Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV Security Suite -- am I rid of it?


  • This topic is locked This topic is locked
26 replies to this topic

#1 NASATimp

NASATimp

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 01 July 2010 - 02:23 PM

I recently was infected with the *very annoying* AV Security Suite. My computer was immediately taken off the network and after using rkill.exe, SUPERAntiSpyware, and Malwarebytes as per the instructions on this site, I don't see any symptoms anymore (and scans come up clear).

However, I know these viruses are very persistent and I wanted to get some logs up to get expert advice on whether I was really free of the infection (and thus safe to reconnect to the network) or not.

I've followed the instructions in the Preparation Guide diligently, turning off CD Emulation, etc. and run DDS successfully. I'm stuck on the step where I run GMER. For three days in a row now I've started the program in the morning and watched it hum away happily all day, and keep going into the night. I've been around it and watched it run (not continuously watched it, but periodically) for at least 12 hours. However, when I leave for the night and come back in the morning, the program has invariably hung and the computer crashed. I have no idea if that's due to the fact that my computer just isn't very fast, that I have a lot of disk space to cover (228 GB main drive--also a 1.36 TB second drive but of course I followed instructions and only have GMER attempting to scan the C: drive, NOT the second drive too), or what.

So, I'm posting the DDS log and attachment here and hoping that someone can help me based on that or give me some advice on getting GMER to complete its long, long scan without crashing.

Thank you in advance!!



DDS (Ver_10-03-17.01) - NTFSx86
Run by Stuart at 17:39:27.93 on Wed 06/30/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.469 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nicitdl5.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nipalsm.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\F-Secure\Ssh\fssshaa.exe
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMJB.EXE
C:\Documents and Settings\Stuart\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://news.google.com/news?ned=es
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\googleafe\GoogleAE.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\1.0.720.3640\GoogleToolbarNotifier.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_01\bin\jusched.exe"
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [MimBoot] c:\progra~1\musicm~1\musicm~3\mimboot.exe
mRun: [dbservices] scm -Silent 1 -Action 1 -Service mssqlserver
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\f-secu~1.lnk - c:\program files\f-secure\ssh\fssshaa.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\stuart\applic~1\mozilla\firefox\profiles\11lxfpq3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\stuart\application data\mozilla\firefox\profiles\11lxfpq3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\stuart\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]
R2 gpib420;GPIB Analyzer;c:\windows\system32\drivers\gpib420.sys [2005-7-18 31334]
R2 GpibPrtK;Gpib Port;c:\windows\system32\drivers\GpibPrtK.sys [2005-7-18 199783]
R2 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.dll [2005-7-27 10829]
R2 NICitadel5Service;National Instruments Citadel;c:\windows\system32\nicitdl5.exe [2005-10-14 1150976]
R2 nidevldu;nidevldu;system32\nipalsm.exe --> system32\nipalsm.exe [?]
R2 nidimk;nidimk;c:\windows\system32\drivers\nidimk.dll [2005-9-28 141824]
R2 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfk.dll [2005-10-13 166912]
R2 niemrk;niemrk;c:\windows\system32\drivers\niemrk.dll [2005-10-7 346624]
R2 nifslk;nifslk;c:\windows\system32\drivers\nifslk.dll [2005-10-6 35328]
R2 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpk.dll [2005-10-6 19456]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmk.dll [2005-9-21 55296]
R2 niswdk;niswdk;c:\windows\system32\drivers\niswdk.dll [2005-10-8 476160]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-8-14 14976]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]
R2 usb6xxxk;usb6xxxk;c:\windows\system32\drivers\usb6xxxk.dll [2005-10-7 19968]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-28 102448]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100625.002\naveng.sys [2010-6-25 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100625.002\navex15.sys [2010-6-25 1347504]
R3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrk.dll [2005-10-6 170496]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2k.dll [2005-9-28 231936]
R3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrk.dll [2005-10-6 131072]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstsk.dll [2005-10-6 51200]
R3 niscdk;niscdk;c:\windows\system32\drivers\niscdk.dll [2005-10-6 497664]
R3 nissrk;nissrk;c:\windows\system32\drivers\nissrk.dll [2005-10-7 1058304]
R3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2k.dll [2005-10-6 163328]
R3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrk.dll [2005-10-10 110080]
R3 nitiork;nitiork;c:\windows\system32\drivers\nitiork.dll [2005-10-7 692736]
S2 EZUSB;AnchorChips General Purpose USB Driver (ezusb.sys);c:\windows\system32\drivers\ezusb.sys [2010-4-16 17424]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsark.dll [2005-10-6 714752]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrk.dll [2005-10-7 489984]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [2005-10-6 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [2005-10-6 151683]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigk.dll [2005-10-7 233472]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftk.dll [2005-10-6 163328]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdk.dll [2005-10-6 42496]
S3 NiViFWK;NI-VISA FireWire Driver;c:\windows\system32\drivers\NiViFWK.sys [2005-10-12 8704]
S3 NiViPciK;NI-VISA PCI Driver;c:\windows\system32\drivers\NiViPciK.sys [2005-10-12 37376]
S3 NiViPxiK;NI-VISA PXI Driver;c:\windows\system32\drivers\NiViPxiK.sys [2005-10-12 10752]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrk.dll [2005-10-7 422400]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrk.dll [2005-10-7 926720]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

=============== Created Last 30 ================

2010-06-30 04:04:36 0 ----a-w- c:\documents and settings\stuart\defogger_reenable
2010-06-29 21:01:34 165 ----a-w- c:\windows\system32\spupdsvc.inf
2010-06-29 20:52:00 126976 ------w- c:\windows\system32\dllcache\ftpsvc2.dll
2010-06-29 20:51:38 135168 ------w- c:\windows\system32\dllcache\shsvcs.dll
2010-06-29 20:51:18 268288 ------w- c:\windows\system32\dllcache\httpext.dll
2010-06-29 20:50:39 74752 ------w- c:\windows\system32\dllcache\msw3prt.dll
2010-06-29 20:50:39 104960 ------w- c:\windows\system32\dllcache\win32spl.dll
2010-06-29 20:49:25 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-06-29 19:52:45 53248 ----a-w- c:\windows\system32\SSUBTMR6.DLL
2010-06-29 19:52:45 10752 ----a-w- c:\windows\system32\aamd532.dll
2010-06-29 09:13:41 0 d-----w- c:\docume~1\stuart\applic~1\SUPERAntiSpyware.com
2010-06-29 09:13:41 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-06-29 09:13:34 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-28 11:25:42 54016 ----a-w- c:\windows\system32\drivers\knqsdp.sys
2010-06-28 08:20:00 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-06-28 06:26:17 0 d-----w- c:\docume~1\stuart\applic~1\Malwarebytes
2010-06-28 06:26:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-28 06:26:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-28 06:18:43 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-28 06:18:22 0 d-----w- c:\program files\Screen Calipers 2.1
2010-06-28 01:14:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-28 01:14:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 10:06:06 210520 ----a-w- c:\windows\Screen Calipers Uninstaller.exe.bak
2010-06-27 10:04:45 90886 ----a-w- c:\windows\Screen Calipers Uninstaller.exe
2010-06-27 10:04:43 0 d-----w- c:\program files\Screen Calipers 4.0
2010-06-27 10:04:09 210004 ----a-w- c:\windows\Screen Protractor Uninstaller.exe
2010-06-27 10:04:07 0 d-----w- c:\docume~1\stuart\applic~1\Iconico
2010-06-27 10:04:05 0 d-----w- c:\program files\Screen Protractor 4.0
2010-06-25 08:34:18 0 d-----w- c:\docume~1\stuart\applic~1\Design Science
2010-06-25 08:32:01 0 d-----w- c:\program files\MathType

==================== Find3M ====================

2010-05-04 12:39:27 70656 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-04 12:39:27 13824 ------w- c:\windows\system32\dllcache\ieudinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-16 11:43:25 634656 ------w- c:\windows\system32\dllcache\iexplore.exe
2010-04-16 11:43:23 161792 ------w- c:\windows\system32\dllcache\ieakui.dll
2010-04-03 11:27:44 2334720 ------w- c:\windows\system32\dllcache\WMVCore.dll
2006-12-27 22:44:02 152 --sh--r- c:\windows\system32\38006E16D8.sys
2006-12-27 22:44:04 6686 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-04-21 10:08:50 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009042120090422\index.dat

============= FINISH: 17:41:19.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 05 July 2010 - 12:10 PM

Hi NASATimp,

Welcome to Bleeping Computer!

My name is mpascal, and I will be helping you fix your problem.

Before we begin, I would like give a few guidelines so that we can fix your problem as quickly and efficiently as possible:
  • Be sure to follow all my instructions carefully! If there is anything you don't understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.
  • Don't attach any logs unless asked. Posting them in the forums will make them easier to analyze.
  • If you are unsure of how to reply, or need help with anything regarding the website, please look here.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

STEP 1 - MBAM

Note: In the event that you already have MBAM installed, you do not need to reinstall it. Simply Updating it and doing a Quickscan is sufficient.

Please download Malwarebytes Anti-Malware (v1.44) and save it to your desktop.MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
    For instructions with screenshots, please refer to the How to use Malwarebytes' Anti-Malware Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 2 - GMER

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

STEP 3 - OTL

Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • In the Custom Scans box, copy and paste the following:
    CODE
    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of the files, and post it with your next reply.
STEP 4 - Reply

Please reply with the following logs:
  • MBAM Log
  • GMER Log
  • OTL Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#3 NASATimp

NASATimp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 09 July 2010 - 02:30 PM

GMER has crashed Every. Single. Time. that I've attempted to run it.

That makes 8 times now (including the 3 attempts I mentioned in my initial post), of which 3 were in safe mode and all of them had "IAT/EAT", 'Devices', and "Show all" UNchecked as per the instructions.

It takes roughly an overnight to do each scan, so that is why I have taken so long to get back to you.

The symptoms are that in Safe Mode, GMER runs and eventually causes a BSOD. In normal boot, GMER runs for awhile and then just hangs.

This morning I came back to find that GMER had apparently completed its scan, but when I clicked "Save" the program promptly hung "(Not Responding)".

Any advice on how to get this to work...??

#4 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 10 July 2010 - 01:50 AM

Hi there,

Try running it with Sections and Files checked. If that gives you problems, let me know and we'll look at other options. smile.gif

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#5 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 25 July 2010 - 12:12 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#6 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 25 July 2010 - 04:12 PM

Hi there,

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#7 NASATimp

NASATimp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 25 July 2010 - 04:13 PM

Thank you for re-opening this topic! I appreciate it. :-)

#8 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 25 July 2010 - 04:52 PM

No problem. smile.gif

Just follow the instructions above and hopefully we'll be able to get this fixed.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#9 NASATimp

NASATimp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 26 July 2010 - 08:01 PM

Hi,

I did *finally* get GMER to run and not crash with "Sections" and "Files" unchecked in addition to the originally-specified unchecked items. I then did OTL as per the instructions. So, I am pasting the following logs into this post:

# MBAM Log
# GMER Log
# OTL Log

Please let me know if you'd like me to proceed with ComboFix anyway! Thanks!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4252

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

7/5/2010 6:09:45 PM
mbam-log-2010-07-05 (18-09-45).txt

Scan type: Quick scan
Objects scanned: 168735
Time elapsed: 11 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-26 13:01:15
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Stuart\LOCALS~1\Temp\uwrdypod.sys


---- System - GMER 1.0.15 ----

SSDT 86555600 ZwAlertResumeThread
SSDT 86531828 ZwAlertThread
SSDT 86699D00 ZwAllocateVirtualMemory
SSDT 865070C8 ZwConnectPort
SSDT 85F583B8 ZwCreateMutant
SSDT 8662EB40 ZwCreateThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xF02A5350]
SSDT 8653D1C8 ZwFreeVirtualMemory
SSDT 8653B958 ZwImpersonateAnonymousToken
SSDT 865242B0 ZwImpersonateThread
SSDT 8667F7B8 ZwMapViewOfSection
SSDT 866B7440 ZwOpenEvent
SSDT 8653D428 ZwOpenProcessToken
SSDT 86552AE8 ZwOpenThreadToken
SSDT 86691C30 ZwQueryValueKey
SSDT 864445F0 ZwResumeThread
SSDT 865528A0 ZwSetContextThread
SSDT 865500B0 ZwSetInformationProcess
SSDT 85F4C3B8 ZwSetInformationThread
SSDT \??\C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xF02A5580]
SSDT 865835D8 ZwSuspendProcess
SSDT 85F4F3B8 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEB3A6620]
SSDT 85EDD3B8 ZwTerminateThread
SSDT 86550188 ZwUnmapViewOfSection
SSDT 8662CA80 ZwWriteVirtualMemory

---- EOF - GMER 1.0.15 ----


OTL logfile created on: 7/26/2010 5:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Stuart\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 572.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 72.14 Gb Free Space | 31.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1397.26 Gb Total Space | 952.62 Gb Free Space | 68.18% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 5.40 Gb Free Space | 72.27% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STALKER
Current User Name: Stuart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Stuart\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe ()
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
PRC - C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments, Inc.)
PRC - C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\nicitdl5.exe (National Instruments, Inc.)
PRC - C:\WINDOWS\system32\nisvcloc.exe (National Instruments Corp.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
PRC - C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmjb.exe (Musicmatch, Inc.)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mim.exe (Musicmatch, Inc.)
PRC - C:\Program Files\MUSICMATCH\Musicmatch Jukebox\MMDiag.exe (Musicmatch, Inc.)
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
PRC - C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Stuart\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (SavRoam) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (ELService) -- C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology\ELService.exe (Intel Corporation)
SRV - (NITaggerService) -- C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe (National Instruments, Inc.)
SRV - (NIDomainService) -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe (National Instruments, Inc.)
SRV - (lkTimeSync) -- C:\WINDOWS\system32\lktsrv.exe (National Instruments, Inc.)
SRV - (lkClassAds) -- C:\WINDOWS\system32\lkads.exe (National Instruments, Inc.)
SRV - (NILM License Manager) -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe (Macrovision Corporation)
SRV - (NICitadel5Service) -- C:\WINDOWS\system32\nicitdl5.exe (National Instruments, Inc.)
SRV - (niSvcLoc) -- C:\WINDOWS\System32\nisvcloc.exe (National Instruments Corp.)
SRV - (mxssvr) -- C:\Program Files\National Instruments\MAX\nimxs.exe (National Instruments Corporation)
SRV - (nipxirmu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
SRV - (nidevldu) -- C:\WINDOWS\system32\nipalsm.exe (National Instruments Corporation)
SRV - (LkCitadelServer) -- C:\WINDOWS\system32\lkcitdl.exe (National Instruments, Inc.)
SRV - (IAANTMon) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys File not found
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100625.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100625.002\NAVENG.SYS (Symantec Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (FTSER2K) -- C:\WINDOWS\system32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (FTDIBUS) -- C:\WINDOWS\system32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (ELhid) -- C:\WINDOWS\system32\drivers\ELhid.sys (Intel Corporation)
DRV - (ELmon) -- C:\WINDOWS\system32\drivers\ELmon.sys (Intel Corporation)
DRV - (ELkbd) -- C:\WINDOWS\system32\drivers\ELkbd.sys (Intel Corporation)
DRV - (ELmou) -- C:\WINDOWS\system32\drivers\ELmou.sys (Intel Corporation)
DRV - (ELacpi) -- C:\WINDOWS\system32\drivers\ELacpi.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nidmxfk) -- C:\WINDOWS\system32\drivers\nidmxfk.dll (National Instruments Corporation)
DRV - (NiViFWK) -- C:\WINDOWS\system32\drivers\NiViFWK.sys (National Instruments Corporation)
DRV - (NiViPxiK) -- C:\WINDOWS\system32\drivers\NiViPxiK.sys (National Instruments Corporation)
DRV - (NiViPciK) -- C:\WINDOWS\system32\drivers\NiViPciK.sys (National Instruments Corporation)
DRV - (nistcrk) -- C:\WINDOWS\system32\drivers\nistcrk.dll (National Instruments Corporation)
DRV - (niswdk) -- C:\WINDOWS\system32\drivers\niswdk.dll (National Instruments Corporation)
DRV - (nitiork) -- C:\WINDOWS\system32\drivers\nitiork.dll (National Instruments Corporation)
DRV - (nixsrk) -- C:\WINDOWS\system32\drivers\nixsrk.dll (National Instruments Corporation)
DRV - (niwfrk) -- C:\WINDOWS\system32\drivers\niwfrk.dll (National Instruments Corporation)
DRV - (nissrk) -- C:\WINDOWS\system32\drivers\nissrk.dll (National Instruments Corporation)
DRV - (niesrk) -- C:\WINDOWS\system32\drivers\niesrk.dll (National Instruments Corporation)
DRV - (niemrk) -- C:\WINDOWS\system32\drivers\niemrk.dll (National Instruments Corporation)
DRV - (usb6xxxk) -- C:\WINDOWS\system32\drivers\usb6xxxk.dll (National Instruments Corporation)
DRV - (nisdigk) -- C:\WINDOWS\system32\drivers\nisdigk.dll (National Instruments Corporation)
DRV - (niorbk) -- C:\WINDOWS\system32\drivers\niorbk.dll (National Instruments Corporation)
DRV - (nimxpk) -- C:\WINDOWS\system32\drivers\nimxpk.dll (National Instruments Corporation)
DRV - (nimstsk) -- C:\WINDOWS\system32\drivers\nimstsk.dll (National Instruments Corporation)
DRV - (nimsdrk) -- C:\WINDOWS\system32\drivers\nimsdrk.dll (National Instruments Corporation)
DRV - (nidsark) -- C:\WINDOWS\system32\drivers\nidsark.dll (National Instruments Corporation)
DRV - (nispdk) -- C:\WINDOWS\system32\drivers\nispdk.dll ()
DRV - (niscdk) -- C:\WINDOWS\system32\drivers\niscdk.dll (National Instruments Corporation)
DRV - (nistc2k) -- C:\WINDOWS\system32\drivers\nistc2k.dll (National Instruments Corporation)
DRV - (nicdrk) -- C:\WINDOWS\system32\drivers\nicdrk.dll (National Instruments Corporation)
DRV - (nisftk) -- C:\WINDOWS\system32\drivers\nisftk.dll (National Instruments Corporation)
DRV - (nifslk) -- C:\WINDOWS\system32\drivers\nifslk.dll (National Instruments Corporation)
DRV - (nimsrlk) -- C:\WINDOWS\system32\drivers\nimsrlk.dll (National Instruments Corporation)
DRV - (nimslk) -- C:\WINDOWS\system32\drivers\nimslk.dll (National Instruments Corporation)
DRV - (nimru2k) -- C:\WINDOWS\system32\drivers\nimru2k.dll (National Instruments Corporation)
DRV - (nidimk) -- C:\WINDOWS\system32\drivers\nidimk.dll (National Instruments Corporation)
DRV - (nimxdfk) -- C:\WINDOWS\system32\drivers\nimxdfk.dll (National Instruments Corporation)
DRV - (nimdbgk) -- C:\WINDOWS\system32\drivers\nimdbgk.dll (National Instruments Corporation)
DRV - (NIPALK) -- C:\WINDOWS\System32\drivers\nipalk.sys (National Instruments Corporation)
DRV - (nipxirmk) -- C:\WINDOWS\system32\drivers\nipxirmk.dll (National Instruments Corporation)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (EZUSB) AnchorChips General Purpose USB Driver (ezusb.sys) -- C:\WINDOWS\system32\drivers\ezusb.sys (anchor chips)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (lvalarmk) -- C:\WINDOWS\system32\drivers\lvalarmk.dll (National Instruments)
DRV - (gpib420) -- C:\WINDOWS\system32\drivers\gpib420.sys (National Instruments Corporation)
DRV - (GpibPrtK) -- C:\WINDOWS\system32\drivers\GpibPrtK.sys (National Instruments Corporation)
DRV - (iastor) -- C:\WINDOWS\system32\drivers\iastor.sys (Intel Corporation)
DRV - (cvintdrv) -- C:\WINDOWS\System32\drivers\cvintdrv.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (SBKUPNT) -- C:\WINDOWS\system32\drivers\SBKUPNT.SYS ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/news?ned=es
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/24 11:31:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/24 11:31:02 | 000,000,000 | ---D | M]

[2009/01/15 22:31:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Extensions
[2010/06/27 17:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\11lxfpq3.default\extensions
[2010/05/03 14:37:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\11lxfpq3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/03 14:37:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\11lxfpq3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/16 16:42:55 | 000,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\11lxfpq3.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009/08/27 17:31:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stuart\Application Data\Mozilla\Firefox\Profiles\11lxfpq3.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}-trash
[2010/06/27 17:21:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/12/29 20:17:44 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/07/17 01:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2004/08/10 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe (Corel, Inc.)
O4 - HKLM..\Run: [dbservices] File not found
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [MimBoot] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mimboot.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\F-Secure SSH Authentication Agent.lnk = C:\Program Files\F-Secure\Ssh\fssshaa.exe (F-Secure Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll (BitComet)
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/3/9...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Stuart\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stuart\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 05:26:23 | 000,000,309 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 30 Days ==========

[2010/07/26 17:26:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe
[2010/07/09 02:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Supersonic Cone
[2010/07/09 02:33:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry
[2010/07/09 02:33:55 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Stuart\InstallAnywhere
[2010/06/29 23:01:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Desktop\gmer
[2010/06/29 13:52:00 | 000,126,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsvc2.dll
[2010/06/29 13:51:38 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2010/06/29 13:51:18 | 000,268,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\httpext.dll
[2010/06/29 13:50:39 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\win32spl.dll
[2010/06/29 13:50:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msw3prt.dll
[2010/06/29 13:49:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/06/29 12:52:45 | 000,053,248 | ---- | C] (vbAccelerator) -- C:\WINDOWS\System32\SSUBTMR6.DLL
[2010/06/29 12:52:45 | 000,010,752 | ---- | C] (Almeida & Andrade Ltda) -- C:\WINDOWS\System32\aamd532.dll
[2010/06/29 12:50:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Desktop\apup
[2010/06/29 02:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\SUPERAntiSpyware.com
[2010/06/29 02:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/06/29 02:13:34 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/29 02:12:30 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Stuart\Desktop\ATF-Cleaner.exe
[2010/06/27 23:26:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\Malwarebytes
[2010/06/27 23:26:09 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/27 23:26:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/27 23:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Screen Calipers 2.1
[2010/06/27 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/27 18:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/27 17:22:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2010/06/27 17:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/06/27 17:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/27 17:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/06/27 16:14:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/06/27 15:48:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/27 03:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\Screen Calipers 4.0
[2010/06/27 03:04:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stuart\Application Data\Iconico
[2010/06/27 03:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Screen Protractor 4.0
[6 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/07/26 17:24:10 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stuart\Desktop\OTL.exe
[2010/07/26 17:15:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/26 17:14:58 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\491579aa.job
[2010/07/26 16:40:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/07/26 16:40:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/26 16:40:18 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/24 15:40:29 | 000,164,352 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Joe Shots.xls
[2010/07/23 15:52:42 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Stuart\ntuser.dat
[2010/07/23 15:52:42 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Stuart\ntuser.ini
[2010/06/29 21:04:36 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Stuart\defogger_reenable
[2010/06/29 14:01:34 | 000,000,165 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/29 13:52:44 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/29 02:13:37 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/28 22:44:24 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\dds.scr
[2010/06/28 22:31:42 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Stuart\Desktop\ATF-Cleaner.exe
[2010/06/28 04:26:59 | 002,096,656 | -H-- | M] () -- C:\Documents and Settings\Stuart\Local Settings\Application Data\IconCache.db
[2010/06/28 04:25:42 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\knqsdp.sys
[2010/06/28 01:20:00 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/27 23:04:16 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\rkill.com
[2010/06/27 15:59:03 | 000,462,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/27 03:06:18 | 000,090,886 | ---- | M] () -- C:\WINDOWS\Screen Calipers Uninstaller.exe
[2010/06/27 03:04:46 | 000,210,520 | ---- | M] () -- C:\WINDOWS\Screen Calipers Uninstaller.exe.bak
[2010/06/27 03:04:45 | 000,000,761 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Screen Calipers.lnk
[2010/06/27 03:04:09 | 000,210,004 | ---- | M] () -- C:\WINDOWS\Screen Protractor Uninstaller.exe
[2010/06/27 03:04:09 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\Stuart\Desktop\Screen Protractor.lnk
[6 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 17:15:50 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/29 22:52:49 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\dds.scr
[2010/06/29 21:04:36 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Stuart\defogger_reenable
[2010/06/29 14:01:34 | 000,000,165 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2010/06/29 02:13:37 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/29 02:10:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\rkill.com
[2010/06/28 04:25:42 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\knqsdp.sys
[2010/06/28 01:20:00 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/27 15:30:48 | 000,000,282 | -H-- | C] () -- C:\WINDOWS\tasks\491579aa.job
[2010/06/27 05:24:14 | 008,388,608 | ---- | C] () -- C:\Documents and Settings\Stuart\ntuser.dat
[2010/06/27 03:06:06 | 000,210,520 | ---- | C] () -- C:\WINDOWS\Screen Calipers Uninstaller.exe.bak
[2010/06/27 03:04:45 | 000,090,886 | ---- | C] () -- C:\WINDOWS\Screen Calipers Uninstaller.exe
[2010/06/27 03:04:45 | 000,000,761 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Screen Calipers.lnk
[2010/06/27 03:04:09 | 000,210,004 | ---- | C] () -- C:\WINDOWS\Screen Protractor Uninstaller.exe
[2010/06/27 03:04:09 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Stuart\Desktop\Screen Protractor.lnk
[2009/08/28 14:38:04 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/27 16:23:37 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/08/14 10:08:05 | 000,014,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\SBKUPNT.SYS
[2009/08/14 10:08:05 | 000,000,543 | ---- | C] () -- C:\WINDOWS\SWISV3.INI
[2009/08/14 10:08:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SKNIFE.INI
[2009/08/14 10:07:49 | 000,002,799 | ---- | C] () -- C:\WINDOWS\SKLANG.INI
[2009/08/07 12:18:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/08 11:19:48 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2007/06/07 15:25:54 | 000,001,013 | ---- | C] () -- C:\WINDOWS\LMAAE2DD.ini
[2007/06/06 16:38:01 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2006/12/29 20:22:48 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/11/09 19:05:14 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\ftdiun2k.ini
[2006/05/11 09:46:42 | 000,000,156 | ---- | C] () -- C:\WINDOWS\matlab.ini
[2006/04/28 17:02:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\nidmfpan.ini
[2006/03/23 18:30:09 | 000,006,276 | ---- | C] () -- C:\WINDOWS\pxisys.ini
[2006/03/23 18:00:16 | 000,000,534 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/03/22 16:29:31 | 000,006,686 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/22 16:29:31 | 000,000,152 | RHS- | C] () -- C:\WINDOWS\System32\38006E16D8.sys
[2006/03/15 00:48:54 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/03/15 00:45:00 | 000,000,124 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2006/03/15 00:17:34 | 000,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 07:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/10/08 02:03:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nispdu.dll
[2005/10/06 13:07:18 | 000,042,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\nispdk.dll
[2005/10/06 13:07:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\niscdrau.dll
[2005/09/28 17:26:34 | 000,000,244 | ---- | C] () -- C:\WINDOWS\System32\nirpc.ini
[2005/09/22 22:11:56 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\nipalpg.dll
[2005/09/21 12:46:16 | 000,007,377 | ---- | C] () -- C:\WINDOWS\System32\gpib.ini
[2005/09/19 17:42:38 | 000,012,653 | ---- | C] () -- C:\WINDOWS\System32\GPIB.DLL
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/18 02:18:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\gpib-vdd.dll
[2005/06/10 11:00:00 | 000,007,140 | ---- | C] () -- C:\WINDOWS\System32\drivers\cvintdrv.sys
[2004/07/26 11:00:00 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\cviUSI.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/03/22 13:11:47 | 000,000,209 | -HS- | M] () -- C:\boot.ini
[2005/08/16 03:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/03/15 00:22:00 | 000,006,435 | RH-- | M] () -- C:\dell.sdr
[2010/07/26 16:40:18 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2006/03/23 18:01:12 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2008/10/13 16:25:01 | 000,018,584 | ---- | M] () -- C:\install.log
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2006/03/15 00:39:42 | 000,000,838 | -H-- | M] () -- C:\IPH.PH
[2008/04/18 14:15:59 | 000,000,480 | ---- | M] () -- C:\LOG429.log
[2008/04/02 09:36:22 | 000,000,480 | ---- | M] () -- C:\LOG56.log
[2008/04/02 10:24:07 | 000,000,480 | ---- | M] () -- C:\LOG5B.log
[2008/04/02 13:25:28 | 000,000,480 | ---- | M] () -- C:\LOG61.log
[2008/04/02 13:32:33 | 000,000,480 | ---- | M] () -- C:\LOG65.log
[2008/04/02 16:34:41 | 000,000,480 | ---- | M] () -- C:\LOG68.log
[2005/08/16 03:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 04:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/04/20 21:07:08 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/26 16:40:16 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/06/29 12:52:25 | 000,000,371 | ---- | M] () -- C:\rkill.log
[2008/07/18 15:54:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/22 14:52:37 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/07/22 14:56:29 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2008/07/22 22:07:50 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2008/07/23 14:39:30 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2008/08/14 03:10:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2008/09/10 03:05:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2008/09/23 13:28:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2008/09/23 13:34:48 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2008/09/23 17:44:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2008/10/13 16:20:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2008/10/16 03:06:38 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2008/10/24 03:05:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2008/11/03 17:28:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2008/11/12 04:06:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2008/12/17 12:40:16 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2008/12/17 12:54:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2008/12/18 04:05:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2008/07/09 03:05:42 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2008/07/17 15:14:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2008/07/18 15:54:13 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2008/07/22 14:52:37 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2008/07/22 14:56:29 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2008/07/22 22:07:50 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2008/07/23 14:39:30 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2008/08/14 03:10:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2008/09/10 03:05:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2008/09/23 13:28:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2008/09/23 13:34:48 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2008/09/23 17:44:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2008/10/13 16:20:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2008/10/16 03:06:38 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2008/10/24 03:05:40 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2008/11/03 17:28:11 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2008/11/12 04:06:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2008/12/17 12:40:15 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2008/12/17 12:54:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2008/12/18 04:05:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2008/07/09 03:05:42 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2008/07/17 15:14:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/03/15 00:39:48 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2008/10/13 16:24:56 | 000,000,502 | ---- | M] () -- C:\uninstall.log
[6 C:\*.tmp files -> C:\*.tmp -> ]

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/08/16 03:42:12 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/09/08 11:19:46 | 000,019,968 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\cl31cpc.dll
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/06/18 18:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 17:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 03:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 03:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 03:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 17:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 17:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 17:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-06-24 10:04:22
< End of report >



OTL Extras logfile created on: 7/26/2010 5:32:09 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Stuart\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 572.00 Mb Available Physical Memory | 56.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 72.14 Gb Free Space | 31.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 1397.26 Gb Total Space | 952.62 Gb Free Space | 68.18% Space Free | Partition Type: NTFS
Drive F: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 7.47 Gb Total Space | 5.40 Gb Free Space | 72.27% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STALKER
Current User Name: Stuart
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.scr [@ = scrfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"9221:TCP" = 9221:TCP:*:Enabled:BitComet 9221 TCP
"9221:UDP" = 9221:UDP:*:Enabled:BitComet 9221 UDP
"27087:TCP" = 27087:TCP:*:Enabled:BitComet 27087 TCP
"27087:UDP" = 27087:UDP:*:Enabled:BitComet 27087 UDP
"27532:TCP" = 27532:TCP:*:Enabled:BitComet 27532 TCP
"27532:UDP" = 27532:UDP:*:Enabled:BitComet 27532 UDP
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"15269:TCP" = 15269:TCP:*:Enabled:BitComet 15269 TCP
"15269:UDP" = 15269:UDP:*:Enabled:BitComet 15269 UDP
"3389:TCP" = 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- (America Online, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Phantom\Ph630.exe" = C:\Program Files\Phantom\Ph630.exe:*:Enabled:Phantom 630 -- (Vision Research Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Disabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Disabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Disabled:AOL -- (America Online, Inc.)
"C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe" = C:\Program Files\National Instruments\LabVIEW 8.0\LabVIEW.exe:*:Enabled:LabVIEW 8.0 Development System -- ()
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\National Instruments\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe" = C:\Program Files\National Instruments\Shared\Example Finder\1.0\BIN\NIExampleFinder.exe:*:Enabled:NIExampleFinder -- (National Instruments)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client -- (www.BitComet.com)
"C:\Documents and Settings\Stuart\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Stuart\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- (portforward.com)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01610E8F-5F6A-4D9A-AFC4-3FE1AC19C488}" = NI-653x Support
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{061AE98B-178A-4143-A52A-68ED9279644D}" = NI Legacy DAQmxRF
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{11AE3814-BE69-4934-B256-E918F574340F}" = NI-488.2 2.43
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{12293183-17BA-4A6B-853A-009871F391E4}" = NI-DAQmx - LabVIEW shared documentation
"{12E5279E-4828-48EC-9ED1-CD344787F50F}" = NI LabVIEW 8.0 Examples
"{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}" = Adobe Setup
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16850024-A6D4-41AC-905D-0D73EADCBBA0}" = NI LabVIEW 8.0 User.lib
"{1AD77A05-76EC-44CF-940F-799FFFE6C731}" = NI Assistant Framework
"{1CD22E87-2EAF-43E9-AB88-362B75FBEE02}" = NI LabVIEW 8.0 MeasAppChm File
"{1D51A29C-475D-43A7-A6E8-5592FF6E343D}" = NI LabVIEW 8.0 Simulation
"{1E37767B-1A94-4FEA-9120-15B3360B6D3A}" = NI-DAQmx OPC Support
"{1E85A47B-4150-4003-8283-8B2EB94AF5C9}" = NI-RPC 3.2.1f0
"{2146CF1A-5ACD-4A50-8B36-6A7DD095B08C}" = NI-DAQ INF Files
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{221861B8-D133-4377-803D-F005EB2B733C}" = NI LVBrokerAux1071
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23A17C05-776A-41A2-900A-ECF81DC14852}" = NI LabVIEW 8.0 iMath
"{255D87CE-1E45-4795-9731-454EF5371B02}" = NI USI 1.2.0
"{265E79C6-B5E9-4556-8F72-518CC2511D26}" = NI-VISA 3.4.1
"{26F4D5DD-865B-4A2B-9A36-EE22ACA97331}" = NI-MXDF 1.4.0f0
"{28C59BDD-55F3-4454-BF17-37AC537F894B}" = NI MDF Support
"{29814AC5-F1CA-45FE-A5C6-5C93A3E9D9B2}" = NI Registration Wizard
"{2BD1A5B5-8E98-4E2D-9BE5-D68C57C2FDBE}" = NI Assistant Framework LabVIEW Code Generator 7.0
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D7B1642-931E-47C5-9B55-A4E83A9548FD}" = NI-RPC 3.2.1f0 for Phar Lap ETS
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{32117214-B9F1-4EAC-8EC3-417161EC388D}" = NI LabVIEW MAX XML
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36DC540B-3062-4538-B1D1-E367BC9F47FC}" = NI LVBrokerAux71
"{3C7B88E1-2C72-44CA-A883-62679DBBA36B}" = NI-DAQmx MAX Support 1.4.0
"{3CD9E7BB-6347-479A-BB0C-0093C1AE6944}" = NI Software Provider for MAX
"{3CDB180B-FF76-4371-9090-FCE5B9029677}" = FileOpen Plug-in for Adobe Acrobat® and Acrobat Reader®
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3DFF45F7-C12C-4A3A-BA9E-1946A4E92424}" = NI LabVIEW Real-Time Error Dialog
"{3EE14B35-3E03-42DB-A272-705D8FB0D3DC}" = NI DSC CommonTools 8.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4159DD60-49C1-4323-A1A5-FB060CBA35C5}" = NI Measurement Studio Recipe Processor
"{41844F24-9CA6-11D4-A74E-00D0B76FE248}" = VBA (2720)
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45A380B1-4EBC-489F-9A86-689F5BB5E1E8}" = NI DAQ Assistant 1.5.0
"{45F0CC81-BFA7-4E00-8682-8595BA27C114}" = NI Assistant Framework LabVIEW Code Generator 7.1
"{461BB471-0B29-4A85-8B8E-AD0D96F9BD12}" = NI SCXI 1.2.0
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4960B043-C25F-4C85-B5DF-817448F4D31E}" = NI LabVIEW Deployable License 8.0
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4CEA6811-DFAD-4892-828D-49941FE3B779}" = Intel® PROSet for Wired Connections
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{567DE038-00EF-4C42-8492-3C53B81351BC}" = NI-488.2 Provider for MAX
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5783F2D7-5001-0409-0002-0060B0CE6BBA}" = AutoCAD 2007 - English
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A4A9B77-F0D5-4DF6-9BF9-9BB96562A10D}" = NI LabVIEW 8.0 gMath
"{5A4AC082-8D61-442A-8A86-68869CB9BC80}" = NI MXS 4.0
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5BCB370B-F341-45DF-BDEF-29E1F1291C2C}" = NI PXI Platform Services for Windows 1.5.1
"{5DC9049B-DEEB-429F-8B52-FEC48FC1E9FF}" = NI Remote Provider for MAX
"{60FC2242-9CF5-4264-B02A-A4A86447F560}" = NI EULA Depot
"{6134FECC-3207-42A8-BE11-76F80260E416}" = NI Measurements eXtensions for PAL 1.3.0
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{62DBBC58-6C51-4793-BA66-45012F8BA32C}" = NI LabVIEW Run-Time Engine 7.1.1
"{633A8D0D-46B4-4161-9CFD-BFBE0FF08894}" = NI LabVIEW 8.0 Menus
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E06C016-09D6-492A-8804-A6CC41224599}" = NI LabVIEW 8.0 Project
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6EF3B8BD-7ED2-4E4E-A05F-8F5B2F285A16}" = NI LabVIEW 8.0 VI.lib
"{6FC644ED-B118-4837-AE96-1828FC400E56}" = NI OPC Support
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{722AA6BA-DDCD-4D6B-A153-4F14F8EFE8AF}" = NI-VISA Runtime 3.4.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7413D055-3B56-4C73-99C8-47F741C69CA9}" = NI-VISA MAX Provider 3.4.1
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{774892EA-B255-4ED8-9678-16578B63E6AE}" = NI LabVIEW 8.0 Help File
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7986e4d8-4cdc-4aa5-8418-7bb21a5774e1}" = Nero 9 Trial
"{7C11F7B1-C286-4FA0-AD3D-1FB38BAA8986}" = NI LabVIEW 8.0
"{7E6ADD85-305E-43AC-9ADA-E9A931D59A33}" = NI Spy 2.3.2
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{7F7E92E4-A60C-4A6C-9D57-D04E577B8B20}" = NI LabVIEW 8.0 Help
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85BA7798-BFDB-4A26-99E1-1D685DD70D6C}" = NI Variable Engine
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{8601B1C8-3A99-4E70-A9AE-0F08E657D687}" = NI Logos LabVIEW 8.0 Support
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8769A3F3-6CD2-4C87-AEF3-F4D016EE7D56}" = NI LabVIEW 8.0 Resource
"{87C45EA9-AD01-4F41-BAED-FA34DBFDF602}" = NI LabVIEW 8.0 CINtools
"{87F64F82-D571-4F51-A8FA-A36C273BA3C7}" = NI-PAL 1.10.0f0
"{88BBB9A9-C034-466E-BB83-8197AFD1669C}" = NI LVBrokerAux8.0
"{8A62A068-3FD6-495A-9F66-26FE94F32EC9}" = Rhapsody Player Engine
"{8A78D7F3-6D9F-4616-B813-4A7BF5495809}" = NI-DAQmx support for LabVIEW
"{8AB1D901-D67B-4827-B7BD-CA048D2E4769}" = NI Fusion Standard Library
"{8BAAFEB7-7DFD-47CE-978A-2B64E66F0C32}" = NI Example Finder 8.0
"{8C22F265-DE76-44D1-8A79-A71D819137DA}" = Intel® Quick Resume Technology Drivers
"{8C271AA1-EABD-4057-84D6-302C86A95E1A}" = NI DataSocket 4.3.0
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{903CE8F7-6C7B-41E6-A1CF-3BF1176264EC}" = Intel® Viiv™
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{92E160E5-0C7A-4DDA-9285-4B307547766D}" = NI-DAQmx Switch Core 1.6.0
"{92E975F4-D3C2-4F27-8CF8-5510D02AAEEF}" = NI Assistant Framework LabVIEW Code Generator 6.1
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A089DB8-5B5A-414C-9D20-1FEB7965FC4F}" = Pointwise
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9B114692-442E-46C7-8F01-797BF434024B}" = NI STC 1.2.0
"{9C3C2CC1-94E5-469E-98B7-A74125CC5827}" = NI Common Digital 1.2.0
"{9DE980C5-926C-4BE0-B3CA-F18A3455FF1A}" = NI Timing 1.5.0
"{9E0AE153-88DC-428B-99EB-6A3D984230B8}" = NI LabWindows/CVI 7.1.1 Run Time Engine
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9F6D6471-32F4-4583-960D-4FC956D0A04B}" = NI Portable Configuration
"{9FFBB61F-4B1B-421C-8F34-7340458ED6B7}" = NI Assistant Framework LabVIEW Code Generator 8.0
"{A0F8DADB-5454-477E-A2A2-5725ACE22AD2}" = NI Variable Engine LabVIEW 8.0 Support
"{A17F7304-F24C-4401-9B73-C0957C13AF14}" = NI LabVIEW 8.0 Applibs
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A2AA1890-14B4-4252-A17E-7A338BC42D88}" = NI-DIM 1.3.0f0
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5D1EA23-CEE5-4B72-A0C3-8BCEDFC6F94C}" = NI LabVIEW Run-Time Engine 8.0
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9A281C2-EF84-4EB5-8D3D-0E23DDDFC3D7}" = NI LabVIEW 8.0 WWW
"{A9C61320-FA84-4B54-AEAA-3BEFE95B6FA8}" = NI LabWindows/CVI 7.0 Code Generator
"{AA8D8A7B-4606-420E-9FE9-E4C77B200857}" = NI Measurement & Automation Explorer 4.0
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AB7F05AC-F4CF-4355-8BB8-C3D443E1D2AF}" = NI Calibration Provider for MAX
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_932" = Adobe Acrobat 9.3.2 - CPSID_53951
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{ADF6F323-5E7A-4EE5-A86F-136A2BF5474B}" = NI Variable Manager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B1F27A23-B6D1-4397-BA2F-25F348DF135F}" = NI Uninstaller
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B33BDA9F-2A95-4E2A-A7D0-30460DDB0E87}" = NI-DAQmx Documentation
"{B3428FFA-367B-46B6-AFAF-34A63C77BAEE}" = NI-DAQ C and VB6 API
"{B43543B0-1B58-45DF-94E2-669B1EF9D251}" = NI-ORB 1.3.0f2
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B8666F62-DA19-4F46-AF6E-723CF9C58EB7}" = NI LabVIEW 8.0 Manuals
"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX
"{BBD2F68D-97FD-48CF-93BC-9E9C24B2B016}" = NI Logos 4.6
"{BCBFC045-973F-4318-9607-B089E226AFF8}" = NI LabVIEW 8.0 Templates
"{BCD6D492-DB6C-4582-8AE3-8EE9D4EAF74A}" = NI LabVIEW Broker
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BEA0A9C5-C1D9-40AF-A52D-C2D816ADE1D5}" = NI-MDBG 1.3.0f0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5078C26-8B75-411D-9806-27E2BBD61DF6}" = NI Remote PXI Provider for MAX
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C73A0FC7-FFDC-4BAD-912A-C5791FF9EAC6}" = NI Service Locator
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCDA560D-60C6-4102-A9B5-2085BD4838A1}" = NI Citadel 5.2.0
"{CDA8101D-ED9E-4C41-BF54-48F12908CA3A}" = NI-VISA Server 3.4.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6AE703-BDAA-11D5-BDCA-00C04F019809}" = SolidWorks Education Edition
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D2EB6337-42E5-4D6E-B01F-2FF9E30F4A06}" = NI Web Pipeline
"{D53330AD-A8BF-44D8-A955-C28753057FA8}" = NI LabVIEW 8.0 Activity
"{D75DA63A-6403-4268-AB34-90134DDF65D5}" = NI MIO Device Drivers 1.7.0
"{D92D5431-B36E-498A-9E7B-521E53C8825A}" = NI-DAQmx 8.0
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DB2C5648-700D-4AEF-83E1-70C72F0C34FA}" = NI Math Kernel Libraries
"{DB4663C6-2E47-4B46-AD39-52F546D53809}" = NI-MRU 2.4.0f0
"{DEBA0D04-418C-4791-BF2D-046ED28B13D0}" = NI-DAQmx DSA Support 1.5.0
"{DEF321A1-6E28-49A1-A5EC-DB79E647E51F}" = NI-DAQ Document Set
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{DFC7D9F7-892A-489C-9B15-0211D63EAC44}" = NI LabVIEW 8.0 Instr.lib
"{E3AD8913-0BF6-455C-92E3-5CDCD8C7D266}" = NI Instrument IO Assistant for LabVIEW 8.0
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E7CDB32A-128D-49DB-BF7F-1E96EA636D88}" = NI PXI Platform Services Provider for MAX 1.5.1
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EBC3ACE5-6625-4CAF-A35C-09BC5B2A7C9F}" = NI VI Logger 2.0.1
"{ED1617B8-98F7-412A-9502-BB9607CE17C3}" = NI Instrument I/O Assistant
"{ED318768-B5F9-4102-9852-B2AAB68819B2}" = NI LabVIEW 8.0 Device Detection and Deployment Support
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F80E2443-811E-4864-9AC7-0C6DDBED3186}" = NI LabVIEW C Interface
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{FB6DF036-C3A7-4A89-92DA-B4364A8E9373}" = NI License Manager
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_acce07fd2c8fe7f9e3f26243e626578" = Adobe Dreamweaver CS4
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"America Online us" = America Online (Choose which version to remove)
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"BitComet" = BitComet 1.14
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"CompuApps SwissKnife V3" = CompuApps SwissKnife V3
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"DSMT6" = MathType 6
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESPNMotion" = ESPNMotion
"Flickr Uploadr" = Flickr Uploadr 2.5.0.15
"F-Secure SSH Client" = F-Secure SSH Client
"FTDICOMM" = FTDI USB Serial Converter Drivers
"Google Desktop" = Google Desktop
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Intel® Quick Resume Technology" = Intel® Quick Resume Technology Drivers
"Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall
"LISA_is1" = LISA 6.2.3
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatlabR2009b" = MATLAB R2009b
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MiKTeX 2.6" = MiKTeX 2.6
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MSNINST" = MSN
"NI Uninstaller" = National Instruments Software
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PFPortChecker" = PFPortChecker 1.0.28
"Phantom" = Phantom 630
"PROPLUS" = Microsoft Office Professional Plus 2007
"PROSet" = Intel® PRO Network Connections Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Screen Calipers" = Screen Calipers
"Screen Protractor" = Screen Protractor
"ShockwaveFlash" = Macromedia Flash Player 8
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Supersonic Cone" = Supersonic Cone
"VideoMach" = VideoMach
"ViewpointMediaPlayer" = Viewpoint Media Player
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinEdt_is1" = WinEdt
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/26/2010 7:14:53 PM | Computer Name = STALKER | Source = ESENT | ID = 489
Description = wuauclt (3444) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/26/2010 7:14:53 PM | Computer Name = STALKER | Source = ESENT | ID = 455
Description = wuaueng.dll (3444) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/26/2010 7:17:12 PM | Computer Name = STALKER | Source = ESENT | ID = 489
Description = wuauclt (964) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/26/2010 7:17:12 PM | Computer Name = STALKER | Source = ESENT | ID = 455
Description = wuaueng.dll (964) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/26/2010 7:17:22 PM | Computer Name = STALKER | Source = ESENT | ID = 489
Description = wuauclt (964) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/26/2010 7:17:22 PM | Computer Name = STALKER | Source = ESENT | ID = 455
Description = wuaueng.dll (964) SUS20ClientDataStore: Error -1032 (0xfffffbf8) occurred
while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/26/2010 7:19:54 PM | Computer Name = STALKER | Source = ESENT | ID = 489
Description = wuauclt (3180) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/26/2010 7:19:54 PM | Computer Name = STALKER | Source = ESENT | ID = 455
Description = wuaueng.dll (3180) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 7/26/2010 7:20:04 PM | Computer Name = STALKER | Source = ESENT | ID = 489
Description = wuauclt (3180) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).

Error - 7/26/2010 7:20:04 PM | Computer Name = STALKER | Source = ESENT | ID = 455
Description = wuaueng.dll (3180) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.

[ IntelDH Events ]
Error - 6/30/2010 5:01:59 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 6/30/2010 9:17:03 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/1/2010 2:53:35 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/5/2010 8:27:14 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/6/2010 8:16:39 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/7/2010 2:59:08 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/7/2010 3:02:24 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/12/2010 6:53:35 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/23/2010 6:46:02 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

Error - 7/23/2010 6:54:35 PM | Computer Name = STALKER | Source = IntelQRTD | ID = 7
Description = Could not attach to EL Acpi driver.

[ Media Center Events ]
Error - 11/6/2006 8:54:22 PM | Computer Name = STALKER | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 11/6/2006 4:54:22 PM. You may need to reschedule your recordings.

[ System Events ]
Error - 7/23/2010 8:39:20 PM | Computer Name = STALKER | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 7/24/2010 6:54:26 PM | Computer Name = STALKER | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/26/2010 6:54:27 PM | Computer Name = STALKER | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 7/26/2010 7:29:52 PM | Computer Name = STALKER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 7/26/2010 7:31:52 PM | Computer Name = STALKER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 7/26/2010 7:33:54 PM | Computer Name = STALKER | Source = DCOM | ID = 10010
Description = The server {98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C} did not register
with DCOM within the required timeout.

Error - 7/26/2010 7:40:55 PM | Computer Name = STALKER | Source = Service Control Manager | ID = 7000
Description = The AnchorChips General Purpose USB Driver (ezusb.sys) service failed
to start due to the following error: %%1058

Error - 7/26/2010 7:40:55 PM | Computer Name = STALKER | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 7/26/2010 7:42:16 PM | Computer Name = STALKER | Source = Service Control Manager | ID = 7022
Description = The Intel® Quick Resume Technology Drivers service hung on starting.

Error - 7/26/2010 7:42:19 PM | Computer Name = STALKER | Source = Service Control Manager | ID = 7023
Description = The Intel® Quick Resume Technology Drivers service terminated with
the following error: %%203


< End of report >


#10 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 28 July 2010 - 03:05 AM

Hi there,

STEP 1 - OTL Fix

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    CODE
    :OTL
    [2010/07/26 17:14:58 | 000,000,282 | -H-- | M] () -- C:\WINDOWS\tasks\491579aa.job
    [2010/06/28 04:25:42 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\knqsdp.sys

    :Commands
    [purity]
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

STEP 2 - MBAM

Open Malwarebyte's Anti-Malware.
  • Under the Updates tab, click Check for Updates. Let the updates install (if any).
  • After that, under the Scanner tab, click Perform Quick Scan and then Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

STEP 3 - Kaspersky

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.



  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
STEP 4 - Reply

Please reply with the following log:
  • MBAM Log
  • Kaspersky Log

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#11 NASATimp

NASATimp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 02 August 2010 - 10:04 PM

Hi,

I've done the OTL Fix and restart and am currently running MBAM with an update (manually installed). However, the computer is offline (has been since the day I got the virus, way back--I'm typing this on a different machine, of course) so I can't run the Kaspersky Online Scanner, unless there's a way to do it offline.

Thanks for your help!!

#12 NASATimp

NASATimp
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:53 PM

Posted 02 August 2010 - 10:09 PM

Here is the MBAM log from the quick scan:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4363

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

8/2/2010 8:06:19 PM
mbam-log-2010-08-02 (20-06-19).txt

Scan type: Quick scan
Objects scanned: 174096
Time elapsed: 11 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


#13 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 03 August 2010 - 04:01 PM

Hi there,

Since the machine is offline, I'll give you a file you can transfer over to your other computer.

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#14 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 14 August 2010 - 01:41 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image


#15 mpascal

mpascal

    Math Nerd


  • Members
  • 1,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:09:53 PM

Posted 19 August 2010 - 05:24 PM

Hi there,

Welcome back. Can you continue with the instructions in my last post please.

Posted Image

Stay with your topic! Topics that go 4 days without a reply will be closed. PM me to reopen.

Please don't PM asking for support. Post on the forums instead.

My help is free, but if you wish to donate and help continue my fight against malware, click here: Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users