1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive google redirect virus on windows 7 ultimate 64 bit

Discussion in 'Malware and Virus Removal Archive' started by barnum22, 2010/11/24.

  1. 2010/11/24
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    [Inactive] google redirect virus on windows 7 ultimate 64 bit

    I was assigned a previously used laptop, running windows 7 ultimate 64 bit.
    And Symantec Endpoint protection (last scan run 11/23, nothing found)
    running Windows Firewall.

    Somehow I have the google redirect virus.
    I was using IE 8. shows up as r3.google redirect
    I switched to Firefox. the virus appeared after a few days.
    I switched to Chrome, and yes, the redirect virus showed up again.

    I have tried running:
    a2Antimalware. nothing found (does not see the Symantec AV software?)
    Combofix (does not work for 64-bit)
    HitmanPro35_64bit. nothing found.
    MalAware
    MBAM I can only run 4/10 version. I get an error when trying to update. (MBAM_ERROR_UPDATING (12007, 0, WinHttpSendRequest))
    superantispyware (no virus found, just lots of cookies)
    tdsskiller (no virus found)
    Windows kb890830-x64-v3.13 (no virus found)
     
  2. 2010/11/24
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    Here are logs:
    ------------------------------------------------------------------------------
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/24/2010 4:45:48 PM
    mbam-log-2010-11-24 (16-45-48).txt

    Scan type: Quick scan
    Objects scanned: 1446
    Time elapsed: 23 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    ---------------------------------------------------------------------
     

  3. to hide this advert.

  4. 2010/11/24
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    GMER
    ---------------------------------------------------------------------------
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-24 16:25:50
    Windows 6.1.7600
    Running: gmer.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c60768fbd7c
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c60768fbd7c@307c3062b30f 0x6D 0xA1 0xA5 0x07 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c60768fbd7c (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c60768fbd7c@307c3062b30f 0x6D 0xA1 0xA5 0x07 ...

    ---- EOF - GMER 1.0.15 ----

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Dell Inc.
    BIOS Manufacturer: Dell Inc.
    System Manufacturer: Dell Inc.
    System Product Name: Precision M4400
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 236):
    0x02E56000 \SystemRoot\system32\ntoskrnl.exe
    0x02E0D000 \SystemRoot\system32\hal.dll
    0x00B9F000 \SystemRoot\system32\kdcom.dll
    0x00C89000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00CCD000 \SystemRoot\system32\PSHED.dll
    0x00CE1000 \SystemRoot\system32\CLFS.SYS
    0x00D3F000 \SystemRoot\system32\CI.dll
    0x00E86000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F2A000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00F39000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00F90000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x00F99000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00FA3000 \SystemRoot\system32\DRIVERS\pci.sys
    0x00FD6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00FE3000 \SystemRoot\System32\drivers\partmgr.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x00E09000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00E15000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x00C39000 \SystemRoot\System32\drivers\mountmgr.sys
    0x0109C000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x012A6000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x012AF000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x012D9000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x012E4000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x012F4000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x012FF000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0134B000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01445000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0135F000 \SystemRoot\System32\Drivers\msrpc.sys
    0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01000000 \SystemRoot\System32\Drivers\cng.sys
    0x0141A000 \SystemRoot\System32\drivers\pcw.sys
    0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01643000 \SystemRoot\system32\drivers\ndis.sys
    0x01735000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01795000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x01A96000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01AE0000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x01AF0000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01B3C000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B44000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01B7E000 \SystemRoot\system32\DRIVERS\PBADRV.sys
    0x01B8A000 \SystemRoot\System32\Drivers\mup.sys
    0x01B9C000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01BA5000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01BDF000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01A00000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x01A30000 \SystemRoot\system32\drivers\BMLoad.sys
    0x04221000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x0424B000 \SystemRoot\System32\Drivers\SRTSP64.SYS
    0x02E24000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20101102.008\EX64.SYS
    0x042BF000 \??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
    0x02E00000 \??\C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20101102.008\ENG64.SYS
    0x02FE2000 \SystemRoot\System32\Drivers\SRTSPX64.SYS
    0x02FF6000 \SystemRoot\System32\Drivers\Null.SYS
    0x042F5000 \SystemRoot\System32\Drivers\Beep.SYS
    0x042FC000 \SystemRoot\System32\drivers\vga.sys
    0x0430A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x0432F000 \SystemRoot\System32\drivers\watchdog.sys
    0x0433F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x04348000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x04351000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x0435A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x04365000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x04376000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x04394000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x043A1000 \SystemRoot\System32\Drivers\tcpipBM.SYS
    0x0449A000 \SystemRoot\system32\drivers\afd.sys
    0x04524000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x04569000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x04572000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x04598000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x045AE000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x045BD000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x045D8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x045EC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x045F6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x04400000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x04451000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x0445D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x046E2000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
    0x04758000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
    0x0477D000 \SystemRoot\System32\drivers\discache.sys
    0x04600000 \SystemRoot\system32\drivers\csc.sys
    0x04683000 \SystemRoot\System32\Drivers\dfsc.sys
    0x046A1000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x046B2000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x100AF000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x10DF4000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x04AF3000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04A00000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04A46000 \SystemRoot\system32\DRIVERS\e1y62x64.sys
    0x04A8F000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x04A9C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04BE7000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x10000000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04C44000 \SystemRoot\system32\DRIVERS\NETw5s64.sys
    0x052F1000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x052FE000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x0533C000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x0535C000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x05372000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x05390000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
    0x053D6000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x053E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04C00000 \SystemRoot\system32\drivers\tpm.sys
    0x04C0F000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x04C1C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x04C21000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04C2A000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x10024000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x10034000 \SystemRoot\system32\DRIVERS\dne64x.sys
    0x053F4000 \SystemRoot\System32\Drivers\RootMdm.sys
    0x10060000 \SystemRoot\system32\drivers\modem.sys
    0x1006F000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x10085000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0478C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04798000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x047C7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04468000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x047E2000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04BF8000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
    0x04489000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x053FC000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x043AD000 \SystemRoot\system32\DRIVERS\ks.sys
    0x01A47000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05AB7000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05B11000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05B26000 \SystemRoot\system32\DRIVERS\stwrt64.sys
    0x05BA5000 \SystemRoot\system32\DRIVERS\portcls.sys
    0x05A00000 \SystemRoot\system32\DRIVERS\drmk.sys
    0x05A22000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00090000 \SystemRoot\System32\win32k.sys
    0x05A28000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05A34000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04000000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05A42000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05A55000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05A72000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x020C7000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
    0x02115000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
    0x0213F000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x0214D000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x0215B000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x02174000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x0217D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x0218B000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x02198000 \SystemRoot\System32\Drivers\cvusbdrv.sys
    0x00520000 \SystemRoot\System32\TSDDD.dll
    0x02000000 \SystemRoot\system32\DRIVERS\qcusbserdl.sys
    0x00790000 \SystemRoot\System32\cdd.dll
    0x00980000 \SystemRoot\System32\ATMFD.DLL
    0x02020000 \SystemRoot\system32\drivers\luafv.sys
    0x02043000 \SystemRoot\system32\drivers\WudfPf.sys
    0x02064000 \SystemRoot\system32\DRIVERS\WinUSB.sys
    0x02075000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x020A6000 \SystemRoot\System32\DRIVERS\scfilter.sys
    0x021A6000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x078E9000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x0793C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0794F000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x07800000 \SystemRoot\system32\drivers\HTTP.sys
    0x078C8000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x07967000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x0797F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x079AC000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x021BB000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x021DE000 \SystemRoot\System32\Drivers\adfs.SYS
    0x08AC3000 \SystemRoot\system32\drivers\peauth.sys
    0x08B69000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x08B74000 \SystemRoot\System32\drivers\ipnat.sys
    0x08BA3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x08BD0000 \SystemRoot\system32\DRIVERS\vwifimp.sys
    0x08BDA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x08A00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x092C6000 \SystemRoot\System32\DRIVERS\srv.sys
    0x0935C000 \SystemRoot\System32\Drivers\BTHUSB.sys
    0x09374000 \SystemRoot\System32\Drivers\bthport.sys
    0x09200000 \SystemRoot\system32\DRIVERS\rfcomm.sys
    0x0922C000 \SystemRoot\system32\DRIVERS\BthEnum.sys
    0x0923C000 \SystemRoot\system32\DRIVERS\bthpan.sys
    0x0925C000 \SystemRoot\system32\DRIVERS\bthmodem.sys
    0x0961D000 \SystemRoot\system32\DRIVERS\btwavdt.sys
    0x09698000 \SystemRoot\system32\drivers\btwaudio.sys
    0x0971E000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
    0x0972A000 \SystemRoot\system32\DRIVERS\btwrchid.sys
    0x0972E000 \??\C:\Windows\system32\Drivers\CVPNDRVA.sys
    0x097BB000 \SystemRoot\System32\drivers\rdpdr.sys
    0x097E9000 \SystemRoot\system32\drivers\tdtcp.sys
    0x09600000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x09273000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x0960F000 \??\C:\Windows\system32\PCTINDIS5X64.SYS
    0x0B67B000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x76D00000 \Windows\System32\ntdll.dll
    0x476B0000 \Windows\System32\smss.exe
    0xFF020000 \Windows\System32\apisetschema.dll
    0xFF820000 \Windows\System32\autochk.exe
    0xFEFC0000 \Windows\System32\ws2_32.dll
    0xFEDE0000 \Windows\System32\setupapi.dll
    0xFED60000 \Windows\System32\difxapi.dll
    0xFECF0000 \Windows\System32\gdi32.dll
    0xFECA0000 \Windows\System32\Wldap32.dll
    0xFEC00000 \Windows\System32\msvcrt.dll
    0xFEAF0000 \Windows\System32\msctf.dll
    0xFE9C0000 \Windows\System32\wininet.dll
    0xFE8F0000 \Windows\System32\usp10.dll
    0xFE690000 \Windows\System32\iertutil.dll
    0xFE510000 \Windows\System32\urlmon.dll
    0xFE4F0000 \Windows\System32\imagehlp.dll
    0x76BE0000 \Windows\System32\kernel32.dll
    0xFE4C0000 \Windows\System32\imm32.dll
    0xFE440000 \Windows\System32\shlwapi.dll
    0xFD6B0000 \Windows\System32\shell32.dll
    0xFD5D0000 \Windows\System32\oleaut32.dll
    0xFD5C0000 \Windows\System32\lpk.dll
    0x76ED0000 \Windows\System32\psapi.dll
    0xFD3B0000 \Windows\System32\ole32.dll
    0xFD2D0000 \Windows\System32\advapi32.dll
    0xFD2C0000 \Windows\System32\nsi.dll
    0xFD220000 \Windows\System32\clbcatq.dll
    0x76EC0000 \Windows\System32\normaliz.dll
    0xFD200000 \Windows\System32\sechost.dll
    0x76AE0000 \Windows\System32\user32.dll
    0xFD160000 \Windows\System32\comdlg32.dll
    0xFD030000 \Windows\System32\rpcrt4.dll
    0xFCEC0000 \Windows\System32\crypt32.dll
    0xFCE50000 \Windows\System32\KernelBase.dll
    0xFCE30000 \Windows\System32\devobj.dll
    0xFCDF0000 \Windows\System32\cfgmgr32.dll
    0xFCD50000 \Windows\System32\comctl32.dll
    0xFCD10000 \Windows\System32\wintrust.dll
    0xFCD00000 \Windows\System32\msasn1.dll
    0x76EB0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 102):
    0 System Idle Process
    4 System
    328 C:\Windows\System32\smss.exe
    432 csrss.exe
    500 csrss.exe
    508 C:\Windows\System32\wininit.exe
    572 C:\Windows\System32\services.exe
    580 C:\Windows\System32\lsass.exe
    588 C:\Windows\System32\lsm.exe
    696 C:\Windows\System32\svchost.exe
    760 C:\Windows\System32\nvvsvc.exe
    816 C:\Windows\System32\winlogon.exe
    844 C:\Windows\System32\svchost.exe
    912 C:\Windows\System32\svchost.exe
    964 C:\Windows\System32\svchost.exe
    1004 C:\Windows\System32\svchost.exe
    344 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe
    1216 C:\Windows\System32\svchost.exe
    1292 C:\Windows\System32\nvvsvc.exe
    1352 WUDFHost.exe
    1408 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    1460 C:\Windows\System32\svchost.exe
    1564 C:\Windows\System32\svchost.exe
    1608 C:\Windows\System32\wlanext.exe
    1616 C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    1624 C:\Windows\System32\conhost.exe
    1760 C:\Windows\System32\spoolsv.exe
    1872 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    1908 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    1928 C:\Windows\System32\svchost.exe
    1980 C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    2016 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    2200 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    2240 unsecapp.exe
    2312 WmiPrvSE.exe
    2408 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    2432 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
    2484 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    2524 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    2572 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    2600 C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    2692 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    2732 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    2768 C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    2864 C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    2928 C:\QUALCOMM\QDLService\QDLService.exe
    2968 C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
    2988 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    3052 C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    1100 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    3120 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    3160 C:\Windows\System32\svchost.exe
    3180 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    3404 WmiPrvSE.exe
    3832 C:\Windows\System32\alg.exe
    3880 C:\Windows\System32\svchost.exe
    3512 C:\Windows\System32\svchost.exe
    4336 C:\Windows\System32\SearchIndexer.exe
    4652 C:\Windows\System32\taskhost.exe
    4660 C:\Windows\System32\dwm.exe
    4716 C:\Windows\explorer.exe
    4792 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    4908 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    4988 C:\Program Files\IDT\WDM\sttray64.exe
    5000 C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    5008 C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
    5024 C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    5040 C:\Program Files\DellTPad\Apoint.exe
    3128 C:\Users\bbarnum\AppData\Local\Google\Update\GoogleUpdate.exe
    2216 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    256 C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    2676 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    2280 C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    1668 C:\Users\bbarnum\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    4208 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    5164 C:\Program Files\DellTPad\ApMsgFwd.exe
    5204 C:\Program Files\DellTPad\hidfind.exe
    5212 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
    5220 C:\Program Files\DellTPad\ApntEx.exe
    5228 C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    5260 C:\Windows\System32\conhost.exe
    5604 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    6064 C:\Program Files\iPod\bin\iPodService.exe
    5152 C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    1136 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    436 C:\Windows\System32\audiodg.exe
    6376 C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe
    6360 C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
    5792 C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
    4936 C:\Program Files (x86)\AT&T\Communication Manager\bmctl.exe
    3652 C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    6468 C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    3912 C:\Windows\System32\SearchProtocolHost.exe
    2820 C:\Windows\System32\SearchFilterHost.exe
    4112 C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    1124 C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    6604 C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    6192 dllhost.exe
    4676 dllhost.exe
    6508 C:\Users\bbarnum\Downloads\MBRCheck.exe
    2388 C:\Windows\System32\conhost.exe
    3596 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: ST9500420AS, Rev: 0002SDM1

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
    ------------------------------------------------------------



    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by bbarnum at 16:29:31.52 on Wed 11/24/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4084.2258 [GMT -8:00]

    SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\WLANExt.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
    C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
    C:\QUALCOMM\QDLService\QDLService.exe
    C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
    C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
    C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
    C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Users\bbarnum\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    C:\Users\bbarnum\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe
    C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe
    C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe
    C:\Program Files (x86)\AT&T\Communication Manager\bmctl.exe
    C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\bbarnum\Downloads\dds.scr
    C:\Windows\system32\conhost.exe

    ============== Pseudo HJT Report ===============

    uWindow Title = Windows Internet Explorer provided by Movie-Q
    uStart Page = hxxp://www.google.com/
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    uRun: [Google Update] "C:\Users\bbarnum\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe "
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [<NO NAME>]
    mRun: [AT&T Communication Manager] "C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe" -a
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe "
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLCO~1.LNK - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\TDMNOT~1.LNK - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\VPNGUI~1.LNK - C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe
    uPolicies-system: NoDispScrSavPage = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre1.5.0\bin\npjpi150.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    LSA: Authentication Packages = msv1_0 wvauth
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
    mRun-x64: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe "
    mRun-x64: [DellConnectionManager] "C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe "
    mRun-x64: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
    mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\bbarnum\AppData\Roaming\Mozilla\Firefox\Profiles\kd55j66f.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Users\bbarnum\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbaam7a8h ", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqz9s ", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--fiqs8s ", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--j6w193g ", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4ar ", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgberp4a5d4a87g ", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7c0a67fbc ", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--mgbqly7cvafr ", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kpry57d ", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref( "network.IDN.whitelist.xn--kprw13d ", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe [2010-6-18 89600]
    R2 buttonsvc64;Dell ControlPoint Button Service;C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [2009-11-20 373024]
    R2 Credential Vault Host Control Service;Credential Vault Host Control Service;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-3-23 1039776]
    R2 Credential Vault Host Storage;Credential Vault Host Storage;C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-3-23 31136]
    R2 dcpsysmgrsvc;Dell ControlPoint System Manager;C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2010-2-8 515952]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-6-18 13336]
    R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [2010-4-30 6237800]
    R2 QDLService;Qualcomm Gobi Download Service;C:\QUALCOMM\QDLService\QDLService.exe [2009-12-7 345336]
    R2 QDLService2kDell;Qualcomm Gobi 2000 Download Service (Dell);C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe [2009-11-23 329976]
    R2 SMManager;Smith Micro Connection Manager Service;C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [2009-12-22 77312]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-5-20 240232]
    R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-6-18 2477304]
    R3 ATTRcAppSvc;AT&T RcAppSvc;C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe [2010-7-27 121416]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-6-18 36392]
    R3 CAATT;AT&T Con App Svc;C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe [2010-7-27 125512]
    R3 cvusbdrv;Dell ControlVault;C:\Windows\System32\drivers\cvusbdrv.sys [2009-11-3 38440]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y62x64.sys [2010-6-18 287960]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-10-20 132656]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]
    R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2008-6-3 168864]
    R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2008-9-18 315840]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-7-27 43032]
    R3 qcusbserdl;Dell USB Device for Legacy Serial Communication;C:\Windows\System32\drivers\qcusbserdl.sys [2009-12-7 127104]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-13 9728]
    S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [2010-5-8 87336]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-6-29 1315592]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 QCFilterdl;Dell Wireless 5600 (EV-DO-HSPA) Mobile Broadband Mini-Card Composite Device Filter Driver;C:\Windows\System32\drivers\qcfilterdl.sys [2009-12-7 8832]
    S3 qcusbnetdl;Dell USB-NDIS miniport;C:\Windows\System32\drivers\qcusbnetdl.sys [2009-12-7 245760]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-18 1255736]

    =============== Created Last 30 ================

    2010-11-24 19:15:18 -------- d-----w- C:\Users\bbarnum\AppData\Roaming\SUPERAntiSpyware.com
    2010-11-24 19:15:18 -------- d-----w- C:\PROGRA~3\SUPERAntiSpyware.com
    2010-11-24 19:15:14 -------- d-----w- C:\PROGRA~3\!SASCORE
    2010-11-24 19:15:12 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2010-11-24 17:43:50 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2010-11-24 17:43:50 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-11-24 00:46:47 -------- d-----w- C:\DVDfromLDforEK
    2010-11-24 00:46:14 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
    2010-11-24 00:46:14 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
    2010-11-22 23:25:41 -------- d-----w- C:\Users\bbarnum\AppData\Roaming\SolidWorks
    2010-11-20 00:48:36 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
    2010-11-20 00:48:35 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
    2010-11-20 00:26:18 -------- d-----w- C:\Users\bbarnum\AppData\Local\Google
    2010-11-19 20:45:54 -------- d-----w- C:\Users\bbarnum\AppData\Local\Microsoft Games
    2010-11-19 19:53:25 -------- d-----w- C:\PROGRA~3\Norton
    2010-11-19 19:53:23 -------- d-----w- C:\Users\bbarnum\AppData\Local\NPE
    2010-11-19 18:32:18 -------- d-----w- C:\Users\bbarnum\AppData\Roaming\Xerox
    2010-11-19 18:31:44 41472 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\Xrpp_b.dll
    2010-11-19 18:31:44 12288 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\Xrprt_b.dll
    2010-11-17 19:44:51 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2010-11-17 19:35:22 19528 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
    2010-11-17 19:35:21 -------- d-----w- C:\Program Files\Hitman Pro 3.5
    2010-11-17 19:34:32 -------- d-----w- C:\PROGRA~3\Hitman Pro
    2010-11-17 17:47:56 169320 ----a-w- C:\PROGRA~3\Microsoft\Windows\Sqm\Manifest\Sqm10135.bin
    2010-11-16 22:35:17 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
    2010-11-06 00:42:17 -------- d-----w- C:\LAGI
    2010-11-05 22:26:56 -------- d-----w- C:\Users\bbarnum\AppData\Local\jZip
    2010-11-05 22:19:07 -------- d-----w- C:\Users\bbarnum\AppData\Roaming\EDrawings
    2010-11-05 22:18:52 -------- d-----w- C:\Users\bbarnum\AppData\Roaming\DassaultSystemes
    2010-11-05 22:18:52 -------- d-----w- C:\Users\bbarnum\AppData\Local\DassaultSystemes
    2010-11-04 20:31:47 -------- d-----w- C:\Windows\SysWow64\SimFiles
    2010-11-04 18:33:32 -------- d-----w- C:\Users\bbarnum\AppData\Roaming\EurekaLog
    2010-11-04 18:31:15 -------- d-----w- C:\Program Files (x86)\Emsisoft Anti-Malware
    2010-11-04 17:19:01 -------- d-----w- C:\Users\bbarnum\AppData\Roaming\Malwarebytes
    2010-11-04 17:18:55 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-04 17:18:54 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-04 17:18:54 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-04 17:18:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-03 19:04:43 -------- d-----w- C:\Users\bbarnum\AppData\Local\Diagnostics
    2010-11-03 18:41:01 -------- d-----w- C:\Users\bbarnum\AppData\Local\ElevatedDiagnostics
    2010-11-03 05:47:00 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2010-11-03 05:47:00 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2010-11-03 05:47:00 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2010-11-03 05:46:42 -------- d-----w- C:\Program Files\iTunes
    2010-11-03 05:46:42 -------- d-----w- C:\Program Files\iPod
    2010-11-03 05:46:42 -------- d-----w- C:\Program Files (x86)\iTunes
    2010-11-02 23:33:52 -------- d-----w- C:\P_legacy
    2010-11-02 21:29:11 -------- d-----w- C:\Users\bbarnum\AppData\Local\Apple Computer
    2010-11-02 21:28:13 -------- d-----w- C:\PROGRA~3\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2010-11-02 21:26:55 -------- d-----w- C:\Program Files\Bonjour
    2010-11-02 21:26:55 -------- d-----w- C:\Program Files (x86)\Bonjour
    2010-11-02 20:19:38 50008 ----a-w- C:\Windows\System32\drivers\swmsflt.sys
    2010-11-02 20:17:55 -------- d-----w- C:\PROGRA~3\LG
    2010-11-02 20:17:51 -------- d-----w- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
    2010-10-29 00:01:11 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-29 00:01:11 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-29 00:01:10 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-29 00:01:10 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-29 00:01:10 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-29 00:01:10 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-29 00:01:10 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-29 00:00:36 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-26 06:11:17 -------- d-----w- C:\e0ef6c97635354880a
    2010-10-26 01:29:55 -------- d-----w- C:\Users\bbarnum\AppData\Local\AT&T

    ==================== Find3M ====================

    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 18:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 18:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-30 23:47:16 31744 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

    ============= FINISH: 16:30:06.18 ===============
     
  5. 2010/11/24
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/18/2010 11:36:30 AM
    System Uptime: 11/24/2010 3:39:21 PM (1 hours ago)

    Motherboard: Dell Inc. | | 0R906R
    Processor: Intel(R) Core(TM)2 Extreme CPU Q9300 @ 2.53GHz | Microprocessor | 2509/266mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 201.854 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter for 64-bit Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter for 64-bit Windows
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA

    ==== System Restore Points ===================

    RP77: 11/4/2010 11:02:09 AM - MalAware Cleaning
    RP78: 11/14/2010 3:32:33 AM - Windows Update
    RP79: 11/18/2010 4:24:16 PM - Windows Update
    RP80: 11/19/2010 4:47:22 PM - Installed Acronis*True*Image*Home 2011
    RP81: 11/19/2010 4:58:18 PM - Removed Acronis*True*Image*Home 2011
    RP82: 11/19/2010 5:00:14 PM - Removed Acronis*True*Image*Home 2011
    RP83: 11/24/2010 3:00:14 AM - Windows Update

    ==== Installed Programs ======================

    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Illustrator CS4
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Reader 9.4.0
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Apple Application Support
    Apple Software Update
    Connect
    Crystal Reports Basic for Visual Studio 2008
    Definition update for Microsoft Office 2010 (KB982726)
    Dell Client System Update
    Dell ControlPoint Security Manager
    Dell Security Device Driver Pack
    EMBASSY Security Center Lite
    EMBASSY Security Setup
    ESC Home Page Plugin
    FREEping
    GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
    GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
    Google Chrome
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
    IDT Audio
    InstaCal and Universal Library for Windows
    Intel(R) Control Center
    Intel(R) Rapid Storage Technology
    J2SE Runtime Environment 5.0
    jZip
    kuler
    LiveUpdate 3.3 (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Document Explorer 2005
    Microsoft Document Explorer 2008
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (English) 2010
    Microsoft Office Project Professional 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visio 2010
    Microsoft Office Visio MUI (English) 2010
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Project Professional 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    Microsoft SQL Server 2005 Tools Express Edition
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 Policies
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft SQL Server Setup Support Files (English)
    Microsoft Visio Premium 2010
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual SourceSafe 2005 - ENU
    Microsoft Visual Studio 2005 Tools for Applications - ENU
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Mozilla Firefox (3.6.12)
    MSDN Library for Visual Studio 2008 SP1
    MSDN Library for Visual Studio 2008 SP1 - ENU
    Mselect3_1E
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Stereoscopic 3D Driver
    PDF Settings CS4
    Photoshop Camera Raw
    PL-2303 USB-to-Serial
    Qualcomm Gobi 2000 Package for Dell
    Qualcomm Gobi Driver Package for Dell
    Qualcomm Gobi Images for Dell
    QuickTime
    RICOH Media Driver ver.2.07.01.01
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
    Security Update for Microsoft Word 2010 (KB2345000)
    SmartMotor Interface
    SolidWorks 2010 x64 Edition SP03.1
    SolidWorks eDrawings 2010
    Spybot - Search & Destroy
    SQL Server System CLR Types
    Suite Shared Configuration CS4
    TracerDAQ
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft OneNote 2010 (KB2288640)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Update for Microsoft Visual SourceSafe 2005 - ENU (KB943847)
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    VC Runtimes MSI
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - v9.0.30729.4148
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    Wave Support Software
    WCAT
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone

    ==== Event Viewer Messages From Past Week ========

    11/24/2010 4:29:27 PM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
    11/24/2010 3:41:59 PM, Error: Microsoft-Windows-TerminalServices-RemoteConnectionManager [1067] - The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. .
    11/24/2010 3:40:49 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
    11/24/2010 3:39:53 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: CBUL32
    11/24/2010 3:39:49 PM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain MOVIEQ due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
    11/24/2010 3:37:29 PM, Error: Service Control Manager [7031] - The Symantec Settings Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/24/2010 3:37:29 PM, Error: Service Control Manager [7031] - The Symantec Event Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
    11/23/2010 4:44:51 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
    11/22/2010 6:48:26 PM, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    11/22/2010 4:52:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    11/19/2010 4:57:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
    11/19/2010 4:56:48 PM, Error: Service Control Manager [7022] - The Security Center service hung on starting.
    11/19/2010 4:54:43 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.
    11/19/2010 4:54:43 PM, Error: Service Control Manager [7000] - The Intel(R) Rapid Storage Technology service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/19/2010 4:07:30 PM, Error: NetBT [4311] - Initialization failed because the driver device could not be created. Use the string "00216A7E547C" to identify the interface for which initialization failed. It represents the MAC address of the failed interface or the Globally Unique Interface Identifier (GUID) if NetBT was unable to map from GUID to MAC address. If neither the MAC address nor the GUID were available, the string represents a cluster device name.

    ==== End Of File ===========================
     
  6. 2010/11/24
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Welcome aboard :)

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  7. 2010/11/26
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    OTL logfile created on: 11/26/2010 4:25:52 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\bbarnum\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 200.52 Gb Free Space | 43.06% Space Free | Partition Type: NTFS

    Computer Name: ADRIAN-LAPTOP | User Name: bbarnum | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/26 16:22:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bbarnum\Downloads\OTL.exe
    PRC - [2010/11/19 16:26:17 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\bbarnum\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2010/06/18 13:13:22 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
    PRC - [2010/06/18 13:13:22 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
    PRC - [2010/06/18 13:13:20 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
    PRC - [2010/06/18 13:13:20 | 000,050,544 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
    PRC - [2010/05/20 18:51:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    PRC - [2009/12/22 10:35:58 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
    PRC - [2009/12/22 10:35:56 | 001,845,248 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
    PRC - [2009/12/07 13:52:18 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) -- C:\QUALCOMM\QDLService\QDLService.exe
    PRC - [2009/11/23 17:17:34 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe
    PRC - [2009/03/25 19:07:00 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    PRC - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/26 16:22:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\bbarnum\Downloads\OTL.exe
    MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/06/29 09:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/06/29 00:16:19 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2010/05/08 03:45:42 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
    SRV:64bit: - [2010/04/30 05:52:50 | 006,237,800 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
    SRV:64bit: - [2010/03/29 12:00:58 | 002,363,240 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
    SRV:64bit: - [2010/03/23 23:07:58 | 001,039,776 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
    SRV:64bit: - [2010/03/23 23:07:58 | 000,031,136 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
    SRV:64bit: - [2010/03/09 22:56:02 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2010/02/08 15:26:50 | 000,515,952 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
    SRV:64bit: - [2010/02/03 16:53:54 | 001,558,016 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
    SRV:64bit: - [2009/12/22 10:35:58 | 000,077,312 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
    SRV:64bit: - [2009/11/20 16:43:04 | 000,373,024 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc64)
    SRV:64bit: - [2009/09/21 14:24:40 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV:64bit: - [2009/09/21 14:00:44 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2009/03/25 19:07:00 | 000,852,768 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_e085d3cd5b474ba6\AESTSr64.exe -- (AESTFilters)
    SRV:64bit: - [2008/07/29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/07/27 17:19:06 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
    SRV - [2010/07/27 17:17:00 | 000,125,512 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\AT&T\Communication Manager\ConAppsSvc.exe -- (CAATT)
    SRV - [2010/07/02 10:10:14 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/06/29 00:16:20 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
    SRV - [2010/06/18 13:13:22 | 000,411,976 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SNAC64.EXE -- (SNAC)
    SRV - [2010/06/18 13:13:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2010/06/18 13:13:22 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    SRV - [2010/06/18 13:13:20 | 003,197,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
    SRV - [2010/06/18 13:13:20 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
    SRV - [2010/05/20 18:51:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/03/23 12:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
    SRV - [2009/12/07 13:52:18 | 000,345,336 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\QUALCOMM\QDLService\QDLService.exe -- (QDLService)
    SRV - [2009/11/23 17:17:34 | 000,329,976 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- C:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kDell.exe -- (QDLService2kDell) Qualcomm Gobi 2000 Download Service (Dell)
    SRV - [2009/07/13 11:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/11/12 12:25:48 | 001,273,856 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NvtSp50.sys -- (NvtSp50)
    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\frmupgr.sys -- (DFUBTUSB)
    DRV:64bit: - File not found [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\CBUL32.SYS -- (CBUL32)
    DRV:64bit: - [2010/08/30 15:47:16 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2010/07/27 17:09:40 | 000,043,032 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\PCTINDIS5X64.sys -- (PCTINDIS5X64)
    DRV:64bit: - [2010/06/18 13:29:40 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2010/06/18 13:13:24 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\srtspl64.sys -- (SRTSPL)
    DRV:64bit: - [2010/06/18 13:13:24 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2010/06/18 13:13:24 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2010/04/16 20:24:34 | 000,027,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (HID)
    DRV:64bit: - [2010/03/23 12:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV:64bit: - [2010/03/10 12:36:30 | 000,236,544 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swnc8u51.sys -- (SWNC8U51) Sierra Wireless MUX NDIS Driver (UMTS51)
    DRV:64bit: - [2010/03/09 22:56:02 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2010/03/03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/02/17 10:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 10:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
    DRV:64bit: - [2009/12/08 13:03:02 | 000,206,848 | ---- | M] (Sierra Wireless Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\swumx51.sys -- (SWUMX51) Sierra Wireless USB MUX Driver (UMTS51)
    DRV:64bit: - [2009/12/07 11:35:34 | 000,245,760 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbnetdl.sys -- (qcusbnetdl)
    DRV:64bit: - [2009/12/07 11:35:32 | 000,127,104 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qcusbserdl.sys -- (qcusbserdl)
    DRV:64bit: - [2009/12/07 11:35:32 | 000,008,832 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterdl.sys -- (QCFilterdl) Dell Wireless 5600 (EV-DO-HSPA)
    DRV:64bit: - [2009/11/24 14:34:54 | 000,258,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV:64bit: - [2009/11/03 16:40:44 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
    DRV:64bit: - [2009/10/09 18:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/09/15 10:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 16:00:24 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpials.sys -- (acpials)
    DRV:64bit: - [2009/07/13 15:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2009/06/25 16:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/12 17:19:58 | 000,287,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2009/03/24 17:14:52 | 000,097,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
    DRV:64bit: - [2009/03/24 17:14:50 | 000,131,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
    DRV:64bit: - [2009/03/24 17:14:46 | 000,019,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
    DRV:64bit: - [2008/12/22 15:05:30 | 000,036,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
    DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
    DRV:64bit: - [2008/09/24 14:03:22 | 000,092,160 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ser2pl64.sys -- (Ser2pl)
    DRV:64bit: - [2008/09/18 16:03:00 | 000,315,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
    DRV:64bit: - [2008/06/04 13:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
    DRV:64bit: - [2008/06/03 08:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
    DRV - [2010/11/02 12:09:02 | 001,804,336 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101102.008\EX64.SYS -- (NAVEX15)
    DRV - [2010/11/02 12:09:02 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20101102.008\ENG64.SYS -- (NAVENG)
    DRV - [2010/10/20 12:11:54 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2010/06/28 08:19:42 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2010/06/18 13:13:24 | 000,481,840 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\srtspl64.sys -- (SRTSPL)
    DRV - [2010/06/18 13:13:24 | 000,443,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\srtsp64.sys -- (SRTSP)
    DRV - [2010/06/18 13:13:24 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\srtspx64.sys -- (SRTSPX)
    DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 77 09 8A BE 1A 6F CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.google.com/ "
    FF - prefs.js..network.proxy.no_proxies_on: " "
    FF - prefs.js..network.proxy.share_proxy_settings: true
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/04 09:13:40 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/04 09:13:38 | 000,000,000 | ---D | M]

    [2010/11/04 09:13:57 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\mozilla\Extensions
    [2010/11/04 09:13:57 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\mozilla\Firefox\Profiles\kd55j66f.default\extensions
    [2010/11/04 09:13:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

    O1 HOSTS File: ([2010/11/19 12:44:44 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
    O4:64bit: - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
    O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe File not found
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4:64bit: - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files (x86)\AT&T\Communication Manager\ATTCM.exe (ATT)
    O4 - HKLM..\Run: [ccApp] C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 1
    O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.5.0\bin\NPJPI150.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.183.54.151 209.183.54.151
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = movieq.pvt
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O30:64bit: - LSA: Authentication Packages - (wvauth) - C:\Windows\SysNative\wvauth.dll (Wave Systems Corp.)
    O30 - LSA: Authentication Packages - (wvauth) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/24 11:15:18 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/24 11:15:18 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/24 11:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/24 11:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/24 11:02:22 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/11/24 09:43:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/11/24 09:43:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2010/11/23 16:46:47 | 000,000,000 | ---D | C] -- C:\DVDfromLDforEK
    [2010/11/22 15:25:41 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\SolidWorks
    [2010/11/22 08:35:56 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\Documents\New folder
    [2010/11/19 16:45:25 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\Acronis
    [2010/11/19 16:26:18 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\Google
    [2010/11/19 12:45:54 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\Microsoft Games
    [2010/11/19 11:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2010/11/19 11:53:23 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\NPE
    [2010/11/19 10:32:18 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\Xerox
    [2010/11/17 17:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
    [2010/11/17 11:44:51 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2010/11/17 11:35:21 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/11/17 11:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
    [2010/11/17 09:37:53 | 000,000,000 | --SD | C] -- C:\Users\bbarnum\Documents\My Shapes
    [2010/11/16 23:19:16 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\Documents\Faith_mar2009
    [2010/11/16 23:07:37 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\Documents\Outlook Files
    [2010/11/16 14:35:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
    [2010/11/05 16:42:17 | 000,000,000 | ---D | C] -- C:\LAGI
    [2010/11/05 14:26:56 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\jZip
    [2010/11/05 14:19:07 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\EDrawings
    [2010/11/05 14:18:52 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\DassaultSystemes
    [2010/11/05 14:18:52 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\DassaultSystemes
    [2010/11/04 12:31:47 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SimFiles
    [2010/11/04 10:33:32 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\EurekaLog
    [2010/11/04 10:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
    [2010/11/04 10:31:15 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\Documents\Anti-Malware
    [2010/11/04 09:19:01 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\Malwarebytes
    [2010/11/04 09:18:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/04 09:18:54 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/04 09:18:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/04 09:18:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/04 09:13:44 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\Mozilla
    [2010/11/04 09:13:44 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\Mozilla
    [2010/11/04 09:13:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2010/11/03 11:04:43 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\Diagnostics
    [2010/11/03 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\ElevatedDiagnostics
    [2010/11/02 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2010/11/02 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
    [2010/11/02 21:46:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2010/11/02 15:33:52 | 000,000,000 | ---D | C] -- C:\P_legacy
    [2010/11/02 13:29:11 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Roaming\Apple Computer
    [2010/11/02 13:29:11 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\AppData\Local\Apple Computer
    [2010/11/02 13:28:13 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    [2010/11/02 13:27:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
    [2010/11/02 13:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2010/11/02 13:26:55 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
    [2010/11/02 13:26:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
    [2010/11/02 12:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\LG
    [2010/11/02 12:17:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PctelEapPeer Authentication
    [2010/10/28 15:58:03 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\Documents\Visual Studio 2005
    [2010/10/28 15:57:44 | 000,000,000 | ---D | C] -- C:\Users\bbarnum\Documents\SQL Server Management Studio

    ========== Files - Modified Within 30 Days ==========

    [2010/11/26 15:34:42 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/26 15:34:42 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/26 12:51:00 | 000,792,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/26 12:51:00 | 000,670,492 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/26 12:51:00 | 000,125,372 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/26 12:42:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/26 12:42:20 | 3211,735,040 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/24 15:17:21 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/11/24 11:15:14 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/24 08:45:12 | 000,022,352 | ---- | M] () -- C:\Windows\SysNative\loghitmanpro357.xml
    [2010/11/23 09:52:57 | 000,000,442 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
    [2010/11/19 16:28:55 | 000,002,288 | ---- | M] () -- C:\Users\bbarnum\Desktop\Google Chrome.lnk
    [2010/11/19 16:26:19 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1198380753-2247649295-4196431879-1149Core.job
    [2010/11/19 12:44:44 | 000,000,852 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010/11/17 22:33:42 | 603,681,426 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/17 11:44:51 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
    [2010/11/16 23:22:33 | 001,847,052 | ---- | M] () -- C:\Users\bbarnum\Documents\Faith_mar2009.rar
    [2010/11/16 23:04:36 | 000,001,135 | ---- | M] () -- C:\Users\bbarnum\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2010/11/16 15:04:28 | 000,020,608 | ---- | M] () -- C:\Users\bbarnum\Documents\SJU_Mia_LAX.docx
    [2010/11/16 13:57:15 | 000,019,118 | ---- | M] () -- C:\Users\bbarnum\Documents\travelletter.dotx
    [2010/11/04 09:13:40 | 000,001,967 | ---- | M] () -- C:\Users\bbarnum\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/04 09:13:40 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/02 16:55:05 | 000,110,080 | ---- | M] () -- C:\Users\bbarnum\Documents\MOVIEQ_-ENGINEERING-_WEEKLY_INSPECTION_CHECKLIST.doc
    [2010/11/02 16:51:03 | 000,055,808 | ---- | M] () -- C:\Users\bbarnum\Documents\MOVIEQ_-ENGINEERING-_QUARTERLY_INSPECTION_CHECKLIST.doc
    [2010/11/02 15:50:16 | 000,059,392 | ---- | M] () -- C:\Users\bbarnum\Documents\B6-BALANCE_SYSTEM_-_PHIL-TITE_EVR_Phase_I_-_ANNUAL_INSPECTION_CHECKLIST.doc
    [2010/11/02 15:45:09 | 000,108,032 | ---- | M] () -- C:\Users\bbarnum\Documents\B4-BALANCE_SYSTEM_-_FLEET_-_WEEKLY_INSPECTION_CHECKLIST.doc
    [2010/11/02 14:06:55 | 000,002,002 | -H-- | M] () -- C:\Users\bbarnum\Documents\Default.rdp
    [2010/11/02 12:24:28 | 003,051,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/11/02 12:18:59 | 000,002,126 | ---- | M] () -- C:\Users\Public\Desktop\at&t Communication Manager.lnk
    [2010/11/02 11:02:10 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

    ========== Files Created - No Company Name ==========

    [2010/11/24 11:15:14 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/24 08:45:12 | 000,022,352 | ---- | C] () -- C:\Windows\SysNative\loghitmanpro357.xml
    [2010/11/19 16:28:55 | 000,002,288 | ---- | C] () -- C:\Users\bbarnum\Desktop\Google Chrome.lnk
    [2010/11/19 16:26:19 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1198380753-2247649295-4196431879-1149Core.job
    [2010/11/17 11:35:22 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
    [2010/11/16 23:22:33 | 001,847,052 | ---- | C] () -- C:\Users\bbarnum\Documents\Faith_mar2009.rar
    [2010/11/16 23:04:36 | 000,001,135 | ---- | C] () -- C:\Users\bbarnum\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2010/11/16 14:33:36 | 000,020,608 | ---- | C] () -- C:\Users\bbarnum\Documents\SJU_Mia_LAX.docx
    [2010/11/16 13:57:12 | 000,019,118 | ---- | C] () -- C:\Users\bbarnum\Documents\travelletter.dotx
    [2010/11/04 09:13:40 | 000,001,967 | ---- | C] () -- C:\Users\bbarnum\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/11/04 09:13:40 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/02 16:51:02 | 000,055,808 | ---- | C] () -- C:\Users\bbarnum\Documents\MOVIEQ_-ENGINEERING-_QUARTERLY_INSPECTION_CHECKLIST.doc
    [2010/11/02 15:50:52 | 000,110,080 | ---- | C] () -- C:\Users\bbarnum\Documents\MOVIEQ_-ENGINEERING-_WEEKLY_INSPECTION_CHECKLIST.doc
    [2010/11/02 15:50:16 | 000,059,392 | ---- | C] () -- C:\Users\bbarnum\Documents\B6-BALANCE_SYSTEM_-_PHIL-TITE_EVR_Phase_I_-_ANNUAL_INSPECTION_CHECKLIST.doc
    [2010/11/02 15:45:08 | 000,108,032 | ---- | C] () -- C:\Users\bbarnum\Documents\B4-BALANCE_SYSTEM_-_FLEET_-_WEEKLY_INSPECTION_CHECKLIST.doc
    [2010/11/02 12:19:38 | 000,050,008 | ---- | C] () -- C:\Windows\SysNative\drivers\swmsflt.sys
    [2010/11/02 12:18:59 | 000,002,126 | ---- | C] () -- C:\Users\Public\Desktop\at&t Communication Manager.lnk
    [2010/11/02 11:02:10 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
    [2010/07/30 07:53:03 | 000,000,186 | ---- | C] () -- C:\ProgramData\RmUserCfg.ini
    [2010/07/30 07:53:03 | 000,000,000 | ---- | C] () -- C:\ProgramData\IPConfig.fig
    [2010/07/02 10:09:18 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
    [2010/06/20 19:14:09 | 000,000,172 | ---- | C] () -- C:\Windows\ODBC.INI
    [2010/06/20 19:12:57 | 000,731,106 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/06/18 12:52:06 | 000,008,465 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/06/18 11:53:11 | 000,080,368 | ---- | C] () -- C:\Windows\SysWow64\pbadrvdll.dll
    [2010/06/02 09:02:30 | 000,210,432 | ---- | C] () -- C:\Windows\SysWow64\RayDvrOcxCHS.dll
    [2010/06/02 09:02:02 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CovH264ToAvi.dll
    [2010/06/02 09:01:58 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\RayDvrOcxRUS.dll
    [2010/06/01 10:30:40 | 000,680,040 | ---- | C] () -- C:\Windows\SysWow64\RM_DVRNET_DLL.dll
    [2010/03/31 15:43:28 | 000,196,608 | ---- | C] () -- C:\Windows\SysWow64\nvrfs.dll
    [2009/12/22 10:03:22 | 000,143,360 | R--- | C] () -- C:\Windows\SysWow64\preflib.dll
    [2009/11/10 10:20:04 | 000,839,680 | ---- | C] () -- C:\Windows\SysWow64\DemoLicense.dll
    [2009/11/10 10:07:44 | 000,917,504 | ---- | C] () -- C:\Windows\SysWow64\lmgr10.dll
    [2009/07/23 17:51:26 | 000,229,442 | ---- | C] () -- C:\Windows\SysWow64\winpubf.dll
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2008/12/01 12:50:00 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\IntegMotorCANComm.dll
    [2007/08/21 19:46:34 | 000,059,160 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll

    ========== LOP Check ==========

    [2010/11/19 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\Acronis
    [2010/10/18 20:43:18 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\AT&T
    [2010/10/18 11:58:01 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\Broadcom
    [2010/11/05 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\DassaultSystemes
    [2010/11/05 14:19:14 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\EDrawings
    [2010/11/04 10:33:32 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\EurekaLog
    [2010/10/18 20:23:29 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\Sierra Wireless
    [2010/10/18 11:58:01 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\Wave Systems Corp
    [2010/11/19 10:32:18 | 000,000,000 | ---D | M] -- C:\Users\bbarnum\AppData\Roaming\Xerox
    [2009/07/13 21:08:49 | 000,031,490 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/26 12:42:20 | 3211,735,040 | -HS- | M] () -- C:\hiberfil.sys
    [2006/12/01 22:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/26 12:42:29 | 4282,314,752 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/19 12:40:27 | 000,071,184 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_19.11.2010_12.39.47_log.txt
    [2010/07/12 14:45:11 | 000,001,093 | ---- | M] () -- C:\WirelessDiagLog.csv

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/10/18 15:18:15 | 000,000,221 | -HS- | M] () -- C:\Users\bbarnum\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2010/10/25 09:03:24 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2010/10/25 09:03:24 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2010/10/25 08:57:39 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb00005.log
    [2010/06/18 11:13:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2010/06/18 11:13:16 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/18 11:57:53 | 000,000,402 | -HS- | M] () -- C:\Users\bbarnum\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/30 07:53:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\IPConfig.fig
    [2010/06/30 11:02:51 | 000,008,465 | RHS- | M] () -- C:\ProgramData\ntuser.pol
    [2010/10/14 09:41:45 | 000,000,186 | ---- | M] () -- C:\ProgramData\RmUserCfg.ini

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  8. 2010/11/26
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    OTL Extras logfile created on: 11/26/2010 4:25:52 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\bbarnum\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
    8.00 Gb Paging File | 6.00 Gb Available in Paging File | 75.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 465.66 Gb Total Space | 200.52 Gb Free Space | 43.06% Space Free | Partition Type: NTFS

    Computer Name: ADRIAN-LAPTOP | User Name: bbarnum | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- C:\Users\bbarnum\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1 ",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll ",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll ",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1 "
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "{081535FA-9F70-40F1-822A-06533D1433DF}" = Wave Infrastructure Installer
    "{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
    "{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
    "{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
    "{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
    "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}" = SolidWorks Explorer 2010 SP03.1 x64 Edition
    "{33A316AE-6EB6-4A3F-AA09-E12A57BA475D}" = Dell ControlPoint System Manager
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
    "{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
    "{530992D4-DDBA-4F68-8B0D-FF50AC57531B}" = Symantec Endpoint Protection
    "{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{5F23A1DC-58CB-4AB9-84E8-9A569438D916}" = ControlVault Diagnostics
    "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
    "{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{83957DED-4EB3-48DF-9624-211FB39EE210}" = AT&T Communication Manager
    "{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E80AF23-17B4-4611-B28E-68A114B23488}" = Dell ControlVault Host Components Installer 64Bit
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{910A147A-75D7-4ECD-A00D-727AAC0FD0E7}" = Microsoft SQL Server 2008 Client Tools
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{9AAE6BEC-D63A-4D32-BDAF-5BAE65D36F76}" = DCP64MMWrapper
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{A4F53D2C-1FED-4CDF-9D83-4AED82CD0436}" = Gemalto
    "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
    "{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
    "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
    "{BAACB61F-43E0-4E70-BDC9-F81CC3B22970}" = Microsoft SQL Server 2008 Client Tools
    "{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
    "{BC91C996-5F7E-43F6-9AC1-52B695DF68FB}" = SO64MMWrapper
    "{C79A7EAB-9D6F-4072-8A6D-F8F54957CD93}" = Microsoft SQL Server 2008 Native Client
    "{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi Software
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE964618-AED2-4304-AC75-2EF8D0B47ECC}" = Dell ControlPoint Connection Manager 64
    "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
    "{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
    "{E4D583B8-BDB6-4E40-B16E-B6F719026BAD}" = Dell Control Point 64
    "{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "{E9173A5F-22A6-4152-848E-45851DB99162}" = SolidWorks 2010 x64 Edition SP03.1
    "{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}" = Microsoft SQL Server 2008 Setup Support Files (English)
    "{ED8CEED1-38D6-4F53-AE9E-07C5CCEAD855}" = BS64MMWrapper
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
    "{F4264106-F90E-4076-98CF-1B878DB14513}" = SQL Server System CLR Types
    "{FEF64966-7F5E-48A6-8A87-C12533BEE519}" = ATMinInstall64
    "9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
    "Creative OA001" = Integrated Webcam Driver (1.03.02.0919)
    "CutePDF Writer Installation" = CutePDF Writer 2.8
    "HitmanPro35" = Hitman Pro 3.5
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
    "Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
    "ProInst" = Intel PROSet Wireless
    "PROSet" = Intel(R) Network Connections Drivers
    "Ultravnc2_is1" = UltraVNC 1.0.8.2
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{01C5A10F-AD9B-405B-853A-6659841A1242}" = Microsoft SQL Server 2008 Policies
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    "{22FF90AE-764C-3490-8912-246A60F7FF57}" = MSDN Library for Visual Studio 2008 SP1 - ENU
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
    "{2B2B45B1-3CA0-4F8D-BBB3-AC77ED46A0FE}" = Dell Client System Update
    "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.07.01.01
    "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3B02F865-D144-44E4-8373-3B8A2E5222ED}" = SolidWorks eDrawings 2010
    "{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}" = Visual C++ 2008 x64 Runtime - (v9.0.30729.4148)
    "{3C11D2DA-6802-3F66-BE6B-B2C046AFE866}.vc_x64runtime_30729_4148" = Visual C++ 2008 x64 Runtime - v9.0.30729.4148
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{44D4AF75-6870-41F5-9181-662EA05507E1}" = Microsoft Document Explorer 2005
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{64CDE8F2-3791-46F5-BAD2-72FFF5252FAB}" = Microsoft SQL Server Compact 3.5 SP1 Query Tools English
    "{661A683B-9A09-4433-8346-AB67B85F80F9}" = Mselect3_1E
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{82A11C41-F38F-4154-8013-1C67CD3C8F27}" = Qualcomm Gobi 2000 Package for Dell
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8CE08C3C-8FF4-45D9-925E-4F3CE2D7FA7D}" = Adobe Setup
    "{8DC6D103-ACBB-4313-84F6-C49C11152439}" = WCAT
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00B4-0409-0000-0000000FF1CE}" = Microsoft Office Project MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
    "{91140000-0057-0000-0000-0000000FF1CE}" = Microsoft Office Visio 2010
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{98CE29A1-AA14-4858-9A67-9CDBEAA596C8}" = Qualcomm Gobi Driver Package for Dell
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
    "{9D9B6837-ECE8-40F3-8F36-41D795AAA8DC}" = SmartMotor Interface
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C7EA29FC-78F2-4680-9D9B-22CA8191E63C}" = Microsoft Visual SourceSafe 2005 - ENU
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{D85480F4-F0BD-4F42-B936-4480E852EF9C}" = FREEping
    "{DAB77146-1370-41FF-AB8F-D04151078BB1}" = TracerDAQ
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{EA06E03B-B8F3-4564-B6B8-66CF2E19FFCD}" = InstaCal and Universal Library for Windows
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F1557A96-53A1-48F8-9652-D69A0FF41C9F}" = Qualcomm Gobi Images for Dell
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_2a31ae7a5c43ff52d8577782dd34e04" = Adobe Illustrator CS4
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
    "InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
    "InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
    "InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
    "jZip" = jZip
    "LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft Document Explorer 2005" = Microsoft Document Explorer 2005
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft SQL Server 2005" = Microsoft SQL Server 2005
    "Microsoft Visual SourceSafe 2005 - ENU" = Microsoft Visual SourceSafe 2005 - ENU
    "Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MSDN Library for Visual Studio 2008 SP1" = MSDN Library for Visual Studio 2008 SP1
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PRJPROR" = Microsoft Project Professional 2010
    "Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
    "Office14.VISIOR" = Microsoft Visio Premium 2010
    "SolidWorks Installation Manager 20100-40301-1100-100" = SolidWorks 2010 x64 Edition SP03.1
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/24/2010 6:30:32 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 11/24/2010 6:52:51 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 11/24/2010 6:52:52 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 11/24/2010 7:42:02 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 11/24/2010 7:42:04 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 11/26/2010 4:44:57 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 11/26/2010 4:44:57 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = .NET Runtime Optimization Service | ID = 1111
    Description =

    Error - 11/26/2010 5:24:28 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = SideBySide | ID = 16842815
    Description = Activation context generation failed for "C:\Program Files (x86)\Spybot
    - Search & Destroy\DelZip179.dll ".Error in manifest or policy file "C:\Program
    Files (x86)\Spybot - Search & Destroy\DelZip179.dll" on line 8. The value "*" of
    attribute "language" in element "assemblyIdentity" is invalid.

    Error - 11/26/2010 7:28:37 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = RasClient | ID = 20227
    Description =

    Error - 11/26/2010 7:29:04 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    [ System Events ]
    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297

    Error - 10/7/2010 10:39:25 PM | Computer Name = Adrian-Laptop.movieq.pvt | Source = Service Control Manager | ID = 7000
    Description = The Diagnostic Service Host service failed to start due to the following
    error: %%1297


    < End of report >
     
  9. 2010/11/26
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =================================================================

    Run OTL
    • Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
       "DisableMonitoring" =-
      
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the [color= "#FF0000"]Run Fix[/color] button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===============================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  10. 2010/11/29
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: aabordo
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Adrian
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: bbarnum
    ->Temp folder emptied: 781449 bytes
    ->Temporary Internet Files folder emptied: 1012441 bytes
    ->Java cache emptied: 74703 bytes
    ->FireFox cache emptied: 0 bytes
    ->Google Chrome cache emptied: 43548561 bytes
    ->Flash cache emptied: 1844 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: MQAdmin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 49632 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 4834 bytes

    Total Files Cleaned = 43.00 mb


    [EMPTYFLASH]

    User: aabordo
    ->Flash cache emptied: 0 bytes

    User: Adrian

    User: All Users

    User: bbarnum
    ->Flash cache emptied: 0 bytes

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: MQAdmin
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11292010_105909

    Files\Folders moved on Reboot...
    C:\Users\bbarnum\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
     
  11. 2010/11/29
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    checkup.txt
    ----------------

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Norton ccSvcHst.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  12. 2010/11/29
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    eset scan results: no threats found.
     
  13. 2010/11/29
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    just for fun after the eset scan.
    opened ie 8. did a google search. and still was redirected almost immediately. (JUMP...)
    did google search on firefox, ok for 8 items
    did googlesearch on chrome and got bit in the *ss!!!. (JUMP) and then this nasty scanner.secure-web.info page that keeps telling me that my computer is infected and I need to download from SMART threat detection report!

    UGH!!!!
     
  14. 2010/11/29
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Your router may be infected.

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client "
    net start "dns client "


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset ".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
     
  15. 2010/11/30
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    Broni:

    Hmmmm, i think the laptop is clean. I am checking using aircard, vs. this local network.
    I did reset router and wireless router. still redirecting.
    but the aircard does not seem to redirect.
    So, it must be localized to router? how to clean that?
     
  16. 2010/11/30
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Make sure, you really reset it following my instructions.
    Simple disconnecting power won't do.
     
  17. 2010/12/03
    barnum22

    barnum22 Inactive Thread Starter

    Joined:
    2010/11/24
    Messages:
    12
    Likes Received:
    0
    Broni:

    Yes, I did use 'reset' not just unplugged. I will need to investigate further. Some other hub I haven't located in this office or something?

    thanks much for your assistance de-lousing the laptop.

    You can close this for now.

    regards,
     
  18. 2010/12/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK.
    Good luck :)
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.