02_3a5f.pdf
[2009/07/07 07:27:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/07/07 07:26:59 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iertutil.dll
[2009/07/07 07:26:59 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\urlmon.dll
[2009/07/07 07:26:59 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wininet.dll
[2009/07/07 07:25:43 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/07/06 11:52:02 | 00,359,929 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\dds.scr
[2009/07/06 11:48:27 | 00,001,788 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\HijackThis.lnk
[2009/07/06 11:48:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2009/07/06 11:48:12 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\chris\Desktop\HJTInstall.exe
[2009/06/30 15:31:48 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\chris\Desktop\ATF-Cleaner.exe
[2009/06/26 11:48:08 | 00,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/26 11:47:58 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\SysWow64\drivers\ssmdrv.sys
[2009/06/26 11:47:56 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2009/06/26 11:47:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/06/23 13:57:31 | 00,054,690 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\G20911611-00-A2.pdf
[2009/06/23 13:54:19 | 00,067,569 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\8 x 10 in. cutout print.pdf
[2009/06/22 16:26:39 | 10,172,195 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\SST-1056-0026-Hollow Model.zip
[2009/06/22 09:48:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2009/06/19 11:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\chris\My Documents\scan log
[2009/06/19 11:21:21 | 00,000,176 | -H-- | C] () -- C:\aaw7boot.cmd
[2009/06/19 11:05:38 | 00,000,496 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/06/19 11:02:54 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
[2009/06/19 11:02:52 | 00,000,909 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/19 11:02:51 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009/06/19 11:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/06/19 11:02:20 | 37,452,296 | ---- | C] (Lavasoft ) -- C:\Documents and Settings\chris\Desktop\Ad-AwareAE.exe
[2009/06/17 10:49:12 | 00,000,975 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\Spybot - Search & Destroy.lnk
[2009/06/17 10:49:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2009/06/17 10:49:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/06/16 13:42:18 | 00,474,112 | ---- | C] () -- C:\Documents and Settings\chris\Desktop\INNOMAG-1.5X1X6 PUMP.ipt
[2009/04/16 15:34:32 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\null.sys
[2009/04/06 14:30:22 | 00,172,128 | ---- | C] () -- C:\WINDOWS\_isusr32.dll
[2009/04/06 14:30:20 | 00,045,056 | ---- | C] () -- C:\WINDOWS\SysWow64\_isusr2k.dll
[2009/04/06 14:21:48 | 00,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009/04/06 13:22:35 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/01 17:48:57 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/04/01 17:27:03 | 00,204,800 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeW7.dll
[2009/04/01 17:27:03 | 00,200,704 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeA6.dll
[2009/04/01 17:27:03 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeP6.dll
[2009/04/01 17:27:03 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizeM6.dll
[2009/04/01 17:27:03 | 00,188,416 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresizePX.dll
[2009/04/01 17:27:03 | 00,020,480 | ---- | C] () -- C:\WINDOWS\SysWow64\IVIresize.dll
[2009/04/01 17:17:58 | 00,648,234 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2007/03/14 10:53:36 | 00,000,527 | ---- | C] () -- C:\WINDOWS\win.ini
[2007/03/14 02:44:44 | 00,000,150 | ---- | C] () -- C:\WINDOWS\system.ini
[2007/02/18 00:00:00 | 01,277,952 | ---- | C] () -- C:\WINDOWS\SysWow64\quartz.dll
[2007/02/18 00:00:00 | 00,733,696 | ---- | C] () -- C:\WINDOWS\SysWow64\qedwipes.dll
[2007/02/18 00:00:00 | 00,512,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qedit.dll
[2007/02/18 00:00:00 | 00,498,742 | ---- | C] () -- C:\WINDOWS\SysWow64\dxmasf.dll
[2007/02/18 00:00:00 | 00,396,288 | ---- | C] () -- C:\WINDOWS\SysWow64\encdec.dll
[2007/02/18 00:00:00 | 00,385,536 | ---- | C] () -- C:\WINDOWS\SysWow64\qdvd.dll
[2007/02/18 00:00:00 | 00,355,112 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2007/02/18 00:00:00 | 00,279,040 | ---- | C] () -- C:\WINDOWS\SysWow64\qdv.dll
[2007/02/18 00:00:00 | 00,276,992 | ---- | C] () -- C:\WINDOWS\SysWow64\sbe.dll
[2007/02/18 00:00:00 | 00,199,168 | ---- | C] () -- C:\WINDOWS\SysWow64\ir32_32.dll
[2007/02/18 00:00:00 | 00,192,512 | ---- | C] () -- C:\WINDOWS\SysWow64\qcap.dll
[2007/02/18 00:00:00 | 00,114,688 | ---- | C] () -- C:\WINDOWS\SysWow64\msencode.dll
[2007/02/18 00:00:00 | 00,072,704 | ---- | C] () -- C:\WINDOWS\SysWow64\amstream.dll
[2007/02/18 00:00:00 | 00,062,464 | ---- | C] () -- C:\WINDOWS\SysWow64\mciqtz32.dll
[2007/02/18 00:00:00 | 00,061,440 | ---- | C] () -- C:\WINDOWS\SysWow64\devenum.dll
[2007/02/18 00:00:00 | 00,016,896 | ---- | C] () -- C:\WINDOWS\SysWow64\tsd32.dll
[2007/02/18 00:00:00 | 00,014,336 | ---- | C] () -- C:\WINDOWS\SysWow64\msdmo.dll
[2007/02/18 00:00:00 | 00,004,126 | ---- | C] () -- C:\WINDOWS\SysWow64\msdxmlc.dll
[2006/07/21 18:51:08 | 00,040,960 | ---- | C] () -- C:\WINDOWS\SysWow64\spwini.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\SysWow64\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\SysWow64\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/07/16 07:21:05 | 00,000,000 | ---- | M] () -- C:\ttk.2
[2009/07/16 07:21:04 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/16 07:20:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/15 16:56:37 | 00,000,970 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/07/15 11:52:13 | 00,310,784 | ---- | M] () -- C:\Documents and Settings\chris\My Documents\prevx.doc
[2009/07/15 09:52:52 | 00,030,887 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\PROS KEY CONFORMATION.pdf
[2009/07/15 07:35:29 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\chris\Desktop\OTL.exe
[2009/07/14 09:43:10 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\RSIT.exe
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\SysWow64\drivers\mbamswissarmy.sys
[2009/07/13 12:20:32 | 00,000,064 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/07/13 11:05:39 | 00,000,496 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/07/09 17:03:06 | 00,570,368 | ---- | M] () -- C:\Documents and Settings\chris\My Documents\PRICE TABLES.xls
[2009/07/07 11:25:05 | 04,283,090 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\cs_02_3a5f.pdf
[2009/07/06 23:22:03 | 04,797,242 | -H-- | M] () -- C:\Documents and Settings\chris\Local Settings\Application Data\IconCache.db
[2009/07/06 11:52:03 | 00,359,929 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\dds.scr
[2009/07/06 11:48:27 | 00,001,788 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\HijackThis.lnk
[2009/07/06 11:48:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\chris\Desktop\HJTInstall.exe
[2009/06/30 15:31:49 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\chris\Desktop\ATF-Cleaner.exe
[2009/06/29 15:23:22 | 00,129,654 | ---- | M] () -- C:\inv_oktodelete.bmp
[2009/06/26 11:48:08 | 00,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2009/06/23 13:57:31 | 00,054,690 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\G20911611-00-A2.pdf
[2009/06/23 13:54:20 | 00,067,569 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\8 x 10 in. cutout print.pdf
[2009/06/22 16:26:39 | 10,172,195 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\SST-1056-0026-Hollow Model.zip
[2009/06/22 13:59:09 | 00,014,336 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\SKID DRAG SHEET.xls
[2009/06/19 11:21:21 | 00,000,176 | -H-- | M] () -- C:\aaw7boot.cmd
[2009/06/19 11:02:52 | 00,000,909 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/06/19 11:02:24 | 37,452,296 | ---- | M] (Lavasoft ) -- C:\Documents and Settings\chris\Desktop\Ad-AwareAE.exe
[2009/06/19 10:45:03 | 00,648,234 | ---- | M] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2009/06/17 10:49:12 | 00,000,975 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\Spybot - Search & Destroy.lnk
[2009/06/16 14:04:34 | 00,474,112 | ---- | M] () -- C:\Documents and Settings\chris\Desktop\INNOMAG-1.5X1X6 PUMP.ipt
< End of report >





OTL Extras logfile created on: 7/16/2009 7:35:34 AM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Documents and Settings\chris\Desktop
64bit-Windows Server 2003 Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.86 Gb Total Space | 153.87 Gb Free Space | 69.67% Space Free | Partition Type: NTFS
Drive D: | 12.00 Gb Total Space | 5.53 Gb Free Space | 46.08% Space Free | Partition Type: NTFS
Drive E: | 1.89 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive K: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive L: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive N: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS
Drive P: | 698.64 Gb Total Space | 232.35 Gb Free Space | 33.26% Space Free | Partition Type: NTFS

Computer Name: CAD2009
Current User Name: chris
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.inf[@ = inffile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.ini[@ = inifile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.jse[@ = JSEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.txt[@ = txtfile] -- C:\WINDOWS\SysNative\NOTEPAD.EXE File not found
.vbe[@ = VBEFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.vbs[@ = VBSFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsf[@ = WSFFile] -- C:\WINDOWS\SysNative\WScript.exe File not found
.wsh[@ = WSHFile] -- C:\WINDOWS\SysNative\WScript.exe File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.DLL (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINDOWS\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:iexplore (Microsoft Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe:*:Enabled:ProtectionUtilSurrogate (Symantec Corporation)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd (VMware, Inc.)
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\Program Files (x86)\Internet Explorer\iexplore.exe:*:Enabled:iexplore (Microsoft Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe:*:Enabled:ProtectionUtilSurrogate (Symantec Corporation)
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe:*:Enabled:VMware Authd (VMware, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler ()
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service (Symantec Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE:*:Enabled:SNAC64 Service (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email (Symantec Corporation)
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
C:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler ()
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service (Symantec Corporation)
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE:*:Enabled:SNAC64 Service (Symantec Corporation)
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email (Symantec Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{12F5D482-1F43-4708-BCC5-031F10A08949}" = Symantec Endpoint Protection
"{3A7F0D51-79F1-5B9E-6F7B-AB78E7107E4C}" = ccc-utility64
"{4713fdb0-2117-4d26-9e12-bbb11350a47f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{5473360E-2990-4134-A38B-5575A76C8620}" = AOEMView 2009
"{5783F2D6-7028-0409-0100-0060B0CE6BBA}" = DWG TrueView 2009
"{5783F2D7-7005-0409-0102-0060B0CE6BBA}" = AutoCAD Mechanical 2009
"{6138195A-00DD-47DC-A447-B352E67E2B75}" = Autodesk Autoloader 2009
"{78F697ED-EC97-4D8D-881D-838984EA9855}" = 64 Bit HP CIO Components Installer
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{7F4DD591-1300-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2009
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{84B00C24-0F99-4183-B3EE-C6262ADC0951}" = Autodesk Vault 2009 (64-bit add-ins)
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{ADBA9020-D053-34F5-4B85-32335C368EC4}" = ccc-utility64
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1C39417-68D4-4D75-BC86-31587EF72973}" = 3Dconnexion 3DxWare (x64)
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{E86AA946-5CE2-4C21-B660-D2C186B6FDB3}" = Broadcom Management Programs
"{F0B36BD4-E562-4EB6-9164-E364B99DD2A7}" = ATI FireGLMax64
"AOEMView 2009" = AOEMView 2009
"ATI Display Driver" = ATI Display Driver
"AutoCAD Mechanical 2009" = AutoCAD Mechanical 2009
"AutoCAD Mechanical 2009 SP2" = AutoCAD Mechanical 2009 x64 SP2
"Autodesk Autoloader 2009" = Autodesk Autoloader 2009
"Autodesk Inventor Professional 2009" = Autodesk Inventor Professional 2009
"Autodesk Inventor Professional 2009 SP1" = Autodesk Inventor Professional 2009 SP1
"Autodesk Inventor Professional 2009 SP2" = Autodesk Inventor Professional 2009 SP2
"Autodesk Vault 2009 (64-bit add-ins)" = Autodesk Vault 2009 (64-bit add-ins)
"DWG TrueView 2009" = DWG TrueView 2009
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows x64
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PCSI" = Prevx 3.0
"pdfFactory" = pdfFactory
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11-64" = Windows Media Format 11 runtime
"WMFDist64" = Windows Media Format 9.5 Runtime x64 Edition
"wmp11-64" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01B8B4B2-8B7C-4E2C-AB80-BBF1225DCA42}" = Catalyst Control Center - Branding
"{03B1A680-CE88-15D5-CB58-652EB5C09479}" = CCC Help Spanish
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = CCC
"{060552FC-C6C3-64BC-2AA8-5731D9572D5F}" = CCC Help Korean
"{0613356D-D155-A641-660B-7494C7624F70}" = Catalyst Control Center Localization Czech
"{07CACA47-71A8-906E-CACB-B81D88439DD1}" = Catalyst Control Center Localization Greek
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0B8292E6-2A32-4826-832F-50DF06C337F5}" = CCC Help French
"{0E5AC936-E143-CB20-DD86-EFE48211307F}" = Catalyst Control Center Localization Italian
"{130F339A-7B82-8CC7-EF05-314F6F787734}" = Catalyst Control Center Localization Norwegian
"{1335CB3B-0E71-9300-BF62-6CFF07E169F8}" = CCC Help Chinese Standard
"{14337C41-22D6-49A3-1A85-523C342BB33A}" = CCC Help German
"{147EA40B-74B0-E735-419E-EF92FCFFE1CB}" = CCC Help Polish
"{1B21E7B8-FB5E-985F-67E3-2783225B7E35}" = CCC Help Czech
"{1B743E5E-EA6B-367B-89D3-0607D7DD2DDB}" = CCC Help Turkish
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2417316D-91A1-4A2C-8D18-B59C8FCD5C21}" = CCC Help Danish
"{25C45D00-7402-A152-BA07-B6CA93D98D4F}" = CCC Help Swedish
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2816306C-C75A-8838-13C5-EFA7F406CEBF}" = CCC Help Italian
"{2876D8D6-862C-AB53-5B76-451D52EF1301}" = Catalyst Control Center Graphics Full Existing
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2DC4A98F-D314-834D-1CE2-EC3D3F352EE8}" = Catalyst Control Center Localization Chinese Standard
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{31D5048E-A4DE-40C6-21C7-1C319C21FA17}" = CCC Help Hungarian
"{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
"{37C1053C-9195-9BA6-7744-E6F05A79F9C0}" = CCC Help Czech
"{38F2C4C8-BCC0-7CF2-107D-ACD78F43FBB2}" = Catalyst Control Center Localization Finnish
"{3B754B99-B542-39A2-272D-B74F0B2DA22B}" = Catalyst Control Center Localization Russian
"{3D6908BA-F5EC-A26C-F4AA-AAFF03DC16EE}" = CCC Help Portuguese
"{3F6FC7DA-0193-FEB2-F9B2-356F8BC3588B}" = CCC Help Chinese Traditional
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup and Recovery Manager
"{4293FC36-C69D-639C-750B-5374AE0A569D}" = Catalyst Control Center Localization Spanish
"{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009
"{4DF9165A-F857-26D3-28C4-7473B5F305A4}" = CCC Help Russian
"{517F2606-1DAE-3A34-7981-0A2D14D62742}" = CCC Help Hungarian
"{51C777EC-31C9-2EF9-CA42-7C1479DE8620}" = ccc-core-preinstall
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5555B698-CCA6-51AB-7C61-D3C675162F48}" = CCC Help Finnish
"{56D55760-3007-831F-68B9-9A4E6CA9CC99}" = CCC Help English
"{58579F8F-BFC0-AF36-872C-6F9E16BAB444}" = ccc-core-preinstall
"{5CCD47C7-A3D8-90F8-0DBB-93AE1AAA2A2E}" = Catalyst Control Center Localization Swedish
"{63B8D001-0937-3663-2D3E-6D88A4714FF6}" = Skins
"{63DE9342-BA4B-3109-0DDE-F145B536E38E}" = CCC Help Chinese Traditional
"{655FB1C0-CE98-C69A-1451-F5E1C8DE22B8}" = CCC Help Spanish
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6B46D6C3-545C-2E91-5048-56F3F1A0BE68}" = CCC Help Finnish
"{723E55C1-CCCC-1781-E5C7-CB41A1741F18}" = Catalyst Control Center Localization Danish
"{7264DD4C-DBED-C2D6-6208-2FE4BB30F4BC}" = CCC Help Turkish
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{772B762B-7DDF-6713-8F48-5357E09A0E2A}" = Catalyst Control Center Localization Portuguese
"{779F5BB0-E9E5-A800-C903-5303825D7BC8}" = Skins
"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06
"{88FFE91D-9CBB-1350-24A2-9499D046EDF5}" = CCC Help Japanese
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0ABE0D-A2C8-F435-ED93-16852B4D440C}" = CCC Help Dutch
"{8AD7747D-4C50-2CF3-8382-9E111B488BF6}" = Catalyst Control Center Graphics Light
"{8B86E89D-5D33-1A8C-29A0-59E31AF53A71}" = Catalyst Control Center Graphics Light
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90A803B7-2356-438E-4812-2EA989F932E3}" = CCC Help Polish
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9334739F-51CE-A3FD-DC7B-2584819639CD}" = CCC Help Japanese
"{948E4C36-55EF-B07F-22F0-8D5160859F9A}" = CCC Help Norwegian
"{958B0CA7-E532-675C-5E21-23711DAF19FA}" = Catalyst Control Center Localization All
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BEB5D8D-CAC9-6146-BDB9-F7C3C14D5C5D}" = Catalyst Control Center Graphics Full New
"{A0575C25-BD48-9EA4-4E10-CB642BBE6A1D}" = CCC Help Swedish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A32BBB98-D4B5-3CC5-FF5A-0DFA8A9C5C83}" = Catalyst Control Center Localization Japanese
"{A3BDAB0B-0820-9643-9983-49D43C930686}" = CCC Help Portuguese
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A5BE61C7-E5E6-1C9B-657D-DC6652B1B0D6}" = Catalyst Control Center Core Implementation
"{A6796D0D-3816-35C8-6740-5B084711B0F6}" = ccc-core-preinstall
"{A813EAE1-76C4-3CD2-F732-DD709EA1FB9C}" = Catalyst Control Center Core Implementation
"{ABD251D5-B9EC-961F-59F8-471AB89CDA58}" = Catalyst Control Center Localization Korean
"{ac474156-361a-4a7b-8b6e-977781b92565}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AC9AD2E3-D22C-F449-8E43-5A96034C8230}" = Catalyst Control Center Graphics Full New
"{B015EFFB-A0C5-FCE7-28CD-FF8876C8F605}" = Catalyst Control Center Localization Thai
"{B1171FBD-BC6D-B6F9-4E9E-B7A5120AB792}" = Catalyst Control Center HydraVision Full
"{B2974F75-D989-4454-05CB-587B2AEBED86}" = Catalyst Control Center Localization French
"{B4013E5D-C833-4C8D-A942-AD7BBDFD9389}" = Autodesk Vault 2009 (Client)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53D4959-F0BF-3D15-8DC7-A839906C3CCE}" = CCC Help Greek
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B75B384A-C316-4C4B-9567-E40250D0B5D5}" = 3Dconnexion Plug-In for Acrobat
"{BB9FF67B-1A16-491B-81C5-272B145FEAB7}" = Autodesk Data Management Server 2009
"{BE8019C6-F3AB-634F-510A-8C907BFF1144}" = CCC Help French
"{C2725D84-AF44-4EA7-AD2F-3C2BF484F540}" = HP Performance Tuning Framework
"{C2E6C5DB-A8AA-3215-FB6E-871461FB2530}" = Catalyst Control Center Localization Polish
"{C4AB1C47-6C61-07D0-2427-9586219AD932}" = CCC Help Russian
"{C7A21B1F-24E0-5BC2-C1DA-D086310CD8E1}" = Catalyst Control Center Graphics Full Existing
"{C862EFB2-C838-1E4B-CF4B-26E23620FF36}" = CCC Help Italian
"{CAE9A614-FBA8-52B1-4566-9D45BBE8EB39}" = Catalyst Control Center Localization Dutch
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB835057-5F89-6CE3-4011-554F49BA8967}" = CCC Help Danish
"{CBBCD044-B406-4C41-A3DD-99DE6F0004D2}" = ATI Hydravision APS
"{CBC919CD-C8DD-8851-06B7-2E0D5F8E59AE}" = CCC Help English
"{CC5A20B9-D3CF-E992-91BA-FCCBA6B2D8DD}" = CCC Help Thai
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CFD193BB-FC6A-68E2-0647-13A7B1DE83B3}" = Catalyst Control Center Localization Chinese Traditional
"{D26BC6C3-0735-82EC-11BE-325322F4ADED}" = Catalyst Control Center Localization Turkish
"{D36F6D14-EA35-011B-AB6D-4282BA31D2C9}" = Catalyst Control Center Graphics Previews Common
"{D3B8A9AA-D6F0-436E-AD3C-EFC33FB3C1FD}" = Catalyst Control Center Localization German
"{D6640090-91E0-2BF5-DD0A-8E49EDE8D75D}" = ccc-core-static
"{D934C35A-A826-2F9F-9562-28CA5AEE2AF4}" = CCC Help Greek
"{DCB62F30-86CB-5AB2-4CC7-6C9F7D4C7FB8}" = CCC Help Korean
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF703A4B-50F6-8CB4-9254-C369B5F07CF3}" = CCC Help Dutch
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4AA5CE1-B93A-183F-2B1E-A40C76C07A10}" = CCC Help Chinese Standard
"{E9F717C3-6C1B-6BB8-75DA-47D5D232F9E2}" = CCC Help Thai
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EFF4A973-5F73-7AD2-F9EF-0E54758C26AA}" = Catalyst Control Center Localization Hungarian
"{F0B36BD4-E562-4EB6-9164-E364B99DD2A7}" = ATI FireGLMax64
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8B95EAB-3FA4-D449-F61F-18886F40878F}" = CCC Help German
"{FA07B688-E89E-212C-4F8B-BA05B1A967C6}" = CCC Help Norwegian
"{FCCDE84B-0154-459E-A8F2-C6B3FA5C1881}" = HydraVision
"ActiveTouchMeetingClient" = WebEx
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Software Uninstall Utility
"Autodesk Data Management Server 2009" = Autodesk Data Management Server 2009
"Autodesk Design Review 2009" = Autodesk Design Review 2009
"Autodesk Vault 2009 (Client)" = Autodesk Vault 2009 (Client)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"HijackThis" = HijackThis 2.0.2
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MDSolids_3.5" = MDSolids 3.5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"SHARP AR-280 300 350 450 Series PCL Printer Driver" = SHARP AR-280/300/310/350/420/450 DM-3500/4500 Series PCL Printer Driver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/13/2009 8:28:12 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine that describes
the reason for this.

Error - 7/13/2009 8:28:33 AM | Computer Name = CAD2009 | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Unable to connect to the remote server

Error - 7/13/2009 6:12:20 PM | Computer Name = CAD2009 | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 11.0.8307.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2009 5:47:11 PM | Computer Name = CAD2009 | Source = Application Hang | ID = 1002
Description = Hanging application vmware.exe, version 6.5.2.7026, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/15/2009 8:26:56 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1006
Description = Windows cannot bind to fureyfp1.fureyfp.com domain. (Local Error).
Group Policy processing aborted.

Error - 7/15/2009 8:26:56 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine that describes
the reason for this.

Error - 7/15/2009 8:27:12 AM | Computer Name = CAD2009 | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Unable to connect to the remote server

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1006
Description = Windows cannot bind to fureyfp1.fureyfp.com domain. (Local Error).
Group Policy processing aborted.

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Userenv | ID = 1030
Description = Windows cannot query for the list of Group Policy objects. Check the
event log for possible messages previously logged by the policy engine that describes
the reason for this.

Error - 7/16/2009 8:24:03 AM | Computer Name = CAD2009 | Source = Autodesk Data Management Job Dispatch | ID = 0
Description = JobService.GetAllJobs() failure Unable to connect to the remote server

[ System Events ]
Error - 7/15/2009 8:25:16 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/15/2009 8:25:16 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/15/2009 8:26:57 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7022
Description = The Autodesk EDM Server service hung on starting.

Error - 7/15/2009 8:26:57 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 7/16/2009 8:21:05 AM | Computer Name = CAD2009 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/16/2009 8:21:05 AM | Computer Name = CAD2009 | Source = Application Popup | ID = 1060
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been
blocked from loading due to incompatibility with this system. Please contact your
software vendor for a compatible version of the driver.

Error - 7/16/2009 8:22:15 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/16/2009 8:22:15 AM | Computer Name = CAD2009 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7022
Description = The Autodesk EDM Server service hung on starting.

Error - 7/16/2009 8:23:47 AM | Computer Name = CAD2009 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 PM

Posted 16 July 2009 - 11:16 AM

Hi again,

Let's run OTL again.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (C:\WINDOWS\SysWow64\sdfgerfgf3f.dll) - {E2BA40A2-74F3-42BD-F434-2604812C8953} - C:\WINDOWS\SysWow64\sdfgerfgf3f.dll
    O22 - SharedTaskScheduler: {E2BA40A2-74F3-42BD-F434-2604812C8953} - sdfg54y54yhhgth6w4efvrg - C:\WINDOWS\SysWow64\sdfgerfgf3f.dll
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

Get update 9.1.2 for Adobe Reader here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleanerİ by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Run a full scan with Malwarebytes' Anti-Malware (update its definitions first) and post back its report too.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 terrors42

terrors42
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 20 July 2009 - 02:48 PM

sorry for the delay, I haven't had any detections show up again until now so I will do the repair.

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 PM

Posted 20 July 2009 - 04:25 PM

Sorry, but I didn't quite get that. What did you mean with "I will do the repair"? To follow instructions I posted above?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 terrors42

terrors42
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 20 July 2009 - 05:00 PM

I will run the fix you posted.

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 PM

Posted 21 July 2009 - 02:04 AM

Ok. Shall wait for your input :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 terrors42

terrors42
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 21 July 2009 - 07:30 AM

ok so I attempted running the fix with OTL, but it gets locked up or something. I allowed the program to run for 12 hrs but still unresponsive It looks like it is stuck on the O2 command line judging from the output on the command window. Is there possible software that I should disable that might be causing this??

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 PM

Posted 21 July 2009 - 02:53 PM

Hi,

Did you have any protection program running on background? Those should be disabled while running the tool. If it still doesn't work attempt to run the fix in safe mode.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 terrors42

terrors42
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 22 July 2009 - 07:35 AM

ok the program is still unresponsive. In won't run even in safe mode. I did notice that symantec end point protection was geeking out in safe mode and wouldn't fully deactivate. Could Symantec be the issue, and is it something I will have to uninstall to make this work?

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:08:42 PM

Posted 22 July 2009 - 04:05 PM

Hi,

Was Antivir disabled? You have currently both Antivir and Symantec End point protection installed. It's recommended to uninstall one of these. Each system should have one antivirus product installed only.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 terrors42

terrors42
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 23 July 2009 - 12:12 PM

Still no luck. I have uninstalled Antivir but the OTL is still locking up.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users