Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

regular slowdown - malware? [Solved]

Started by LarsH , Jul 31 2009 12:14 AM

  • This topic is locked This topic is locked

#1
LarsH
Posted 31 July 2009 - 12:14 AM

LarsH

    New Member

  • Member
  • Pip
  • 8 posts
Hello... running Win XP SP3 on a Dell Latitude D820, Core Duo.

During night hours, my computer seems to slow down drastically for a few minutes, then run normally for several minutes, and back and forth.
I'm not certain that it's only at night, but that's when I notice it.
I notice it most when playing a game, which slows to a crawl (slower than 1 fps, compared to normally 20-30 fps).

I sometimes switch to Task Manager to see what processes are hogging CPU. Sometimes it's been explorer.exe; but lately that doesn't seem to be the culprit so much. Sometimes cagent32 will be at the top of the CPU-using processes, but not usually. Sometimes it's a bluesoleil program, or Steam.exe, but not usually. Sometimes vmware-authd (though I'm not currently running VMware) -- but that's not usually it either. There just doesn't seem to be a consistent leader on the CPU-sorted process list.

I followed the instructions in the Malware and Spyware Cleaning Guide.
The only "malware" that MBAM found was a shortcut on my desktop with a long name. I'm pretty sure I put that there myself, so it's not malware. Nevertheless, the instructions said to click Remove Selected in MBAM after the scan, so I did. I think things run a little better now; explorer.exe doesn't seem to be so much the culprit any more; but there are still very regular minutes of major CPU hoggage at night, when I have to pause my game.

My logs follow...
Thanks for any help.
Lars

Malware Post


Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 3

7/29/2009 10:10:48 AM
mbam-log-2009-07-29 (10-10-48).txt

Scan type: Quick Scan
Objects scanned: 97682
Time elapsed: 8 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\documents and settings\huttarl.dallas\Desktop\Security updates for Microsoft XML Core Services 4.0 Service Pack 2 may repeatedly appear in the update list on Microsoft Update or on Windows Update.url (Rogue.Link) -> Quarantined and deleted successfully.


ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/29 10:27
Program Version: Version 1.3.3.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB6A20000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA604000 Size: 8192 File Visible: No Signed: -
Status: -

Name: knukvhuq.sys
Image Path: knukvhuq.sys
Address: 0xBA0A8000 Size: 61440 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB2E71000 Size: 49152 File Visible: No Signed: -
Status: -

SSDT
-------------------
#: 031 Function Name: NtConnectPort
Status: Hooked by "<unknown>" at address 0x88c72480

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb6e5f350

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\Drivers\SYMEVENT.SYS" at address 0xb6e5f580

==EOF==



OTL logfile created on: 7/29/2009 10:31:24 AM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Program Files\bin
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.82% Memory free
1.97 Gb Paging File | 1.10 Gb Available in Paging File | 55.64% Paging File free
Paging file location(s): C:\pagefile.sys 128 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.93 Gb Total Space | 4.31 Gb Free Space | 7.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 19.54 Gb Total Space | 1.11 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IT-HUTTAR-D820
Current User Name: huttarl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/08/20 17:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 17:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/09/14 10:44:00 | 01,155,180 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
PRC - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2007/04/05 15:26:36 | 00,851,968 | ---- | M] (Centennial Software Limited ) -- C:\Centenn.ial\Audit\CAgent32.exe
PRC - [2007/04/05 15:26:36 | 00,073,728 | ---- | M] (Centennial Software Limited ) -- C:\Centenn.ial\Audit\xferwan.exe
PRC - [2006/03/25 17:24:04 | 00,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe
PRC - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2008/08/20 17:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe
PRC - [2009/06/30 22:07:52 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2006/07/12 13:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2007/02/10 06:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
PRC - [2006/04/14 11:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2006/05/26 04:50:24 | 04,149,248 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
PRC - [2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
PRC - [2006/01/19 15:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe
PRC - [2008/08/20 17:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2003/11/12 13:46:34 | 00,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe
PRC - [2008/12/01 17:36:40 | 00,061,440 | ---- | M] (EMC) -- C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe
PRC - [2008/12/01 17:37:32 | 00,331,776 | ---- | M] (EMC) -- C:\Program Files\Retrospect\Retrospect Client\retroclient.exe
PRC - [2003/12/11 05:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe
PRC - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/02/10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2005/11/30 13:33:04 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
PRC - [2007/03/23 10:02:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
PRC - [2008/03/03 20:06:12 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe
PRC - [2008/08/20 17:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
PRC - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008/03/03 20:06:10 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/03/03 20:06:26 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe
PRC - [2007/08/17 16:58:08 | 00,057,447 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
PRC - [2009/02/06 05:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2008/04/13 19:12:30 | 00,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ntvdm.exe
PRC - [2009/06/20 12:27:54 | 00,615,176 | ---- | M] (http://tortoisesvn.net) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2005/10/07 19:13:38 | 00,176,128 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/11/16 21:35:16 | 00,397,312 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/03/09 12:26:10 | 00,098,304 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
PRC - [2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/09/08 05:20:00 | 00,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\DLA\DLACTRLW.EXE
PRC - [2004/06/29 04:56:12 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\HidFind.exe
PRC - [2005/02/16 18:15:20 | 00,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2005/07/27 21:41:08 | 00,045,056 | R--- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2002/09/10 21:26:26 | 00,368,706 | ---- | M] () -- C:\Program Files\BroadJump\Client Foundation\CFD.exe
PRC - [2006/06/20 21:25:19 | 00,331,776 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\System32\WDBtnMgr.exe
PRC - [2007/07/12 04:00:36 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2008/08/12 23:49:05 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2006/11/21 17:38:28 | 00,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/03/14 19:49:02 | 00,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/09/10 12:08:46 | 00,258,134 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
PRC - [2008/03/03 20:05:22 | 00,055,856 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\hqtray.exe
PRC - [2008/03/30 10:36:40 | 00,267,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2008/08/12 23:49:05 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2008/08/20 17:27:36 | 01,368,064 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/08/20 17:09:12 | 01,191,936 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2007/05/08 16:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2009/03/09 20:29:41 | 00,156,672 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
PRC - [2004/08/04 05:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\unsecapp.exe
PRC - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/04/22 15:42:33 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
PRC - [2003/10/29 02:06:00 | 00,024,576 | ---- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2005/11/30 09:39:02 | 00,192,512 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
PRC - [2009/06/30 05:45:45 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Documents and Settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
PRC - [2007/07/12 04:00:36 | 00,325,008 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/01/29 23:56:50 | 00,685,296 | ---- | M] (Yahoo!) -- C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/29 10:30:47 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Program Files\bin\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2007/09/06 13:28:18 | 00,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2009/02/11 14:40:36 | 00,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade [Auto | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2007/09/14 10:44:00 | 01,155,180 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe -- (BlueSoleilCS [Auto | Running])
SRV - [2007/07/24 16:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2007/08/17 16:58:08 | 00,057,447 | ---- | M] () -- C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe -- (BsHelpCS [On_Demand | Running])
SRV - [2006/03/30 09:15:44 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8 [Auto | Running])
SRV - [2006/11/21 17:38:32 | 00,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2006/11/21 17:38:40 | 00,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2007/04/05 15:26:36 | 00,851,968 | ---- | M] (Centennial Software Limited ) -- C:\Centenn.ial\Audit\CAgent32.exe -- (CentennialClientAgent [Auto | Running])
SRV - [2007/04/05 15:26:36 | 00,073,728 | ---- | M] (Centennial Software Limited ) -- C:\Centenn.ial\Audit\xferwan.exe -- (CentennialIPTransferAgent [Auto | Running])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/03/25 17:24:04 | 00,315,392 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe -- (DataSvr2 [Auto | Running])
SRV - [2007/03/14 19:48:40 | 00,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2008/08/20 17:38:30 | 00,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/12/01 11:59:52 | 00,033,752 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2008/08/12 23:49:05 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103 [On_Demand | Stopped])
SRV - [2008/08/29 14:14:40 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c8e1d582c30206 [Auto | Stopped])
SRV - [2009/03/31 06:10:27 | 00,183,280 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/05/20 11:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE -- (HP Port Resolver [On_Demand | Stopped])
SRV - [2004/10/16 06:31:06 | 00,073,728 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE -- (HP Status Server [On_Demand | Stopped])
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (IISADMIN [On_Demand | Running])
SRV - [2008/03/30 10:36:30 | 00,504,104 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/09/02 16:36:33 | 02,528,960 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - [2006/07/12 13:58:44 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2007/02/10 06:29:54 | 29,178,224 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe -- (MSSQL$SILFW [Auto | Running])
SRV - [2006/04/14 11:07:20 | 28,933,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS [Auto | Running])
SRV - [2005/10/14 04:50:20 | 00,045,272 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper [Disabled | Stopped])
SRV - [2006/05/26 04:50:24 | 04,149,248 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe -- (MySQL [Auto | Running])
SRV - [2007/05/15 18:08:38 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/04/06 14:57:54 | 00,380,928 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2006/01/19 15:14:00 | 00,143,428 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2009/06/07 02:03:24 | 00,036,352 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService [On_Demand | Stopped])
SRV - [2005/11/23 09:22:44 | 00,089,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2007/05/15 18:08:40 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\System32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2008/08/20 17:08:02 | 00,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2003/11/12 13:46:34 | 00,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher [Auto | Running])
SRV - [2008/12/01 17:36:40 | 00,061,440 | ---- | M] (EMC) -- C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe -- (Retrospect Client [Auto | Running])
SRV - [2008/12/08 08:50:52 | 00,122,880 | ---- | M] (EMC Corporation) -- C:\Program Files\Retrospect\Retrospect Client\rthlpsvc.exe -- (Retrospect Helper [Auto | Stopped])
SRV - [2003/12/11 05:09:34 | 00,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc [Auto | Running])
SRV - [2007/11/06 15:22:26 | 00,092,792 | ---- | M] (CACE Technologies) -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd [On_Demand | Stopped])
SRV - [2008/08/20 17:18:34 | 00,905,216 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2007/03/14 19:48:56 | 00,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [Auto | Running])
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (SMTPSVC [Auto | Running])
SRV - [2007/02/12 17:23:10 | 00,214,672 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - File not found -- -- (SonicCSvr6.1 DB Server [Disabled | Stopped])
SRV - File not found -- -- (SonicCSvr6.1 Lock Manager [Disabled | Stopped])
SRV - File not found -- -- (SonicCSvr6.1 Server [Disabled | Stopped])
SRV - File not found -- -- (SonicXSvr DB Server [On_Demand | Stopped])
SRV - File not found -- -- (SonicXSvr Lock Manager [On_Demand | Stopped])
SRV - [2007/01/10 16:27:38 | 01,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc [On_Demand | Stopped])
SRV - [2007/02/10 06:29:48 | 00,242,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser [Auto | Running])
SRV - [2007/02/10 06:29:56 | 00,089,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [Auto | Running])
SRV - [2007/03/14 19:48:50 | 01,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2005/11/30 13:33:04 | 00,180,224 | ---- | M] () -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe -- (tcsd_win32.exe [Auto | Running])
SRV - [2005/03/26 14:23:09 | 00,102,400 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe -- (Tomcat5 [On_Demand | Stopped])
SRV - [2008/03/03 20:06:10 | 00,109,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService [Auto | Running])
SRV - [2008/03/03 20:06:26 | 00,121,392 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnetdhcp.exe -- (VMnetDHCP [Auto | Running])
SRV - [2007/03/23 10:02:52 | 00,269,104 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe -- (vmount2 [Auto | Running])
SRV - [2008/03/03 20:06:12 | 00,150,064 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\System32\vmnat.exe -- (VMware NAT Service [Auto | Running])
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe -- (W3SVC [On_Demand | Stopped])
SRV - [2008/08/20 17:28:34 | 00,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...l...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "delicious"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.order.3: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://calendar.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: keyconfig@dorando:20080929
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {176f61b8-3e7d-4d0a-9fdd-f9c2995e2f0c}:0.3.20080822.55
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0b4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.wycliff...onfigproxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "msproxy"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "msproxy"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "msproxy"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "msproxy"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8888
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8888

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/04 17:45:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/07/17 22:13:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox 2 RC1\components [2008/08/13 14:09:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox 2 RC1\plugins [2009/06/26 10:07:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/07 00:47:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/26 10:07:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/22 16:31:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/26 10:07:32 | 00,000,000 | ---D | M]

[2008/06/20 10:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Extensions
[2008/06/20 10:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/07/29 09:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions
[2009/06/12 06:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2006/05/31 05:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{07D70F98-08D3-432e-8BD6-496AD6481A68}
[2009/06/29 09:40:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2006/05/31 05:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{14AFCCF3-39B5-437f-9839-BE3D054A56B4}
[2009/05/06 16:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{176f61b8-3e7d-4d0a-9fdd-f9c2995e2f0c}
[2009/07/29 09:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2009/05/12 22:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/07/08 10:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3a4c7c8f-da1b-47c0-b352-c85ac648e897}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3a7c7029-261d-4349-a53c-dff12ed8c4f4}
[2008/06/19 11:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3c20433a-61bc-42fe-831d-415860e17283}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3c2f3d50-ec4f-11d8-9669-0800200c9a66}
[2008/06/04 21:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2006/05/31 05:40:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3e91e321-7d77-4d1c-9282-2a43591dde82}
[2008/04/08 13:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{4A207596-AED2-4223-929F-BBE1D691B7CD}
[2009/07/29 09:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/07/16 07:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{5d67eb1e-2b10-4538-8321-74a5ec8ccf96}
[2008/07/03 15:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}
[2009/06/08 05:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/16 07:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2008/12/12 11:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2006/05/31 05:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{8e117890-a33f-424b-a2ea-deb272731365}
[2006/05/31 05:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2009/05/04 11:05:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{a8644990-c144-42e7-b2fe-f2170f72ccee}
[2008/11/25 22:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{c24aecc7-7c95-507f-d71f-155cb86656df}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008/05/21 09:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2008/10/11 21:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}
[2009/07/16 07:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{D719B74B-E716-403b-91A9-1CE455AB80E6}
[2008/10/20 12:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/07/04 16:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/02/21 14:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2006/05/31 05:40:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2009/05/08 10:54:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/02/12 11:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{f1ac26a6-41db-47fb-8996-e4605fa6188f}
[2009/07/22 05:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2008/08/12 13:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/04/20 09:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/07/29 09:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/05/05 21:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/07/16 07:46:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/02/12 11:37:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2006/05/31 05:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\keyconfig
[2008/10/03 21:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\keyconfig@dorando
[2006/05/31 05:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\minit
[2008/06/04 21:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/06/08 05:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2008/07/01 12:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/05/05 21:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2006/05/31 05:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\temp
[2006/05/31 05:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\undoclosetab
[2009/07/21 10:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\undoclosetab@dorando
[2009/07/12 16:24:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/07/12 16:34:35 | 00,001,489 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\esv-crossway.xml
[2009/07/23 23:58:50 | 00,002,125 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\flickr-tags.xml
[2009/07/23 23:58:50 | 00,002,859 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\google-images.xml
[2009/07/24 16:15:21 | 00,000,935 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\mw-dictionary.xml
[2007/03/18 22:44:10 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\siteadvisor.xml
[2008/06/20 21:14:00 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\wikipedia.xml
[2008/06/20 10:19:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 06:24:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/02/28 12:12:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\chrome\content\mozapps\extensions
[2009/06/12 06:24:06 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 06:24:06 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/12 23:49:05 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2006/07/12 14:30:24 | 00,034,384 | ---- | M] (WebEx) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2006/07/12 14:30:25 | 00,093,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2004/11/12 22:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2006/07/12 14:30:06 | 00,051,792 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2007/11/20 14:37:22 | 01,334,576 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2006/09/25 06:13:55 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/06/12 06:24:11 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 14:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/26 14:54:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/09/05 18:06:14 | 04,100,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2008/10/03 21:26:03 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/03 21:26:03 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/03 21:26:03 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 18:11:28 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/03 21:26:03 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/12 23:49:05 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/08/12 23:49:05 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2008/10/03 21:26:03 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/03 21:26:03 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1139 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.20.1.28 mamre
O1 - Hosts: 172.20.1.17 galilee
O1 - Hosts: 172.20.1.252 berea
O1 - Hosts: 172.20.1.35 rome
O1 - Hosts: 172.20.1.5 sardis
O1 - Hosts: 172.20.1.16 susa
O1 - Hosts: 172.20.1.40 bethel
O1 - Hosts: 172.20.1.19 sardis-test
O1 - Hosts: 172.20.1.88 susa-test
O1 - Hosts: 172.20.1.98 bethel-test
O1 - Hosts: 172.20.1.127 massah
O1 - Hosts: 172.21.1.14 malta
O1 - Hosts: 172.20.1.14 azor
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O2 - BHO: (HttpWatch Basic) - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll (Simtec Limited)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe (Applian Technologies, Inc.)
O4 - HKLM..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.CPL (Microsoft Corporation)
O4 - HKLM..\Run: [BtTray] C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe (Centennial Software Limited )
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe File not found
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VMware hqtray] C:\Program Files\VMware\VMware Player\hqtray.exe (VMware, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [Yahoo! Pager] File not found
O4 - Startup: C:\Documents and Settings\huttarl.DALLAS\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\huttarl.DALLAS\Start Menu\Programs\Startup\EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\huttarl.DALLAS\Start Menu\Programs\Startup\Shortcut to svn-update-all.lnk = C:\Program Files\Apache Software Foundation\cocoon-2.1.7\build\webapp\mount\svn-update-all.bat ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll File not found
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll (Simtec Limited)
O9 - Extra 'Tools' menuitem : HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: sil.org ([]http in Trusted sites)
O16 - DPF: {00000045-9980-0010-8000-00AA00389B71} http://codecs.micros...86/sg726acm.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.wycliffe...,2008,0717,1611 (F5 Networks VPN Manager)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.wycliffe...llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} http://epm.wycliffe....ts/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190258778281 (WUWebControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://vpn.wycliffe...,2008,0717,1602 (F5 Networks SSLTunnel)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} http://epm.wycliffe....033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_12)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.wycliffe...,2008,0717,1607 (F5 Networks SuperHost Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.wycliffe...,2008,0717,1606 (F5 Networks Host Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dallas.sil.org
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (wxvault.dll) - C:\WINDOWS\System32\wxvault.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (pgdfgsvc) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O34 - HKLM BootExecute: © - File not found
O34 - HKLM BootExecute: (1) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/07/29 10:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\huttarl.DALLAS\Desktop\RootRepeal
[2009/07/27 16:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\jsl
[2009/07/24 11:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\HttpWatch

========== Files - Modified Within 14 Days ==========

[2009/07/29 10:21:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/07/29 10:17:49 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/07/29 10:17:39 | 00,042,838 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/07/29 10:17:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/07/29 10:16:27 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/07/29 10:16:12 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/07/29 10:15:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/07/29 10:15:07 | 00,000,998 | ---- | M] () -- C:\WINDOWS\System32\bscs.ini
[2009/07/29 10:14:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/07/29 10:14:37 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/07/29 10:14:31 | 21,455,74912 | -HS- | M] () -- C:\hiberfil.sys
[2009/07/29 10:12:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/07/29 09:50:00 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993UA.job
[2009/07/29 07:00:35 | 00,042,838 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/07/29 06:39:06 | 00,185,856 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/29 05:50:00 | 00,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993Core.job
[2009/07/28 16:41:07 | 00,000,785 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/07/24 21:52:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/07/16 14:21:07 | 00,001,792 | -H-- | M] () -- C:\Documents and Settings\huttarl.DALLAS\My Documents\Default.rdp

========== LOP Check ==========

[2009/05/09 22:36:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/07 15:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2006/06/15 21:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2007/10/31 10:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/12/09 05:55:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\foldit
[2006/06/08 19:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/01/07 21:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2006/06/21 20:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/02/12 16:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/06/19 21:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/20 15:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2007/05/02 21:03:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2007/04/09 17:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Red Gate
[2007/01/20 12:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/09/30 14:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect Client
[2006/09/03 05:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSE
[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/12/09 13:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SIL
[2008/05/09 06:28:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/06/20 05:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/07 23:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2006/05/23 21:33:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2007/02/13 07:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/05/28 14:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/06/14 06:08:49 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data
[2009/06/23 12:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\.freeciv
[2008/10/07 11:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\.gaim
[2009/05/15 13:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\.purple
[2009/04/19 21:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Aptana
[2009/05/10 22:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Big Fish Games
[2009/01/29 11:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/07/20 14:07:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\com.oxygenxml
[2007/01/04 12:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Conceptworld
[2007/02/10 05:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CrystalApp
[2007/02/10 05:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CrystalSpace
[2009/01/28 22:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CTdeveloping
[2006/06/12 04:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CyberLink
[2009/07/29 10:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Delicious IE Extension
[2008/08/14 15:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Dev-Cpp
[2009/02/03 23:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Download Manager
[2007/03/30 10:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\dvdcss
[2008/08/08 09:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\DzzDExtension
[2008/10/03 11:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ESRI
[2009/07/28 14:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\FileZilla
[2007/08/07 12:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\fltk.org
[2008/09/30 11:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\gnupg
[2009/07/28 11:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\gtk-2.0
[2006/06/13 12:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\HotSync
[2009/01/27 03:16:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\IGN_DLM
[2008/05/09 06:22:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Inkscape
[2009/01/07 21:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Intel
[2007/03/29 12:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\KrazyDad
[2006/06/06 10:37:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Leadertech
[2006/12/06 16:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Miranda
[2006/06/22 23:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Motive
[2007/02/13 07:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\MSN Search Toolbar
[2009/05/15 13:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Notepad++
[2008/05/01 12:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\OfficeUpdate12
[2008/09/04 10:23:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ooVoo Details
[2006/11/27 18:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\OpenOffice.org2
[2007/03/02 00:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\PedestrianEntertainment
[2007/06/21 00:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Processing
[2006/07/11 06:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Quotes
[2007/01/20 11:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Snapfish
[2007/01/26 22:32:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\SpaceMonger
[2009/06/16 14:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Stellarium
[2008/08/25 15:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Subversion
[2006/05/31 05:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Thunderbird
[2008/07/10 09:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\TortoiseSVN
[2006/08/14 16:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\WinMerge
[2008/09/29 17:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\winpt
[2006/12/14 12:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\X2Net
[2007/01/29 00:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ZipGenius
[2009/05/28 14:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ZoomBrowser EX
[2009/07/24 21:52:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/07/29 10:21:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2009/03/02 07:28:14 | 00,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\defrag-disks.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/07/29 10:15:21 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/07/29 10:16:12 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/07/29 10:12:01 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/07/29 05:50:00 | 00,000,948 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993Core.job
[2009/07/29 09:50:00 | 00,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993UA.job
[2009/07/29 10:14:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC5DB2B
< End of report >


OTL Extras logfile created on: 7/29/2009 10:31:24 AM - Run 1
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Program Files\bin
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.16 Gb Available Physical Memory | 57.82% Memory free
1.97 Gb Paging File | 1.10 Gb Available in Paging File | 55.64% Paging File free
Paging file location(s): C:\pagefile.sys 128 512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.93 Gb Total Space | 4.31 Gb Free Space | 7.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 19.54 Gb Total Space | 1.11 Gb Free Space | 5.66% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IT-HUTTAR-D820
Current User Name: huttarl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.js [@ = JSFile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"8000:TCP" = 8000:TCP:LocalSubNet:Enabled:java remote debugging
"135:TCP" = 135:TCP:*:Enabled:RPC
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3306:TCP" = 3306:TCP:*:Enabled:MySQL 3306
"8000:TCP" = 8000:TCP:*:Enabled:jdb
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"8081:TCP" = 8081:TCP:LocalSubNet:Enabled:Apache

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Documents and Settings\huttarl.DALLAS\Local Settings\Temp\usmt\migwiz.exe" = C:\Documents and Settings\huttarl.DALLAS\Local Settings\Temp\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- File not found
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\ruby\bin\ruby.exe" = C:\Program Files\ruby\bin\ruby.exe:*:Enabled:Ruby interpreter -- ()
"C:\WINDOWS\system32\javaw.exe" = C:\WINDOWS\system32\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.5.0_07\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_07\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\jre1.5.0_07\launch4j-tmp\PowerFolder.exe" = C:\Program Files\Java\jre1.5.0_07\launch4j-tmp\PowerFolder.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\jre1.5.0_07\bin\java.exe" = C:\Program Files\Java\jre1.5.0_07\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Sonic\XServer7.0\XMLDatabase\bin\osserver.exe" = C:\Program Files\Sonic\XServer7.0\XMLDatabase\bin\osserver.exe:*:Enabled:ObjectStore Server -- File not found
"C:\Program Files\Sonic\OServer7.0\XMLDatabase\bin\osserver.exe" = C:\Program Files\Sonic\OServer7.0\XMLDatabase\bin\osserver.exe:*:Enabled:ObjectStore Server -- File not found
"C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- File not found
"C:\Program Files\Java\j2re1.4.2_03\bin\java.exe" = C:\Program Files\Java\j2re1.4.2_03\bin\java.exe:*:Enabled:java -- File not found
"C:\Program Files\Sonic\XServer6.1\XMLDatabase\bin\osserver.exe" = C:\Program Files\Sonic\XServer6.1\XMLDatabase\bin\osserver.exe:*:Enabled:ObjectStore Server -- File not found
"C:\Program Files\Sonic\OServer6.1\XMLDatabase\bin\osserver.exe" = C:\Program Files\Sonic\OServer6.1\XMLDatabase\bin\osserver.exe:*:Enabled:ObjectStore Server -- File not found
"C:\Program Files\Sonic\CServer6.1\XMLDatabase\bin\osserver.exe" = C:\Program Files\Sonic\CServer6.1\XMLDatabase\bin\osserver.exe:*:Enabled:ObjectStore Server -- File not found
"C:\Program Files\Sonic\Workbench6.1\StylusStudioIE\bin\Struzzo.exe" = C:\Program Files\Sonic\Workbench6.1\StylusStudioIE\bin\Struzzo.exe:*:Enabled:Stylus Studio -- File not found
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- File not found
"C:\Program Files\Java\j2re1.4.2_12\bin\java.exe" = C:\Program Files\Java\j2re1.4.2_12\bin\java.exe:*:Enabled:java -- ()
"C:\Program Files\Sonic\SonicXMLServer\XMLDatabase\bin\osserver.exe" = C:\Program Files\Sonic\SonicXMLServer\XMLDatabase\bin\osserver.exe:*:Enabled:ObjectStore Server -- File not found
"C:\Program Files\Sonic\SonicOServer\XMLDatabase\bin\osserver.exe" = C:\Program Files\Sonic\SonicOServer\XMLDatabase\bin\osserver.exe:*:Enabled:ObjectStore Server -- File not found
"C:\Program Files\Sonic\SonicStylusStudio\bin\Struzzo.exe" = C:\Program Files\Sonic\SonicStylusStudio\bin\Struzzo.exe:*:Enabled:Stylus Studio -- File not found
"C:\Program Files\Sonic\SonicMQ\jre13-win32\bin\java.exe" = C:\Program Files\Sonic\SonicMQ\jre13-win32\bin\java.exe:*:Enabled:java -- File not found
"C:\Program Files\Java\jdk1.5.0_09\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_09\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Aqua Data Studio 6.0\jre\bin\javaw.exe" = C:\Program Files\Aqua Data Studio 6.0\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre1.6.0_01\bin\java.exe" = C:\Program Files\Java\jre1.6.0_01\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Freeciv-2.1.0-beta6-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.1.0-beta6-gtk2\civserver.exe:*:Enabled:civserver -- File not found
"C:\Program Files\Freeciv-2.1.1-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.1.1-gtk2\civserver.exe:*:Enabled:civserver -- File not found
"C:\Program Files\Attractel\Zoiper\Zoiper.exe" = C:\Program Files\Attractel\Zoiper\Zoiper.exe:*:Enabled:Zoiper -- ()
"C:\WINDOWS\system32\dmremote.exe" = C:\WINDOWS\system32\dmremote.exe:*:Enabled:dmremote.exe -- (Microsoft Corp.)
"C:\Program Files\Java\jdk1.6.0_02\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_02\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe" = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:*:Enabled:BlueSoleilCS -- ()
"C:\Program Files\Eclipse-3.3IThink\eclipse\eclipse.exe" = C:\Program Files\Eclipse-3.3IThink\eclipse\eclipse.exe:*:Enabled:eclipse -- File not found
"C:\Program Files\SIL\FieldWorks\TE.exe" = C:\Program Files\SIL\FieldWorks\TE.exe:*:Disabled:FieldWorks Translation Editor -- File not found
"C:\Program Files\SIL\FieldWorks\Flex.exe" = C:\Program Files\SIL\FieldWorks\Flex.exe:*:Disabled:FieldWorks Language Explorer -- File not found
"C:\Program Files\Freeciv-2.1.5-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.1.5-gtk2\civserver.exe:*:Enabled:civserver -- File not found
"C:\Program Files\Eclipse 3.4\eclipse\eclipse.exe" = C:\Program Files\Eclipse 3.4\eclipse\eclipse.exe:*:Enabled:eclipse -- ()
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\Program Files\Retrospect\Retrospect Client\retroclient.exe" = C:\Program Files\Retrospect\Retrospect Client\retroclient.exe:*:Enabled:Retrospect Client -- (EMC)
"C:\Program Files\Pidgin\pidgin.exe" = C:\Program Files\Pidgin\pidgin.exe:*:Enabled:Pidgin -- (The Pidgin developer community)
"C:\Program Files\Dell\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" = C:\Program Files\Dell\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe:*:Enabled:DNSCST Module -- (Dell)
"C:\WINDOWS\system32\wbem\unsecapp.exe" = C:\WINDOWS\system32\wbem\unsecapp.exe:*:Enabled:WMI -- (Microsoft Corporation)
"C:\Program Files\Java\jre1.6.0_02\bin\java.exe" = C:\Program Files\Java\jre1.6.0_02\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Freeciv-2.1.9-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.1.9-gtk2\civserver.exe:*:Enabled:civserver -- ()
"C:\Program Files\Audio Bible Ambassador\ABA3.exe" = C:\Program Files\Audio Bible Ambassador\ABA3.exe:*:Enabled:Audio Bible Ambassador -- ()
"C:\Program Files\Audio Bible Ambassador\webupdater.exe" = C:\Program Files\Audio Bible Ambassador\webupdater.exe:*:Enabled:Audio Bible Ambassador Updater -- ()
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Dark Oberon\dark-oberon.exe" = C:\Program Files\Dark Oberon\dark-oberon.exe:*:Enabled:dark-oberon -- File not found
"C:\Program Files\Freeciv-2.0.8-win32\civserver.exe" = C:\Program Files\Freeciv-2.0.8-win32\civserver.exe:*:Enabled:civserver -- File not found
"C:\Program Files\Freeciv-2.0.8-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.0.8-gtk2\civserver.exe:*:Enabled:civserver -- File not found
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- File not found
"C:\Program Files\Java\jdk1.5.0_09\bin\java.exe" = C:\Program Files\Java\jdk1.5.0_09\bin\java.exe:*:Enabled:Java™ 2 Platform Standard Edition binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" = C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe:*:Enabled:Service Runner -- (Apache Software Foundation)
"C:\Program Files\THQ\Dawn of War - Winter Assault Demo\WinterAssault.exe" = C:\Program Files\THQ\Dawn of War - Winter Assault Demo\WinterAssault.exe:*:Disabled:WinterAssault -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Nexuiz\nexuiz.exe" = C:\Program Files\Nexuiz\nexuiz.exe:*:Enabled:Nexuiz -- File not found
"C:\Program Files\Steam\SteamApps\pinky091\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\pinky091\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- File not found
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre1.6.0_01\bin\java.exe" = C:\Program Files\Java\jre1.6.0_01\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Freeciv-2.1.0-beta6-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.1.0-beta6-gtk2\civserver.exe:*:Enabled:civserver -- File not found
"C:\Program Files\Steam\SteamApps\pinky091\source sdk base\hl2.exe" = C:\Program Files\Steam\SteamApps\pinky091\source sdk base\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Java\jdk1.6.0_02\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_02\bin\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Freeciv-2.1.5-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.1.5-gtk2\civserver.exe:*:Enabled:civserver -- File not found
"C:\Program Files\Strategy First\Rage of War - demo\RoW.exe" = C:\Program Files\Strategy First\Rage of War - demo\RoW.exe:*:Enabled:RoW -- File not found
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- File not found
"C:\lib\contextminimal\rsync.exe" = C:\lib\contextminimal\rsync.exe:*:Enabled:rsync -- File not found
"C:\Program Files\Steam\steamapps\huttarl\half-life\hl.exe" = C:\Program Files\Steam\steamapps\huttarl\half-life\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"D:\setup\HPZnet01.exe" = D:\setup\HPZnet01.exe:*:Enabled:hpznet01.exe -- File not found
"C:\Program Files\Tremulous\tremulous.exe" = C:\Program Files\Tremulous\tremulous.exe:*:Enabled:tremulous -- File not found
"C:\Program Files\Aptana\Aptana Studio 1.2\jre\bin\javaw.exe" = C:\Program Files\Aptana\Aptana Studio 1.2\jre\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- File not found
"C:\Program Files\Freeciv-2.1.9-gtk2\civserver.exe" = C:\Program Files\Freeciv-2.1.9-gtk2\civserver.exe:*:Enabled:civserver -- ()
"C:\Program Files\Dell\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe" = C:\Program Files\Dell\Dell Laser MFP 1600n\NetworkScan\DNSCST.exe:*:Enabled:DNSCST Module -- (Dell)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01B845D4-B73E-4CF7-A377-94BC7BB4F77B}" = HttpWatch Basic 6.1.42
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{03E27B31-28C0-11D3-8F72-00C04F8DD7E3}" = Clip Art and Symbols
"{03E27B32-28C0-11D3-8F72-00C04F8DD7E3}" = Callouts and Connectors
"{03E27B33-28C0-11D3-8F72-00C04F8DD7E3}" = Borders and Backgrounds
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0ECB59D5-A3FC-4D61-AD3B-6CE679B3F852}" = Java DB 10.2.2.0
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{117CD9C0-0F15-4633-93D7-F957B50535A5}" = Popup Blocker (Windows Live Toolbar)
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{17D95DC6-0FF1-40CF-9C09-B7C8B314D45B}" = PDF Text Reader
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B8C4532-1D5A-43B4-9BA8-26A1384712C0}" = SnowSaver ScreenSaver
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1E726A53-78E9-47DE-B3D9-4165CBC9ABBF}" = Bluesoleil 5.0.5.178
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{23170F69-40C1-2701-0465-000001000000}" = 7-Zip 4.65
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{262C7F33-8251-432E-88C1-E9F42A53F8F0}" = PDFill PDF Editor with FREE PDF Writer and Tools
"{26DC3A40-3ECC-11D3-A300-006008A88CA8}" = CAD Drawing Display
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{273E1BA0-0415-11D3-A2E3-006008A88CA8}" = Block Diagrams
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2B8697EA-453E-11D3-8CE1-00C04F72C04D}" = Help for Visio 2000 (HTML Help)
"{2DBB37E1-3B9A-11D3-A318-006008A88CA8}" = Project Schedules
"{2DE38C17-DD7E-41BA-88BC-0A2387D29657}" = Lively by Google
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA00D4D-BD62-4EA1-8A02-A76ECFEDC3FD}" = Citeknet WDS Mail Add-in (Beta)
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{32A3A4F4-B792-11D6-A78A-00B0D0150090}" = J2SE Development Kit 5.0 Update 9
"{32A3A4F4-B792-11D6-A78A-00B0D0160020}" = Java™ SE Development Kit 6 Update 2
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{362755FC-209C-4B69-93C3-BE8101A29F8B}" = MySQL Server 5.0
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3727B920-F5A3-46A4-AC02-94F421A039C7}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{3BC1954F-F5C9-4ED2-BB2A-BAEEF4DAC74D}" = TortoiseSVN 1.6.3.16613 (32 bit)
"{3D5E5C0A-5B36-4F98-99A7-287F7DBDCE03}" = Skype Plugin Manager
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support
"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{52A7C6A6-6B88-47D1-922E-9F8A7E089E6A}" = Intel® PROSet/Wireless WiFi Software
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5430FF10-2B31-11D3-8F75-00C04F8DD7E3}" = Block Diagrams Help
"{5430FF11-2B31-11D3-8F75-00C04F8DD7E3}" = Flowcharts Help
"{5430FF12-2B31-11D3-8F75-00C04F8DD7E3}" = Forms and Charts Help
"{5430FF13-2B31-11D3-8F75-00C04F8DD7E3}" = Maps Help
"{5430FF14-2B31-11D3-8F75-00C04F8DD7E3}" = Network Diagrams Help
"{5430FF15-2B31-11D3-8F75-00C04F8DD7E3}" = Office Layout Help
"{5430FF16-2B31-11D3-8F75-00C04F8DD7E3}" = Organization Charts Help
"{5430FF17-2B31-11D3-8F75-00C04F8DD7E3}" = Project Schedules Help
"{5430FF21-2B31-11D3-8F75-00C04F8DD7E3}" = Program Files Help
"{5430FF22-2B31-11D3-8F75-00C04F8DD7E3}" = Shape Explorer Help
"{574CC5E0-54C0-4A8E-9F96-7F16734DCF35}" = BART 5.3
"{57F1AB5A-0B9A-4229-B231-B1516A33DCD4}" = VMware Infrastructure Client 2.5
"{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}" = iTunes
"{5E09E82C-004D-4F08-B051-46DE6D79F71A}" = Microsoft Visual C++ Redist - ENU
"{63EF6DD2-F1F1-11D2-9F29-006008A88EC8}" = Program Files
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SILFW)
"{7148F0A8-6813-11D6-A77B-00B0D0142120}" = Java 2 Runtime Environment, SE v1.4.2_12
"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5
"{76C5117C-FEDE-4C3B-8FD3-74FB302DE0C2}_is1" = Airbear Software's IndexZip Plug-in for Google Desktop Search
"{77079D71-B8EB-4F61-9817-79A15137E59D}}_is1" = gdSuite 2.1.3 Beta
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79DFA170-1854-11D3-8F5D-00C04F8DD7E3}" = Custom Properties Editor
"{79DFA172-1854-11D3-8F5D-00C04F8DD7E3}" = Shape Explorer
"{79DFA174-1854-11D3-8F5D-00C04F8DD7E3}" = Page Layout Wizard
"{79DFA176-1854-11D3-8F5D-00C04F8DD7E3}" = Property Reporting Wizard
"{79DFA177-1854-11D3-8F5D-00C04F8DD7E3}" = Save as HTML
"{79DFA179-1854-11D3-8F5D-00C04F8DD7E3}" = Database Wizard
"{79DFA17A-1854-11D3-8F5D-00C04F8DD7E3}" = Spelling
"{79DFA17B-1854-11D3-8F5D-00C04F8DD7E3}" = Graphics Filters
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7D3DB7D6-494B-11D3-9F62-006008A88EC8}" = Visio Core Files
"{7DD40F12-25DC-11D3-9F43-006008A88EC8}" = Visio
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87F59A07-55EE-415E-A966-31F3D8B6B7AD}" = LP6940_Help
"{8C8C2500-3756-4CFF-8CAD-E840A36AAB84}" = ActivePerl 5.8.8 Build 819
"{8DC6CA16-9B4E-4C10-95EE-2BD91EB0290C}" = LP6940Trb
"{8EDD1437-7474-40CA-ABE9-E7ADA4106F47}" = SQL Server 2000 DTS Designer Components
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{90972304-89E0-4F9B-88C8-185917CCCFA9}" = QLiner Quotes 2006
"{922859B1-4A9C-11D3-8662-00C04F8DBAD9}" = Release Notes
"{933DA141-0EEB-11D3-A2EC-006008A88CA8}" = Organization Charts
"{933DA142-0EEB-11D3-A2EC-006008A88CA8}" = Forms and Charts
"{933DA144-0EEB-11D3-A2EC-006008A88CA8}" = Flowcharts
"{933DA145-0EEB-11D3-A2EC-006008A88CA8}" = Network Diagrams
"{933DA146-0EEB-11D3-A2EC-006008A88CA8}" = Maps
"{933DA147-0EEB-11D3-A2EC-006008A88CA8}" = Office Layout
"{95FC661A-A0C5-4B18-92CE-90347DA79CC9}" = Smart Menus (Windows Live Toolbar)
"{9C209B30-F71F-4c53-8D26-453208EC8E91}" = dj6940
"{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}" = Windows Live Toolbar
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A2D3EE38-DF76-4C5A-BC49-80936ADCA5A7}" = Stylus Studio Integration Edition
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9553C3B-753D-40D2-8ACB-5ED0B670B20A}" = Schematron Validator
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{ADF69C76-13FF-49F0-A078-922725A8B1B6}" = BOINC
"{AE765884-4770-4A92-82D9-AB3192512B31}" = Preboot Manager
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B1D5486F-5490-4197-A9EC-133829D14306}" = Google Desktop Plugin - GoogleCalendar
"{B535B621-5559-11DE-A7A1-005056806466}" = Google Earth Plugin
"{B5AB9CB4-4AAE-44CC-A6AF-37388326E85F}" = Wave Infrastructure Installer
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B89211A0-5C81-11DD-8757-000ACD11CAF7}" = Python 2.5 pygame-1.8.1
"{BAC869E2-3A0C-11D3-A315-006008A88CA8}" = Callouts and Connectors Help
"{BAC869E6-3A0C-11D3-A315-006008A88CA8}" = Clip Art and Symbols Help
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BCBA1640-3480-4C08-8A52-5973D7BA265B}" = Aqua Data Studio 6.0
"{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = RemoteCapture 2.7.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2A5CE58-3A13-11D3-A315-006008A88CA8}" = Borders and Backgrounds Help
"{C2AD3290-DA0B-482A-B8BD-642008EE8C6E}" = Retrospect Client 7.6
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5205EE1-2B3E-11D3-8F75-00C04F8DD7E3}" = Developing Visio Solutions Help
"{C59F360F-8743-40DC-844E-ADC04CD0B3E8}" = SQL Dependency Tracker
"{C6C084EB-7576-4850-97F1-8FD26139764D}" = MSSoapRuntime
"{C7134CDC-2000-1967-A00D-0244A64A998F}" = VMware Virtual Infrastructure Client 2.0
"{C844961D-7C6A-48DC-83FA-091DB22DEAB6}_is1" = RandomScreensaver 2.0.1
"{CA589952-DA5A-3632-AEF1-E73F998ABA66}" = O3D Plugin
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D1183FA8-AA29-4C82-B998-9593D7AF42FE}" = NTRU Hybrid TSS v2.0.7
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D2AFD577-8CF5-37F4-A4CF-32BEE91CB9C8}" = O3D Extras
"{D3AA6C82-2A7E-11D3-8F74-00C04F8DD7E3}" = Add-ons
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{D9388CA9-E056-446C-8E13-111DA0F3A704}" = IPA Help
"{D93B70D2-4DA4-4F6F-9DC8-72D08F74A386}" = VMware Infrastructure Update
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DBFA7530-0CBF-11D3-8CC0-00C04F72C04D}" = Visio 2000
"{DCE65B11-710D-4C54-9DE5-1A6A0BD2186B}" = Windows Live Favorites for Windows Live Toolbar
"{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"{de2f2d9c-53e2-40ee-8209-74da63cb060e}" = Python 3.0.1
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{DF821FC5-C198-452B-A0D4-82433EFEAE9B}" = OneCare Advisor (Windows Live Toolbar)
"{E5655737-044F-4ED9-8B1D-04368B98A839}" = Network Scan
"{E56DA8E0-3737-4803-9BAB-2FA6D82F6D9E}" = GDS Document Maps
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E65E367B-B25C-4FF8-B270-D5277E7CF1B0}" = Intel Performance Power Manager
"{E8814A8F-3B06-11D3-8CD7-00C04F72C04D}" = Microsoft Visual Studio Service Pack 3
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.2.1060)
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{ECDA9BD9-A54E-462A-8191-A2B569D9AB34}" = Map Button (Windows Live Toolbar)
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = File Viewer Utility 1.2
"{F1802FA6-54E9-4B24-BD2A-B50866819795}" = EMBASSY Trust Suite by Wave Systems
"{F4455372-251E-11D3-8F71-00C04F8DD7E3}" = Solutions
"{F5AF5CDA-76FC-4794-9F28-09B6D54E7431}" = Form Fill (Windows Live Toolbar)
"{F724042F-367A-3B58-9BE3-8EF7A6F058D6}" = Google Gears
"{F8FBDC28-C265-4F0D-8B91-6E92913E19F6}" = IIS 6.0 Resource Kit Tools
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"3D Solar System 3.8" = 3D Solar System 3.8
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.2
"8531-1278-6363-8538" = Oxygen XML Editor 10.3
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"aiSee_is1" = aiSee 2.2
"AntAttackPC002" = Ant Attack PC v0.02
"Apache Tomcat 5.5" = Apache Tomcat 5.5 (remove only)
"Ask & Record Toolbar4.00" = Ask & Record Toolbar 4.00
"Ask Toolbar_is1" = Ask Toolbar
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"Audacity_is1" = Audacity 1.2.4
"Audio Bible Ambassador_is1" = Audio Bible Ambassador 1.0
"BFG-Azada" = Azada
"BFGC" = Big Fish Games Client
"Bomgar Representative Console [remote.sil.org]" = Bomgar Representative Console [remote.sil.org]
"BroadJump Client Foundation" = BroadJump Client Foundation
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CharisSIL" = CharisSIL 4.102
"Christmas Bells 3D Screensaver_is1" = Christmas Bells 3D Screensaver 1.0
"Clock Tower 3D Screensaver_is1" = Clock Tower 3D Screensaver 1.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coral Clock 3D Screensaver_is1" = Coral Clock 3D Screensaver 1.0
"CSCLIB" = Canon Camera Support Core Library
"Cuckoo Clock 3D Screensaver_is1" = Cuckoo Clock 3D Screensaver 1.0
"CutePDF Writer Installation" = CutePDF Writer 2.7
"Deep Space 3D Screensaver_is1" = Deep Space 3D Screensaver 1.0
"Delicious Add-on for Internet Explorer" = Delicious Add-on for Internet Explorer
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Dirk's Metronome V1.0 Full version" = Dirk's Metronome V1.0 Full version
"Discovery 3D Screensaver_is1" = Discovery 3D Screensaver 1.1
"DorkAldelMoojob_is1" = Dork version 1.0
"dotXSL" = dotXSL
"DoulosSIL" = DoulosSIL 4.104
"Download Manager" = Download Manager 2.3.6
"Earth 3D Screensaver_is1" = Earth 3D Screensaver 1.0
"Easy PDF to Text Converter v2.0_is1" = Easy PDF to Text Converter v2.0
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"EzraSIL" = EzraSIL 2.51
"Fiddler2" = Fiddler2 (remove only)
"FileZilla Client" = FileZilla Client 3.2.4.1
"Fireside Christmas 3D Screensaver_is1" = Fireside Christmas 3D Screensaver 1.0
"Flag 3D Screensaver_is1" = Flag 3D Screensaver 1.0
"Fluid Desktop Screensaver" = Fluid Desktop Screen Saver
"foldit" = foldit
"Foxit Reader" = Foxit Reader
"Freeciv-2.1.9-gtk2" = Freeciv 2.1.9 (GTK+ client)
"FreeType-2.3.5-1_is1" = GnuWin32: FreeType-2.3.5-1
"GalatiaSIL" = GalatiaSIL 2.0.1
"Galleon 3D Screensaver_is1" = Galleon 3D Screensaver 1.3
"Gallery Remote" = Gallery Remote
"Gallery Remote Screensaver" = Gallery Remote Screensaver 1.5.1-b17
"Gentium" = Gentium 1.02
"GentiumBasic" = GentiumBasic 1.100
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Desktop" = Google Desktop
"Google Desktop Extreme_is1" = Google Desktop Extreme version 2.1.2
"Google Updater" = Google Updater
"GPG4Win" = GnuPG For Windows
"GPL Ghostscript 8.54" = GPL Ghostscript 8.54
"GPL Ghostscript Fonts" = GPL Ghostscript Fonts
"Graphviz" = Graphviz
"GSview 4.8" = GSview 4.8
"GT Ripple" = GT Ripple
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"gtkmm" = gtkmm Development Environment 2.10
"Guitar-Online Tools - Metronome (Light Edition)_is1" = Guitar-Online Tools - Metronome, version 2.0
"HDDlife plug-in for Google Desktop" = HDDlife plug-in for Google Desktop 1.1
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"Hypercube version 2" = Hypercube version 2
"Ice Clock 3D Screensaver_is1" = Ice Clock 3D Screensaver 1.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Inkscape" = Inkscape 0.46
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{6CDAED1C-5B60-4818-88A7-E4A90CD367AF}" = Wave Support Software
"InstallShield_{BEB03A1A-1EB6-48EB-9985-8B97315EE5C0}" = Canon Utilities RemoteCapture 2.7
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{DD41AC25-61B2-4FC9-90AA-672F32139AC3}" = ETS Launch Pad
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"InstallShield_{EF0DD8B7-471C-463B-A298-6066C2FABAF5}" = Canon Utilities File Viewer Utility 1.2
"InstallShield_{F8FBDC28-C265-4F0D-8B91-6E92913E19F6}" = IIS 6.0 Resource Kit Tools
"KDiff3" = KDiff3 (remove only)
"Koi Fish 3D Screensaver_is1" = Koi Fish 3D Screensaver 1.0
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"MakeVM_is1" = MakeVM version 1.6.3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapWindow GIS_is1" = MapWindow GIS
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.14)" = Mozilla Firefox (2.0.0.14)
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Mozilla Thunderbird (2.0.0.22)" = Mozilla Thunderbird (2.0.0.22)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NarbacularDrop_is1" = Narbacular Drop version 1.4
"Nautilus 3D Screensaver_is1" = Nautilus 3D Screensaver 1.2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"oggcodecs" = oggcodecs 0.71.0946
"OpenAL" = OpenAL
"OpenIL" = Open Image Library (remove only)
"OpenVPN" = OpenVPN 2.1_rc18
"OPViewer" = OPViewer 1.2
"PhotoRecord" = Canon PhotoRecord
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picasa2" = Picasa 2
"Pidgin" = Pidgin
"POV-Ray for Windows v3.6" = POV-Ray for Windows v3.6.1c
"PowerFolder" = PowerFolder (Remove Only)
"ProInst" = Intel PROSet Wireless
"pycairo-py2.5" = Python 2.5 pycairo-1.4.12
"pygame-1.8-docs" = Pygame 1.8 Documents and Examples
"pygobject-py2.5" = Python 2.5 pygobject-2.14.1
"pygtk-py2.5" = Python 2.5 pygtk-2.10.6
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Registry Toolkit" = Registry Toolkit
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Ruby" = Ruby 1.8.2-15 (uninstall)
"Sametime Client v6.5.1" = Sametime Client v6.5.1
"SaverBeans Screensaver Pack" = SaverBeans Screensaver Pack 0.2
"ShellRun" = ShellRun
"Skype_is1" = Skype 3.0
"Smoke" = Smoke demo by NVIDIA (remove only)
"SpaceMonger" = SpaceMonger 2.1.1
"ST6UNST #1" = QSaver (if Quotes installed, put QSaver in same dir)
"Steam App 211" = Source SDK
"Steam App 215" = Source SDK Base
"Steam App 420" = Half-Life 2: Episode Two
"Stellarium_is1" = Stellarium 0.10.2
"Subversion_is1" = Subversion 1.4.0-r21228
"The Lost Watch 3D Screensaver_is1" = The Lost Watch 3D Screensaver 1.0
"The One Ring 3D Screensaver_is1" = The One Ring 3D Screensaver 1.0
"Tidy_is1" = Tidy (February 16th, 2006)
"TightVNC_is1" = TightVNC 1.2.9
"Tweak UI 2.10" = Tweak UI
"UnityWebPlayer" = Unity Web Player
"Video to Audio Converter_is1" = Video to Audio Converter 1.12
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"VMmanager" = VMmanager
"Voyage of Columbus 3D Screensaver_is1" = Voyage of Columbus 3D Screensaver 1.0
"Water Clock 3D Screensaver_is1" = Water Clock 3D Screensaver 1.0
"Watermill 3D Screensaver_is1" = Watermill 3D Screensaver 2.0
"Western Railway 3D Screensaver_is1" = Western Railway 3D Screensaver 1.0
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"WIC" = Windows Imaging Component
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.4
"WinMerge_is1" = WinMerge 2.6.4.0
"WinPcapInst" = WinPcap 4.0.2
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoiper" = Zoiper 2.13 Free
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Competition Arena" = Competition Arena
"GeoViz Toolkit" = GeoViz Toolkit

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/28/2009 8:07:13 AM | Computer Name = IT-HUTTAR-D820 | Source = Symantec AntiVirus | ID = 16711720
Description = Symantec AntiVirus has determined that the virus definitions are missing
on this computer. This computer will remain unprotected from viruses until virus
definitions are downloaded to this computer.

Error - 7/28/2009 12:09:27 PM | Computer Name = IT-HUTTAR-D820 | Source = Application Error | ID = 1000
Description = Faulting application gimp-2.4.exe, version 0.0.0.0, faulting module
msvcrt.dll, version 7.0.2600.5512, fault address 0x000378c0.

Error - 7/28/2009 12:09:32 PM | Computer Name = IT-HUTTAR-D820 | Source = Application Error | ID = 1001
Description = Fault bucket 745171806.

Error - 7/28/2009 9:44:50 PM | Computer Name = IT-HUTTAR-D820 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 7/28/2009 9:44:50 PM | Computer Name = IT-HUTTAR-D820 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (A socket operation was attempted to an unreachable host. ). Group Policy
processing aborted.

Error - 7/28/2009 11:18:01 PM | Computer Name = IT-HUTTAR-D820 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/28/2009 11:19:11 PM | Computer Name = IT-HUTTAR-D820 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for DALLAS\huttarl failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/29/2009 7:18:05 AM | Computer Name = IT-HUTTAR-D820 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/29/2009 7:19:16 AM | Computer Name = IT-HUTTAR-D820 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for DALLAS\huttarl failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 7/29/2009 7:32:57 AM | Computer Name = IT-HUTTAR-D820 | Source = Application Hang | ID = 1002
Description = Hanging application hl2.exe, version 0.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 7/29/2009 9:44:54 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/29/2009 9:44:54 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/29/2009 9:47:18 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/29/2009 9:47:18 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/29/2009 9:47:18 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/29/2009 11:15:01 AM | Computer Name = IT-HUTTAR-D820 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 7/29/2009 11:15:25 AM | Computer Name = IT-HUTTAR-D820 | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetBT_Tcpip_{FBF64BCB-1732-46FE-B12F-821035ABE2BE}
because another computer on the network has the same name. The server could not
start.

Error - 7/29/2009 11:16:13 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/29/2009 11:16:14 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 7/29/2009 11:16:14 AM | Computer Name = IT-HUTTAR-D820 | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.


< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 02 August 2009 - 07:30 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hi

Please download OTM
  • Save it to your desktop.
  • Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes

:Services
knukvhuq


:Reg

:Files
C:\knukvhuq.sys /s
:Commands
[purity]
[emptytemp]
[Reboot]
  • Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTM and reboot your PC.
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
  • 0

#3
LarsH
Posted 03 August 2009 - 02:01 PM

LarsH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks.
By the way, I do notice that often, when I find the computer (Half-Life 2) slowing down, and I go to the process list, Steam.exe is taking a fair chunk of CPU (e.g. around 40-50%). However I don't know if this Steam CPU usage was the cause of the slowdown, or was caused *by* interupting HL2 to go to the task manager (HL2 does seem to get upset when I go to TM... sometimes it hangs afterward). Besides, the same slowdown phenomenon has consistently happened even when I'm not running Steam.

Anyway, logs follow...

OTM:
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
Service\Driver knukvhuq not found.
Service\Driver knukvhuq not found.
========== REGISTRY ==========
========== FILES ==========
File/Folder C:\knukvhuq.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: BB443B11-7D12-450c-9F85-2D32804655F9

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: huttarl

User: huttarl.DALLAS
->Temp folder emptied: 4284994 bytes
->Temporary Internet Files folder emptied: 1578563 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 49851884 bytes
->Google Chrome cache emptied: 21817023 bytes

User: HUTTAR~1~DAL

User: IT-HUTTAR-D820

User: Lars Huttar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 17065 bytes
RecycleBin emptied: 2625 bytes

Total Files Cleaned = 74.02 mb


OTM by OldTimer - Version 3.0.0.5 log created on 08032009_110509

Files moved on Reboot...

Registry entries deleted on Reboot...


Combofix:

ComboFix 09-08-02.04 - huttarl 08/03/2009 14:27.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1146 [GMT -5:00]
Running from: c:\documents and settings\huttarl.DALLAS\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\18fcf80.msi
c:\windows\Installer\7cef47c.msp
c:\windows\system32\Cache

.
((((((((((((((((((((((((( Files Created from 2009-07-03 to 2009-08-03 )))))))))))))))))))))))))))))))
.

2009-08-03 16:05 . 2009-08-03 16:05 -------- d-----w- C:\_OTM
2009-07-29 14:58 . 2009-07-29 14:58 3775175 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-27 21:09 . 2009-07-27 21:14 -------- d-----w- c:\program files\jsl
2009-07-24 16:34 . 2009-07-24 16:34 -------- d-----w- c:\program files\HttpWatch
2009-07-19 01:42 . 2009-06-11 10:38 167936 ------w- c:\documents and settings\huttarl.DALLAS\Application Data\Thunderbird\Profiles\9mw4bbea.default\extensions\{847b3a00-7ab1-11d4-8f02-006008948af5}\platform\WINNT_x86-msvc\components\enigmime-x86-msvc.dll
2009-07-16 12:46 . 2009-07-09 16:01 110592 ------w- c:\documents and settings\huttarl.DALLAS\Application Data\Mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-03 19:40 . 2007-08-02 20:09 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2009-08-03 19:40 . 2007-08-02 20:24 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2009-08-03 19:38 . 2006-06-13 17:26 -------- d-----w- c:\program files\Symantec
2009-08-03 17:02 . 2006-06-13 17:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-08-03 17:02 . 2006-06-13 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-03 16:51 . 2006-05-31 15:28 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-03 15:55 . 2006-07-01 22:16 -------- d-----w- c:\documents and settings\huttarl.DALLAS\Application Data\Skype
2009-08-03 07:09 . 2006-05-24 02:17 42853 ----a-w- c:\windows\system32\nvModes.dat
2009-08-03 06:17 . 2008-11-21 02:43 -------- d-----w- c:\program files\Steam
2009-08-03 06:14 . 2009-06-10 11:07 -------- d-----w- c:\documents and settings\huttarl.DALLAS\Application Data\Delicious IE Extension
2009-08-03 02:01 . 2007-04-09 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-01 19:51 . 2006-06-05 13:04 -------- d-----w- c:\documents and settings\huttarl.DALLAS\Application Data\com.oxygenxml
2009-07-29 15:34 . 2006-07-20 10:02 -------- d-----w- c:\program files\bin
2009-07-29 14:58 . 2008-12-12 17:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-28 19:59 . 2008-04-17 03:07 -------- d-----w- c:\documents and settings\huttarl.DALLAS\Application Data\FileZilla
2009-07-28 16:03 . 2008-02-18 16:33 -------- d-----w- c:\documents and settings\huttarl.DALLAS\Application Data\gtk-2.0
2009-07-24 05:32 . 2006-05-31 21:20 -------- d-----w- c:\program files\Apache Software Foundation
2009-07-18 03:13 . 2006-05-24 02:36 -------- d-----w- c:\program files\Google
2009-07-17 15:39 . 2008-10-23 15:29 -------- d-----w- c:\program files\Oxygen XML Editor 10
2009-07-13 18:36 . 2009-05-14 22:17 38160 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 18:36 . 2009-05-14 22:17 19096 ------w- c:\windows\system32\drivers\mbam.sys
2009-07-13 15:19 . 2009-05-15 17:44 -------- d-----w- c:\program files\Notepad++
2009-07-03 17:09 . 2004-08-11 22:00 915456 ------w- c:\windows\system32\wininet.dll
2009-07-01 14:14 . 2008-09-30 19:14 613 ------w- c:\windows\RETCLIENT.DAT
2009-07-01 02:33 . 2009-07-01 02:32 -------- d-----w- c:\program files\OpenVPN
2009-06-26 17:05 . 2009-06-26 17:05 303104 ------w- c:\documents and settings\huttarl.DALLAS\Application Data\Google\O3D\reporter.exe
2009-06-26 17:05 . 2009-06-26 17:05 466944 ------w- c:\documents and settings\huttarl.DALLAS\Application Data\Google\O3D\o3d_host.dll
2009-06-26 17:04 . 2009-06-26 17:04 5197824 ------w- c:\documents and settings\huttarl.DALLAS\Application Data\Mozilla\plugins\npo3dautoplugin.dll
2009-06-26 16:44 . 2009-06-26 16:44 1507328 ------w- c:\documents and settings\huttarl.DALLAS\Application Data\Mozilla\plugins\O3DExtras\swiftshader_d3d9.dll
2009-06-25 20:19 . 2009-06-25 20:19 -------- d-----w- c:\program files\Audio Bible Ambassador
2009-06-25 20:05 . 2009-05-12 04:50 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2009-06-25 20:05 . 2009-01-29 13:18 -------- d-----w- c:\program files\TortoiseSVN
2009-06-23 17:35 . 2009-06-14 11:08 -------- d-----w- c:\documents and settings\huttarl.DALLAS\Application Data\.freeciv
2009-06-22 15:53 . 2009-06-14 11:01 -------- d-----w- c:\program files\Freeciv-2.1.9-gtk2
2009-06-22 11:09 . 2006-05-24 02:29 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-20 10:40 . 2007-03-02 05:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-16 19:32 . 2008-02-01 16:10 -------- d-----w- c:\documents and settings\huttarl.DALLAS\Application Data\Stellarium
2009-06-16 17:09 . 2008-02-01 15:59 -------- d-----w- c:\program files\Stellarium
2009-06-16 14:36 . 2004-08-11 22:00 119808 ------w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-11 22:00 81920 ------w- c:\windows\system32\fontsub.dll
2009-06-12 13:50 . 2009-06-05 21:29 -------- d-----w- c:\program files\boost
2009-06-12 13:25 . 2009-06-12 13:25 -------- d-----w- c:\program files\7-Zip
2009-06-10 11:07 . 2009-06-10 11:05 -------- d-----w- c:\program files\Delicious Add-on for Internet Explorer
2009-06-09 22:29 . 2008-06-24 18:50 -------- d-----w- c:\program files\Freeciv-2.1.5-gtk2
2009-06-03 19:09 . 2004-08-11 22:00 1291264 ------w- c:\windows\system32\quartz.dll
2009-05-07 15:32 . 2004-08-11 22:00 345600 ------w- c:\windows\system32\localspl.dll
2006-12-05 06:59 . 2006-12-05 06:59 7 ---h--r- c:\program files\~etzero~.aic
2009-08-03 05:20 . 2008-06-20 15:18 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-08-13 04:49 . 2007-08-23 19:54 122880 ------w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-07-12 19:30 . 2006-07-12 19:30 34384 ------w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2006-07-12 19:30 . 2006-07-12 19:30 93848 ------w- c:\program files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-02-11 19:40 365960 ------w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-02-11 365960]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-02-11 365960]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-06-05 23:01 85712 ------w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-09 68856]
"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2008-08-01 1103216]
"Google Update"="c:\documents and settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-08 176128]
"Document Manager"="c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 98304]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2002-09-11 368706]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2007-04-05 225280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-13 29744]
"BtTray"="c:\program files\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 258134]
"VMware hqtray"="c:\program files\VMware\VMware Player\hqtray.exe" [2008-03-04 55856]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-19 7401472]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"Ask and Record FLV Service"="c:\program files\Ask & Record Toolbar\FLVSrvc.exe" [2009-03-10 156672]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-01-19 73728]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-11-17 397312]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2006-06-21 331776]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-01-19 1519616]

c:\documents and settings\huttarl.DALLAS\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-23 24576]
EMBASSY Trust Suite Secure Update.lnk - c:\program files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 192512]
Shortcut to svn-update-all.lnk - c:\program files\Apache Software Foundation\cocoon-2.1.7\build\webapp\mount\svn-update-all.bat [2007-4-3 1821]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Java\\jdk1.5.0_09\\bin\\java.exe"=
"c:\\Program Files\\Apache Software Foundation\\Tomcat 5.5\\bin\\tomcat5.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre1.6.0_01\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\SteamApps\\pinky091\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_02\\bin\\java.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\huttarl\\half-life\\hl.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Freeciv-2.1.9-gtk2\\civserver.exe"=
"c:\\Program Files\\Dell\\Dell Laser MFP 1600n\\NetworkScan\\DNSCST.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3306:TCP"= 3306:TCP:MySQL 3306
"8000:TCP"= 8000:TCP:jdb
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R2 MSSQL$SILFW;SQL Server (SILFW);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
R2 Retrospect Client;Retrospect Client;c:\program files\Retrospect\Retrospect Client\RemotSvc.exe [12/1/2008 5:36 PM 61440]
R3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [10/8/2008 12:15 AM 25216]
R3 urvpndrv;F5 Networks VPN Adapter;c:\windows\system32\drivers\urvpndrv.sys [7/17/2008 11:12 AM 27000]
S2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [5/8/2009 10:54 AM 234888]
S2 gupdate1c8e1d582c30206;Google Update Service (gupdate1c8e1d582c30206);c:\program files\Google\Update\GoogleUpdate.exe [7/9/2008 10:07 AM 133104]
S3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [7/5/2007 9:37 AM 9248]
S3 EraserUtilDrv10615;EraserUtilDrv10615;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10615.sys [?]
S3 f5ipfw;F5 Networks StoneWall Filter;c:\windows\system32\drivers\urfltw2k.sys [3/11/2009 1:27 PM 10744]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [1/29/2009 1:13 PM 33752]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [8/23/2007 2:54 PM 29744]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 SonicXSvr DB Server;SonicXSvr DB Server;"c:\program files\Sonic\SonicXMLServer\XMLDatabase\bin\osserver.exe" --> c:\program files\Sonic\SonicXMLServer\XMLDatabase\bin\osserver.exe [?]
S3 SonicXSvr Lock Manager;SonicXSvr Lock Manager;"c:\program files\Sonic\SonicXMLServer\XMLDatabase\bin\oscmgr6.exe" --> c:\program files\Sonic\SonicXMLServer\XMLDatabase\bin\oscmgr6.exe [?]
S3 Tomcat5;Apache Tomcat;c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [3/26/2005 2:23 PM 102400]
S3 USBDELVI;Delcom USB Visual Indicator Driver;c:\windows\system32\drivers\USBDELVI.sys [10/2/2007 2:55 PM 10981]
S4 SonicCSvr6.1 DB Server;SonicCSvr6.1 DB Server;"c:\program files\Sonic\CServer6.1\XMLDatabase\bin\osserver.exe" --> c:\program files\Sonic\CServer6.1\XMLDatabase\bin\osserver.exe [?]
S4 SonicCSvr6.1 Lock Manager;SonicCSvr6.1 Lock Manager;"c:\program files\Sonic\CServer6.1\XMLDatabase\bin\oscmgr6.exe" --> c:\program files\Sonic\CServer6.1\XMLDatabase\bin\oscmgr6.exe [?]
S4 SonicCSvr6.1 Server;SonicCSvr6.1 Server;"c:\program files\Sonic\CServer6.1\XMLDatabase\BIN\xlnadmin.exe" --> c:\program files\Sonic\CServer6.1\XMLDatabase\BIN\xlnadmin.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 22:57]

2009-08-03 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-10-11 05:25]

2009-03-02 c:\windows\Tasks\defrag-disks.job
- c:\program files\bin\defrag-disks.vbs [2007-01-29 15:44]

2009-08-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2006-12-14 11:10]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-09 19:14]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-09 19:14]

2009-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993Core.job
- c:\documents and settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 20:42]

2009-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993UA.job
- c:\documents and settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 20:42]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM Startup - c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &MSN Search - c:\program files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll/search.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/229?432e62ca20db480ab71f37ce37a89ec7
IE: Open in new foreground tab - c:\program files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll/230?432e62ca20db480ab71f37ce37a89ec7
Trusted Zone: sil.org
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://epm.wycliffe.org/ProjectServer/objects/pjclient.cab
DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://epm.wycliffe.org/ProjectServer/objects/1033/pjcintl.cab
FF - ProfilePath - c:\documents and settings\huttarl.DALLAS\Application Data\Mozilla\Firefox\Profiles\9x0wv3mu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://calendar.google.com/
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\documents and settings\huttarl.DALLAS\Application Data\Mozilla\plugins\npo3dautoplugin.dll
FF - plugin: c:\documents and settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Lively\nplively.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAdbESD.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 14:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\windows\system32\netprovcredman.dll

- - - - - - - > 'lsass.exe'(1360)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(4268)
c:\windows\system32\WININET.dll
c:\documents and settings\huttarl.DALLAS\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\centenn.ial\AUDIT\cagent32.exe
c:\centenn.ial\AUDIT\xferwan.exe
c:\program files\Wave Systems Corp\common\DataServer.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\progra~1\Dantz\RETROS~1\wdsvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
c:\program files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
c:\windows\system32\vmnat.exe
c:\program files\Intel\WiFi\bin\WLKEEPER.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\VMware\VMware Player\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\program files\Retrospect\Retrospect Client\retroclient.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\program files\Apoint\hidfind.exe
c:\program files\Apoint\ApntEx.exe
c:\program files\iPod\bin\iPodService.exe
c:\documents and settings\huttarl.DALLAS\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Java\jre1.6.0_02\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-08-03 14:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-03 19:56

Pre-Run: 5,523,746,816 bytes free
Post-Run: 5,460,496,384 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

373 --- E O F --- 2009-07-29 12:19
  • 0

#4
LarsH
Posted 04 August 2009 - 10:34 AM

LarsH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, an update...
After doing what you directed above (OTM and ComboFix), I also went through MSConfig's startup list to remove unnecessary startup programs. I used the list at http://www.sysinfo.org/startuplist.php to figure out which ones to remove. I was fairly conservative, not removing programs if I wasn't sure.

However I noticed one suspicious entry in the startup list. Its name was given as merely "1". The sysinfo.org list said that entry might represent a trojan or worm. Of course I disabled that entry.

When I clicked Apply in msconfig, it said there was an error in saving, or something like that. When I exited msconfig, it said the same thing; but it exited anyway.

Now, whenever I boot, I get the error about invalid boot.ini, missing/corrupt hal.dll. I've followed directions similar to http://www.geekstogo...ll-t129956.html, with bootcfg /rebuild; after that, I'm able to boot once without the CD, but then on the next reboot it goes back to invalid boot.ini, missing/corrupt hal.dll. Note that when this happens, there is no boot.ini (yes I tried removing its attributes).

Today I read some more about msconfig and learned that I should have left it in "Selective startup" mode. I had changed it to Normal Mode after a couple of reboots hoping that might help my booting problem; but it didn't. So next time I'm able to start Windows I'll go back to Selective startup. Maybe this "1" startup entry is what's ruining my boot.ini, so using Selective startup should avoid running "1" and maybe that will get rid of the problem.

BTW, after one of these boots, I got a BSOD with stop error 0x00000007. I looked that up and it said it was often associated with Symantec Antivirus. I have had Symantec on here, but uninstalled it (couldn't just disable it) in order for ComboFix to run better, as you suggested.

Now, the computer is running chkdsk, though I didn't request it. Maybe because of the BSOD? I ran a full chkdsk /r last night, and it found & fixed one bad sector as I recall. So I wish I didn't have to wait for a chkdsk today. Oh well.

If you've got more suggestions, I'm all ears.
  • 0

#5
LarsH
Posted 04 August 2009 - 01:55 PM

LarsH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Another update...
That last chkdsk actually turned up errors... "deleting index entry pagefile.sys in index $i30 of file 5." and "Chkdsk is recovering lost files." Hm.

Well, after I used msconfig to get back into selective boot , and disabled the "1" entry from the startup list, I rebooted again, and ... bummer. Boot.ini disappeared again. Again, it's not just that the file is invisible:
c:\>attrib -r -h -s boot.ini
File not found - boot.ini

I'm now handing the computer over to our IT customer support desk.
  • 0

#6
Rorschach112
Posted 04 August 2009 - 03:26 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
this work for you ?

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#7
LarsH
Posted 05 August 2009 - 09:50 AM

LarsH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello,
I did TFC, MBAM and Kaspersky as you suggested.

I couldn't find the settings in Kaspersky that you described. Maybe their GUI has changed? But I turned on all the options for things to scan, and did a full scan. Both MBAM and Kaspersky logs are below.

An update on the boot.ini problem:
I've gotten into a routine of re-copying my c:\boot.ini from a backup every time I boot. This works... so whatever is deleting boot.ini during startup, it's not doing it again till the next startup.
So in effect I have a workable system.
But I don't like the idea of some malicious program sitting there deleting my boot.ini whenever I reboot. Wonder what else it's trying to do.

I wish I knew how to export Kaspersky's "detected threats" view. I took a screenshot - see attached PNG. It lists lots of "very dangerous" vulnerabilities that it detected. The "Disinfect all" button is disabled. When I select one and click Quarantine, I get a dialog that wants to open an existing file?! I don't get how to use that.
There were two "highly dangerous" vulnerabilities detected. I have now updated Adobe Reader and MS Office to try to patch those.

Here are the logs.

Malwarebytes' Anti-Malware 1.40
Database version: 2561
Windows 5.1.2600 Service Pack 3

8/4/2009 11:00:13 PM
mbam-log-2009-08-04 (23-00-13).txt

Scan type: Quick Scan
Objects scanned: 127362
Time elapsed: 7 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Kaspersky:

Full Scan: completed 8/5/2009 2:59:40 AM (events: 62, objects: 1243180, time: 02:36:13)
8/4/2009 6:05:19 PM Task completed
8/4/2009 4:56:58 PM Task started
Full Scan: completed 8/5/2009 2:59:40 AM (events: 62, objects: 1243180, time: 02:36:13)
8/4/2009 6:38:46 PM Task completed
8/4/2009 6:37:31 PM Task started
Full Scan: completed 8/5/2009 2:59:40 AM (events: 62, objects: 1243180, time: 02:36:13)
8/4/2009 6:41:26 PM Task completed
8/4/2009 6:40:42 PM Task started
Full Scan: completed 8/5/2009 2:59:40 AM (events: 62, objects: 1243180, time: 02:36:13)
8/4/2009 7:04:37 PM Task started
8/4/2009 7:04:44 PM Detected: http://www.viruslist...dvisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe
8/4/2009 7:04:47 PM Detected: http://www.viruslist...dvisories/35364 C:\Program Files\microsoft office\office11\excel.exe
8/4/2009 7:04:47 PM Detected: http://www.viruslist...dvisories/29320 C:\Program Files\microsoft office\office11\outlook.exe
8/4/2009 7:04:49 PM Detected: http://www.viruslist...dvisories/34572 C:\Program Files\microsoft office\office11\powerpnt.exe
8/4/2009 7:04:49 PM Detected: http://www.viruslist...dvisories/19850 C:\Program Files\dantz\retrospect\retrospect.exe
8/4/2009 7:04:50 PM Detected: http://www.viruslist...dvisories/35377 C:\Program Files\microsoft office\office11\winword.exe
8/4/2009 7:04:51 PM Detected: http://www.viruslist...dvisories/31822 C:\Program Files\Bonjour\mDNSResponder.exe
8/4/2009 7:05:25 PM Detected: http://www.viruslist...dvisories/30150 C:\Program Files\microsoft office\office11\mspub.exe
8/4/2009 7:05:25 PM Detected: http://www.viruslist...dvisories/35091 C:\Program Files\quicktime\quicktimeplayer.exe
8/4/2009 7:05:25 PM Detected: http://www.viruslist...dvisories/26625 C:\Program Files\subversion\bin\svn.exe
8/4/2009 7:05:26 PM Detected: http://www.viruslist...dvisories/33372 C:\Program Files\vmware\vmware player\vmplayer.exe
8/4/2009 7:05:26 PM Detected: http://www.viruslist...dvisories/34451 C:\windows\system32\java.exe
8/4/2009 7:05:27 PM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\manager.exe
8/4/2009 7:05:27 PM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\downloadmanagerv2.ocx
8/4/2009 7:05:28 PM Detected: http://www.viruslist...dvisories/34451 C:\windows\system32\java.exe
8/4/2009 7:48:20 PM Detected: http://www.viruslist...dvisories/26027 C:\i386\flash.ocx
8/4/2009 7:48:49 PM Detected: http://www.viruslist...dvisories/34451 C:\i386\java.exe
8/4/2009 7:48:50 PM Detected: http://www.viruslist...dvisories/32991 C:\i386\javaws.exe
8/4/2009 7:51:14 PM Detected: http://www.viruslist...dvisories/32270 C:\i386\swflash.ocx
8/4/2009 7:59:02 PM Detected: http://www.viruslist...dvisories/35949 C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
8/4/2009 8:17:25 PM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Aqua Data Studio 6.0\jre\bin\java.exe
8/4/2009 8:26:40 PM Detected: http://www.viruslist...dvisories/35948 C:\Program Files\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll
8/4/2009 8:26:43 PM Detected: http://www.viruslist...dvisories/35948 C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
8/4/2009 8:27:53 PM Detected: http://www.viruslist...dvisories/31744 C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
8/4/2009 8:27:54 PM Detected: http://www.viruslist...dvisories/31744 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
8/4/2009 8:28:26 PM Detected: http://www.viruslist...dvisories/19850 C:\Program Files\dantz\retrospect\retrospect.exe
8/4/2009 8:33:50 PM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\j2re1.4.2_12\bin\eula.dll
8/4/2009 8:33:56 PM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\jdk1.5.0_09\bin\javaws.exe
8/4/2009 8:34:07 PM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\jdk1.5.0_09\jre\bin\javaws.exe
8/4/2009 8:34:19 PM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jdk1.6.0_02\bin\java.exe
8/4/2009 8:34:22 PM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe
8/4/2009 8:34:31 PM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe
8/4/2009 8:34:42 PM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jre1.6.0_01\bin\java.exe
8/4/2009 8:34:54 PM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jre1.6.0_02\bin\java.exe
8/4/2009 8:36:21 PM Detected: http://www.viruslist...dvisories/35364 C:\Program Files\microsoft office\office11\excel.exe
8/4/2009 8:36:25 PM Detected: http://www.viruslist...dvisories/30150 C:\Program Files\microsoft office\office11\mspub.exe
8/4/2009 8:36:25 PM Detected: http://www.viruslist...dvisories/29321 C:\Program Files\microsoft office\Office\MSO9.DLL
8/4/2009 8:37:01 PM Detected: http://www.viruslist...dvisories/29320 C:\Program Files\microsoft office\office11\outlook.exe
8/4/2009 8:37:31 PM Detected: http://www.viruslist...dvisories/34572 C:\Program Files\microsoft office\office11\powerpnt.exe
8/4/2009 8:37:34 PM Detected: http://www.viruslist...dvisories/35377 C:\Program Files\microsoft office\office11\winword.exe
8/4/2009 8:44:03 PM Detected: http://www.viruslist...dvisories/34471 C:\Program Files\Mozilla Firefox 2 RC1\firefox.exe
8/4/2009 8:46:16 PM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Oxygen XML Editor 10\jre\bin\java.exe
8/4/2009 8:54:27 PM Detected: http://www.viruslist...dvisories/26625 C:\Program Files\subversion\bin\svn.exe
8/4/2009 8:54:58 PM Detected: http://www.viruslist...dvisories/26625 C:\Program Files\svn-win32-1.2.0\bin\svn.exe
8/4/2009 8:56:02 PM Detected: http://www.viruslist...dvisories/33372 C:\Program Files\vmware\vmware player\vmplayer.exe
8/4/2009 9:15:40 PM Detected: http://www.viruslist...dvisories/29434 C:\temp\downloads\liveusb-creator-3.6.7\tools\7z.exe
8/4/2009 9:16:54 PM Detected: http://www.viruslist...dvisories/30330 C:\temp\it-huttar\Program Files\FileZilla\FileZilla.exe
8/4/2009 9:17:11 PM Detected: http://www.viruslist...dvisories/26632 C:\temp\it-huttar\Program Files\TortoiseSVN\bin\TortoiseProc.exe
8/4/2009 9:17:27 PM Detected: http://www.viruslist...dvisories/35269 C:\temp\it-huttar\Program Files\VMware\VMware Server Console\vmware.exe
8/4/2009 9:18:57 PM Detected: http://www.viruslist...dvisories/26027 C:\temp\UBCD4Win\BartPE\I386\SYSTEM32\flash.ocx
8/4/2009 9:21:19 PM Detected: http://www.viruslist...dvisories/26027 C:\temp\UBCD4Win\BartPE\programs\games\arcade\system32\flash.ocx
8/4/2009 9:22:11 PM Detected: http://www.viruslist...dvisories/33807 C:\temp\UBCD4Win\BartPE\programs\vncviewer\vncviewer.exe
8/4/2009 9:23:03 PM Detected: http://www.viruslist...dvisories/35914 C:\temp\UBCD4Win\plugin\Applications\FireFox\files\firefox.exe
8/4/2009 9:23:17 PM Detected: http://www.viruslist...dvisories/35948 C:\temp\UBCD4Win\plugin\Applications\Opera\files\program\plugins\NPSWF32.dll
8/4/2009 9:24:04 PM Detected: http://www.viruslist...dvisories/26027 C:\temp\UBCD4Win\plugin\Games\Arcade!\files\system32\flash.ocx
8/4/2009 9:24:13 PM Detected: http://www.viruslist...dvisories/33807 C:\temp\UBCD4Win\plugin\Network\vncviewer\vncviewer.exe
8/4/2009 9:30:50 PM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\downloadmanagerv2.ocx
8/4/2009 9:30:52 PM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\manager.exe
8/4/2009 9:40:17 PM Detected: http://www.viruslist...dvisories/32270 C:\windows\system32\Flash.ocx
8/4/2009 9:40:38 PM Detected: http://www.viruslist...dvisories/34451 C:\windows\system32\java.exe
8/4/2009 9:41:09 PM Detected: http://www.viruslist...dvisories/23655 C:\windows\system32\msxml4.old
8/4/2009 9:41:59 PM Detected: http://www.viruslist...dvisories/36049 C:\windows\system32\Adobe\Shockwave 11\SwInit.exe
8/4/2009 9:42:41 PM Detected: http://www.viruslist...dvisories/26027 C:\windows\system32\Macromed\Flash\flash.ocx
8/4/2009 9:42:42 PM Detected: http://www.viruslist...dvisories/35948 C:\windows\system32\Macromed\Flash\Flash9f.ocx
8/4/2009 9:43:46 PM Detected: http://www.viruslist...dvisories/23655 C:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
8/4/2009 9:43:46 PM Detected: http://www.viruslist...dvisories/23655 C:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
8/4/2009 9:43:46 PM Detected: http://www.viruslist...dvisories/23655 C:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
8/4/2009 9:44:21 PM Detected: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe/stream/data0001
8/4/2009 9:44:21 PM Untreated: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe/stream/data0001 Postponed
8/4/2009 9:44:21 PM Processing error: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe/stream
8/4/2009 9:44:21 PM Processing error: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe
8/4/2009 9:48:31 PM Detected: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe/stream/data0001
8/4/2009 9:48:31 PM Untreated: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe/stream/data0001 Skipped by user
8/4/2009 9:48:31 PM Processing error: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe/stream
8/4/2009 9:48:31 PM Processing error: not-a-virus:AdWare.Win32.Comet.ac E:\downloads\sinstaller2.exe
8/4/2009 9:48:31 PM Task completed
Full Scan: completed 8/5/2009 2:59:40 AM (events: 62, objects: 1243180, time: 02:36:13)
8/4/2009 11:04:14 PM Task started
8/4/2009 11:04:26 PM Detected: http://www.viruslist...dvisories/35948 C:\windows\system32\Macromed\Flash\Flash9f.ocx
8/4/2009 11:05:34 PM Detected: http://www.viruslist...dvisories/29320 C:\Program Files\microsoft office\office11\outlook.exe
8/4/2009 11:05:38 PM Detected: http://www.viruslist...dvisories/19850 C:\Program Files\dantz\retrospect\retrospect.exe
8/4/2009 11:05:45 PM Detected: http://www.viruslist...dvisories/34572 C:\Program Files\microsoft office\office11\powerpnt.exe
8/4/2009 11:05:47 PM Detected: http://www.viruslist...dvisories/35364 C:\Program Files\microsoft office\office11\excel.exe
8/4/2009 11:05:53 PM Detected: http://www.viruslist...dvisories/35377 C:\Program Files\microsoft office\office11\winword.exe
8/4/2009 11:06:14 PM Detected: http://www.viruslist...dvisories/26625 C:\Program Files\subversion\bin\svn.exe
8/4/2009 11:06:15 PM Detected: http://www.viruslist...dvisories/34451 C:\windows\system32\java.exe
8/4/2009 11:06:17 PM Detected: http://www.viruslist...dvisories/33372 C:\Program Files\vmware\vmware player\vmplayer.exe
8/4/2009 11:06:17 PM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\downloadmanagerv2.ocx
8/4/2009 11:06:18 PM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\manager.exe
8/4/2009 11:06:20 PM Detected: http://www.viruslist...dvisories/30150 C:\Program Files\microsoft office\office11\mspub.exe
8/4/2009 11:06:20 PM Detected: http://www.viruslist...dvisories/34451 C:\windows\system32\java.exe
8/4/2009 11:26:09 PM Task stopped
8/5/2009 12:23:26 AM Task started
8/5/2009 12:45:00 AM Detected: http://www.viruslist...dvisories/26027 C:\i386\flash.ocx
8/5/2009 12:45:26 AM Detected: http://www.viruslist...dvisories/34451 C:\i386\java.exe
8/5/2009 12:45:26 AM Detected: http://www.viruslist...dvisories/32991 C:\i386\javaws.exe
8/5/2009 12:47:46 AM Detected: http://www.viruslist...dvisories/32270 C:\i386\swflash.ocx
8/5/2009 12:56:00 AM Detected: http://www.viruslist...dvisories/35949 C:\Program Files\Adobe\Reader 9.0\Reader\plug_ins\Annots.api
8/5/2009 1:21:08 AM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Aqua Data Studio 6.0\jre\bin\java.exe
8/5/2009 1:30:58 AM Detected: http://www.viruslist...dvisories/35948 C:\Program Files\Common Files\Adobe AIR\Versions\1.0\NPSWF32.dll
8/5/2009 1:31:00 AM Detected: http://www.viruslist...dvisories/35948 C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll
8/5/2009 1:32:09 AM Detected: http://www.viruslist...dvisories/31744 C:\Program Files\Common Files\Microsoft Shared\Office10\MSO.DLL
8/5/2009 1:32:09 AM Detected: http://www.viruslist...dvisories/31744 C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSO.DLL
8/5/2009 1:32:56 AM Detected: http://www.viruslist...dvisories/19850 C:\Program Files\dantz\retrospect\retrospect.exe
8/5/2009 1:41:32 AM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\j2re1.4.2_12\bin\eula.dll
8/5/2009 1:41:39 AM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\jdk1.5.0_09\bin\javaws.exe
8/5/2009 1:41:50 AM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\jdk1.5.0_09\jre\bin\javaws.exe
8/5/2009 1:42:00 AM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jdk1.6.0_02\bin\java.exe
8/5/2009 1:42:02 AM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jdk1.6.0_02\jre\bin\java.exe
8/5/2009 1:42:13 AM Detected: http://www.viruslist...dvisories/32991 C:\Program Files\Java\jre1.5.0_09\bin\javaws.exe
8/5/2009 1:42:22 AM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jre1.6.0_01\bin\java.exe
8/5/2009 1:42:33 AM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Java\jre1.6.0_02\bin\java.exe
8/5/2009 1:44:04 AM Detected: http://www.viruslist...dvisories/29321 C:\Program Files\microsoft office\Office\MSO9.DLL
8/5/2009 1:44:11 AM Detected: http://www.viruslist...dvisories/30150 C:\Program Files\microsoft office\office11\mspub.exe
8/5/2009 1:44:12 AM Detected: http://www.viruslist...dvisories/35364 C:\Program Files\microsoft office\office11\excel.exe
8/5/2009 1:45:10 AM Detected: http://www.viruslist...dvisories/29320 C:\Program Files\microsoft office\office11\outlook.exe
8/5/2009 1:45:22 AM Detected: http://www.viruslist...dvisories/34572 C:\Program Files\microsoft office\office11\powerpnt.exe
8/5/2009 1:45:33 AM Detected: http://www.viruslist...dvisories/35377 C:\Program Files\microsoft office\office11\winword.exe
8/5/2009 1:54:24 AM Detected: http://www.viruslist...dvisories/34471 C:\Program Files\Mozilla Firefox 2 RC1\firefox.exe
8/5/2009 1:56:29 AM Detected: http://www.viruslist...dvisories/34451 C:\Program Files\Oxygen XML Editor 10\jre\bin\java.exe
8/5/2009 2:04:33 AM Detected: http://www.viruslist...dvisories/26625 C:\Program Files\subversion\bin\svn.exe
8/5/2009 2:05:01 AM Detected: http://www.viruslist...dvisories/26625 C:\Program Files\svn-win32-1.2.0\bin\svn.exe
8/5/2009 2:06:11 AM Detected: http://www.viruslist...dvisories/33372 C:\Program Files\vmware\vmware player\vmplayer.exe
8/5/2009 2:31:45 AM Detected: http://www.viruslist...dvisories/29434 C:\temp\downloads\liveusb-creator-3.6.7\tools\7z.exe
8/5/2009 2:33:04 AM Detected: http://www.viruslist...dvisories/30330 C:\temp\it-huttar\Program Files\FileZilla\FileZilla.exe
8/5/2009 2:33:20 AM Detected: http://www.viruslist...dvisories/26632 C:\temp\it-huttar\Program Files\TortoiseSVN\bin\TortoiseProc.exe
8/5/2009 2:33:40 AM Detected: http://www.viruslist...dvisories/35269 C:\temp\it-huttar\Program Files\VMware\VMware Server Console\vmware.exe
8/5/2009 2:42:13 AM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\downloadmanagerv2.ocx
8/5/2009 2:42:16 AM Detected: http://www.viruslist...dvisories/35951 C:\windows\downloaded program files\manager.exe
8/5/2009 2:52:05 AM Detected: http://www.viruslist...dvisories/32270 C:\windows\system32\Flash.ocx
8/5/2009 2:52:16 AM Detected: http://www.viruslist...dvisories/34451 C:\windows\system32\java.exe
8/5/2009 2:52:34 AM Detected: http://www.viruslist...dvisories/23655 C:\windows\system32\msxml4.old
8/5/2009 2:53:26 AM Detected: http://www.viruslist...dvisories/36049 C:\windows\system32\Adobe\Shockwave 11\SwInit.exe
8/5/2009 2:54:05 AM Detected: http://www.viruslist...dvisories/26027 C:\windows\system32\Macromed\Flash\flash.ocx
8/5/2009 2:54:08 AM Detected: http://www.viruslist...dvisories/35948 C:\windows\system32\Macromed\Flash\Flash9f.ocx
8/5/2009 2:55:10 AM Detected: http://www.viruslist...dvisories/23655 C:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9841.0_x-ww_18171213\msxml4.dll
8/5/2009 2:55:10 AM Detected: http://www.viruslist...dvisories/23655 C:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.1.0.0_x-ww_b319d8da\msxml4.dll
8/5/2009 2:55:11 AM Detected: http://www.viruslist...dvisories/23655 C:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9848.0_x-ww_1b897e9a\msxml4.dll
8/5/2009 2:59:40 AM Task completed

Attached Thumbnails

  • kaspersky_detected_threats.png

  • 0

#8
Rorschach112
Posted 05 August 2009 - 11:55 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
open OTL select Minimal output, click Quick Scan post that log
  • 0

#9
LarsH
Posted 05 August 2009 - 12:57 PM

LarsH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
OK, here goes:

OTL logfile created on: 8/5/2009 1:42:13 PM - Run 2
OTL by OldTimer - Version 3.0.10.3 Folder = C:\Program Files\bin
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.09% Memory free
2.09 Gb Paging File | 1.39 Gb Available in Paging File | 66.59% Paging File free
Paging file location(s): C:\pagefile.sys 256 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 54.93 Gb Total Space | 4.11 Gb Free Space | 7.48% Space Free | Partition Type: NTFS
Drive D: | 596.40 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 19.54 Gb Total Space | 1.00 Gb Free Space | 5.14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: IT-HUTTAR-D820
Current User Name: huttarl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Centenn.ial\Audit\CAgent32.exe (Centennial Software Limited )
PRC - C:\Centenn.ial\Audit\xferwan.exe (Centennial Software Limited )
PRC - C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
PRC - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
PRC - C:\Program Files\Dantz\Retrospect\wdsvc.exe (Dantz Development Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe ()
PRC - C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
PRC - C:\WINDOWS\System32\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files\Intel\WiFi\bin\WLKeeper.exe (Intel® Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (http://tortoisesvn.net)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\Apoint\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Apoint\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\WINDOWS\System32\wbem\unsecapp.exe (Microsoft Corporation)
PRC - C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe (EMC)
PRC - C:\Program Files\Retrospect\Retrospect Client\retroclient.exe (EMC)
PRC - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousManager.exe (Yahoo!)
PRC - C:\Program Files\bin\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (ASKUpgrade [Auto | Stopped]) -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe ()
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (AVP [Auto | Running]) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (CentennialClientAgent [Auto | Running]) -- C:\Centenn.ial\Audit\CAgent32.exe (Centennial Software Limited )
SRV - (CentennialIPTransferAgent [Auto | Running]) -- C:\Centenn.ial\Audit\xferwan.exe (Centennial Software Limited )
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DataSvr2 [Auto | Running]) -- C:\Program Files\Wave Systems Corp\Common\DataServer.exe (Wave Systems Corp.)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate1c8e1d582c30206 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IISADMIN [On_Demand | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (MSSQL$SILFW [Auto | Stopped]) -- c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Stopped]) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (MySQL [Auto | Running]) -- C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe ()
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe (Dell Inc.)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (OpenVPNService [On_Demand | Stopped]) -- C:\Program Files\OpenVPN\bin\openvpnserv.exe ()
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (RetroLauncher [Auto | Running]) -- C:\Program Files\Dantz\Retrospect\retrorun.exe (Dantz Development Corporation)
SRV - (Retrospect Client [Auto | Running]) -- C:\Program Files\Retrospect\Retrospect Client\RemotSvc.exe (EMC)
SRV - (Retrospect Helper [Auto | Stopped]) -- C:\Program Files\Retrospect\Retrospect Client\rthlpsvc.exe (EMC Corporation)
SRV - (RetroWDSvc [Auto | Running]) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe (Dantz Development Corporation)
SRV - (rpcapd [On_Demand | Stopped]) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (SMTPSVC [Auto | Running]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SonicCSvr6.1 DB Server [Disabled | Stopped]) -- File not found
SRV - (SonicCSvr6.1 Lock Manager [Disabled | Stopped]) -- File not found
SRV - (SonicCSvr6.1 Server [Disabled | Stopped]) -- File not found
SRV - (SonicXSvr DB Server [On_Demand | Stopped]) -- File not found
SRV - (SonicXSvr Lock Manager [On_Demand | Stopped]) -- File not found
SRV - (SQLBrowser [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (tcsd_win32.exe [Auto | Running]) -- C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe ()
SRV - (Tomcat5 [On_Demand | Stopped]) -- C:\Program Files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe (Apache Software Foundation)
SRV - (VMAuthdService [Auto | Running]) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (VMnetDHCP [Auto | Running]) -- C:\WINDOWS\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (vmount2 [Auto | Running]) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (VMware NAT Service [Auto | Running]) -- C:\WINDOWS\System32\vmnat.exe (VMware, Inc.)
SRV - (W3SVC [On_Demand | Stopped]) -- C:\WINDOWS\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (WLANKEEPER [Auto | Running]) -- C:\Program Files\Intel\WiFi\bin\WLKeeper.exe (Intel® Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.co...l...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.co...l...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.order.1: "delicious"
FF - prefs.js..browser.search.order.2: "Google"
FF - prefs.js..browser.search.order.3: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://calendar.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.1
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: keyconfig@dorando:20080929
FF - prefs.js..extensions.enabledItems: [email protected]:1.3.0
FF - prefs.js..extensions.enabledItems: [email protected]:0.8.6
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.6
FF - prefs.js..extensions.enabledItems: {176f61b8-3e7d-4d0a-9fdd-f9c2995e2f0c}:0.3.20080822.55
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.0b4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.12
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy.wycliff...onfigproxy.pac"
FF - prefs.js..network.proxy.backup.ftp: "msproxy"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "msproxy"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "msproxy"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "msproxy"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8888
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8888
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8888
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8888
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8888

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/04 17:45:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2009/07/17 22:13:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox 2 RC1\components [2008/08/13 14:09:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox 2 RC1\plugins [2009/06/26 10:07:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/03 00:20:14 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/03 00:20:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/22 16:31:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/26 10:07:32 | 00,000,000 | ---D | M]

[2008/06/20 10:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Extensions
[2008/06/20 10:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/03 11:42:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions
[2009/06/12 06:24:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2006/05/31 05:40:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{07D70F98-08D3-432e-8BD6-496AD6481A68}
[2009/06/29 09:40:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{0AA9101C-D3C1-4129-A9B7-D778C6A17F82}
[2006/05/31 05:40:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{14AFCCF3-39B5-437f-9839-BE3D054A56B4}
[2009/05/06 16:19:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{176f61b8-3e7d-4d0a-9fdd-f9c2995e2f0c}
[2009/07/29 09:28:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}
[2009/05/12 22:27:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2008/07/08 10:21:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3a4c7c8f-da1b-47c0-b352-c85ac648e897}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3a7c7029-261d-4349-a53c-dff12ed8c4f4}
[2008/06/19 11:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3c20433a-61bc-42fe-831d-415860e17283}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3c2f3d50-ec4f-11d8-9669-0800200c9a66}
[2008/06/04 21:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2006/05/31 05:40:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{3e91e321-7d77-4d1c-9282-2a43591dde82}
[2008/04/08 13:17:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{4A207596-AED2-4223-929F-BBE1D691B7CD}
[2009/07/29 09:28:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{5a2b4e34-ce62-42e9-a658-06ba4490adf8}
[2009/07/16 07:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{5d67eb1e-2b10-4538-8321-74a5ec8ccf96}
[2008/07/03 15:16:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{61ED2A9A-39EB-4AAF-BD14-06DFBE8880C3}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{75739dec-72db-4020-aa9a-6afa6744759b}
[2009/06/08 05:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/07/16 07:46:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2008/12/12 11:21:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}
[2006/05/31 05:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{8e117890-a33f-424b-a2ea-deb272731365}
[2006/05/31 05:40:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{909409b9-2e3b-4682-a5d1-71ca80a76456}
[2009/05/04 11:05:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{a8644990-c144-42e7-b2fe-f2170f72ccee}
[2008/11/25 22:13:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{bcd47b5a-43be-433f-9051-7ce2cdf94ac0}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{c24aecc7-7c95-507f-d71f-155cb86656df}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2008/05/21 09:10:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2008/10/11 21:17:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{cf2812dc-6a7c-4402-b639-4d277dac4c36}
[2009/07/16 07:46:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{D719B74B-E716-403b-91A9-1CE455AB80E6}
[2008/10/20 12:26:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/07/04 16:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/02/21 14:48:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2006/05/31 05:40:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{E800A8D5-6B36-4854-9F21-443F8CBFF835}
[2009/05/08 10:54:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009/02/12 11:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{f1ac26a6-41db-47fb-8996-e4605fa6188f}
[2009/07/22 05:59:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\{F807FACD-E46A-4793-B345-D58CB177673C}
[2008/08/12 13:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/04/20 09:45:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/07/29 09:28:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/05/05 21:01:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/07/16 07:46:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/02/12 11:37:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2006/05/31 05:40:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\keyconfig
[2008/10/03 21:26:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\keyconfig@dorando
[2006/05/31 05:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\minit
[2008/06/04 21:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2007/10/20 14:58:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/06/08 05:41:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2008/07/01 12:57:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/05/05 21:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2006/05/31 05:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\temp
[2006/05/31 05:40:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\undoclosetab
[2009/07/21 10:45:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\undoclosetab@dorando
[2009/07/12 16:24:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\mozilla\Firefox\Profiles\9x0wv3mu.default\extensions\[email protected]
[2009/08/03 09:30:52 | 00,001,489 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\esv-crossway.xml
[2009/07/31 08:57:08 | 00,002,125 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\flickr-tags.xml
[2009/07/31 08:57:08 | 00,002,859 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\google-images.xml
[2009/07/24 16:15:21 | 00,000,935 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\mw-dictionary.xml
[2007/03/18 22:44:10 | 00,002,386 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\siteadvisor.xml
[2008/06/20 21:14:00 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Mozilla\FireFox\Profiles\9x0wv3mu.default\searchplugins\wikipedia.xml
[2008/06/20 10:19:31 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/03 00:20:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/02/28 12:12:16 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\chrome\content\mozapps\extensions
[2009/08/03 00:20:05 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/03 00:20:05 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/12 23:49:05 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2006/07/12 14:30:24 | 00,034,384 | ---- | M] (WebEx) -- C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
[2006/07/12 14:30:25 | 00,093,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\atgpcext.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2004/11/12 22:36:20 | 00,005,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2006/07/12 14:30:06 | 00,051,792 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2007/11/20 14:37:22 | 01,334,576 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2007/12/19 07:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2006/09/25 06:13:55 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2009/08/03 00:20:08 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 14:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/26 14:54:46 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/04/26 14:54:47 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/09/05 18:06:14 | 04,100,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSibelius.dll
[2008/10/03 21:26:03 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/10/03 21:26:03 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/10/03 21:26:03 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/17 18:11:28 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/10/03 21:26:03 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/08/12 23:49:05 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.png
[2008/08/12 23:49:05 | 00,000,531 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\GoogleDesktopMozilla.src
[2008/10/03 21:26:03 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/10/03 21:26:03 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (CDelHotkeys Object) - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O2 - BHO: (HttpWatch Basic) - {F1F69322-008F-4895-B2BF-AD194219825A} - C:\Program Files\HttpWatch\httpwatchsc.dll (Simtec Limited)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Delicious Toolbar) - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Discovery User Input] C:\Discovery\User Input\userin32.exe (Centennial Software Limited )
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &MSN Search - C:\Program Files\MSN Toolbar Suite\TB\02.05.0001.1119\en-us\msntb.dll File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Add to Windows &Live Favorites - File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open in new background tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll File not found
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-us\msntabres.dll File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.30.0\gears.dll (Google Inc.)
O9 - Extra Button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll (Yahoo!)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra 'Tools' menuitem : Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - C:\Program Files\Fiddler2\Fiddler.exe (Eric Lawrence)
O9 - Extra Button: HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - C:\Program Files\HttpWatch\httpwatch.dll (Simtec Limited)
O9 - Extra 'Tools' menuitem : HttpWatch Basic - {D103E85B-5D67-42c1-8C83-F01079DBAB26} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: sil.org ([]http in Trusted sites)
O16 - DPF: {00000045-9980-0010-8000-00AA00389B71} http://codecs.micros...86/sg726acm.cab (Reg Error: Key error.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} https://vpn.wycliffe...,2008,0717,1611 (F5 Networks VPN Manager)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplane...C_2.3.6.108.cab (CDownloadCtrl Object)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} https://vpn.wycliffe...llerControl.cab (F5 Networks Auto Update)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} http://epm.wycliffe....ts/pjclient.cab (PjAdoInfo3 Class)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1190258778281 (WUWebControl Class)
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} https://vpn.wycliffe...,2008,0717,1602 (F5 Networks SSLTunnel)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1249482899988 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} http://epm.wycliffe....033/pjcintl.cab (Pj11enuC Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_12)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://vpn.wycliffe...,2008,0717,1607 (F5 Networks SuperHost Class)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://vpn.wycliffe...,2008,0717,1606 (F5 Networks Host Control)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dallas.sil.org
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/14 07:00:00 | 00,000,110 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (pgdfgsvc) - C:\WINDOWS\System32\pgdfgsvc.exe (Sysinternals - www.sysinternals.com)
O34 - HKLM BootExecute: © - File not found
O34 - HKLM BootExecute: (1) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/08/05 11:42:30 | 00,000,000 | ---D | C] -- C:\00b5760e38014f3b22
[2009/08/05 11:41:47 | 00,000,167 | ---- | C] () -- C:\boot.ini
[2009/08/04 22:10:44 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/08/04 22:10:15 | 00,000,157 | ---- | C] () -- C:\Documents and Settings\huttarl.DALLAS\Desktop\regular slowdown - malware.url
[2009/08/04 22:08:56 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\huttarl.DALLAS\Desktop\TFC.exe
[2009/08/04 16:47:27 | 00,105,395 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/08/04 16:47:27 | 00,094,643 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/08/04 16:46:34 | 14,178,336 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/04 16:46:34 | 00,778,272 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/04 16:46:34 | 00,112,896 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/04 16:46:34 | 00,003,740 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/04 16:46:33 | 00,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2009/08/04 16:46:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
[2009/08/04 16:45:51 | 00,226,832 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/08/04 16:35:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
[2009/08/04 13:41:22 | 00,001,323 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\UBCD4Win.lnk
[2009/08/04 11:41:36 | 00,000,000 | -HSD | C] -- C:\found.003
[2009/08/03 14:55:26 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\dllcache\cache
[2009/08/03 12:38:19 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/08/03 12:38:18 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/08/03 12:04:10 | 00,219,648 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/08/03 12:04:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/08/03 12:04:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/08/03 12:04:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/08/03 12:04:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/08/03 12:04:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/08/03 12:04:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/08/03 12:04:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/08/03 11:54:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/03 11:42:36 | 03,154,522 | R--- | C] () -- C:\Documents and Settings\huttarl.DALLAS\Desktop\ComboFix.exe
[2009/08/03 11:05:09 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/08/03 11:01:34 | 00,407,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\huttarl.DALLAS\Desktop\OTM.exe
[2009/07/31 11:54:01 | 00,031,744 | ---- | C] () -- C:\Documents and Settings\huttarl.DALLAS\My Documents\Virtualizing PMC Servers.doc
[2009/07/29 10:26:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\huttarl.DALLAS\Desktop\RootRepeal
[2009/07/27 16:09:24 | 00,000,000 | ---D | C] -- C:\Program Files\jsl
[2009/07/24 11:34:40 | 00,000,000 | ---D | C] -- C:\Program Files\HttpWatch

========== Files - Modified Within 14 Days ==========

[2009/08/05 13:39:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/05 13:21:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/08/05 13:12:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/05 12:50:00 | 00,001,000 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993UA.job
[2009/08/05 12:19:06 | 00,778,272 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/08/05 12:19:05 | 00,003,740 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/08/05 11:38:22 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2009/08/05 11:38:21 | 00,042,853 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2009/08/05 11:37:12 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/05 11:37:10 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/05 11:36:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/05 11:36:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/05 11:36:24 | 21,455,74912 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/05 11:34:54 | 14,178,336 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/08/05 11:34:54 | 00,112,896 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/08/05 11:34:32 | 00,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2009/08/05 10:17:05 | 00,000,785 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/08/05 05:50:00 | 00,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993Core.job
[2009/08/05 00:20:32 | 00,042,853 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2009/08/04 23:32:47 | 00,185,856 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/04 22:10:15 | 00,000,157 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Desktop\regular slowdown - malware.url
[2009/08/04 22:08:57 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\huttarl.DALLAS\Desktop\TFC.exe
[2009/08/04 18:31:34 | 00,226,832 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klif.sys
[2009/08/04 18:31:34 | 00,033,808 | ---- | M] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\klbg.sys
[2009/08/04 18:31:33 | 00,105,395 | ---- | M] () -- C:\WINDOWS\System32\drivers\klin.dat
[2009/08/04 18:31:33 | 00,094,643 | ---- | M] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009/08/04 13:41:22 | 00,001,323 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\UBCD4Win.lnk
[2009/08/04 11:54:40 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/08/04 11:45:47 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/08/04 08:26:53 | 00,000,167 | ---- | M] () -- C:\boot.ini
[2009/08/03 16:11:27 | 00,000,032 | ---- | M] () -- C:\WINDOWS\0
[2009/08/03 14:40:09 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/03 11:42:36 | 03,154,522 | R--- | M] () -- C:\Documents and Settings\huttarl.DALLAS\Desktop\ComboFix.exe
[2009/08/03 11:01:35 | 00,407,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\huttarl.DALLAS\Desktop\OTM.exe
[2009/08/01 14:51:11 | 00,001,792 | -H-- | M] () -- C:\Documents and Settings\huttarl.DALLAS\My Documents\Default.rdp
[2009/07/31 11:54:05 | 00,031,744 | ---- | M] () -- C:\Documents and Settings\huttarl.DALLAS\My Documents\Virtualizing PMC Servers.doc
[2009/07/24 21:52:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

========== LOP Check ==========

[2009/08/04 16:46:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/07 15:15:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2006/06/15 21:03:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Buena Vista Games
[2007/10/31 10:27:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2008/12/09 05:55:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\foldit
[2006/06/08 19:57:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2009/01/07 21:51:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intel
[2006/06/21 20:30:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2007/02/12 16:20:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Search Toolbar
[2006/06/19 21:30:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/10/20 15:35:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2007/05/02 21:03:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Networks
[2007/04/09 17:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Red Gate
[2007/01/20 12:18:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect
[2008/09/30 14:13:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect Client
[2006/09/03 05:02:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RSE
[2004/08/11 17:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2008/12/09 13:10:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SIL
[2008/05/09 06:28:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2009/06/20 05:40:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/11/07 23:18:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2006/05/23 21:33:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2007/02/13 07:26:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2009/05/28 14:55:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2009/07/29 14:34:43 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data
[2009/06/23 12:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\.freeciv
[2008/10/07 11:33:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\.gaim
[2009/05/15 13:23:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\.purple
[2009/04/19 21:08:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Aptana
[2009/05/10 22:57:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Big Fish Games
[2009/01/29 11:26:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/01 14:51:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\com.oxygenxml
[2007/01/04 12:19:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Conceptworld
[2007/02/10 05:30:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CrystalApp
[2007/02/10 05:29:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CrystalSpace
[2009/01/28 22:14:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CTdeveloping
[2006/06/12 04:20:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\CyberLink
[2009/08/05 13:39:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Delicious IE Extension
[2008/08/14 15:39:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Dev-Cpp
[2009/02/03 23:10:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Download Manager
[2007/03/30 10:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\dvdcss
[2008/08/08 09:31:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\DzzDExtension
[2008/10/03 11:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ESRI
[2009/07/28 14:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\FileZilla
[2007/08/07 12:27:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\fltk.org
[2008/09/30 11:07:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\gnupg
[2009/07/28 11:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\gtk-2.0
[2006/06/13 12:24:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\HotSync
[2009/01/27 03:16:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\IGN_DLM
[2008/05/09 06:22:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Inkscape
[2009/01/07 21:52:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Intel
[2007/03/29 12:36:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\KrazyDad
[2006/06/06 10:37:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Leadertech
[2006/12/06 16:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Miranda
[2006/06/22 23:22:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Motive
[2007/02/13 07:34:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\MSN Search Toolbar
[2009/05/15 13:28:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Notepad++
[2008/05/01 12:48:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\OfficeUpdate12
[2008/09/04 10:23:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ooVoo Details
[2006/11/27 18:08:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\OpenOffice.org2
[2007/03/02 00:10:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\PedestrianEntertainment
[2007/06/21 00:38:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Processing
[2006/07/11 06:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Quotes
[2007/01/20 11:30:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Snapfish
[2007/01/26 22:32:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\SpaceMonger
[2009/06/16 14:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Stellarium
[2008/08/25 15:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Subversion
[2006/05/31 05:38:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\Thunderbird
[2008/07/10 09:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\TortoiseSVN
[2006/08/14 16:52:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\WinMerge
[2008/09/29 17:29:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\winpt
[2006/12/14 12:08:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\X2Net
[2007/01/29 00:31:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ZipGenius
[2009/05/28 14:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\huttarl.DALLAS\Application Data\ZoomBrowser EX
[2009/07/24 21:52:02 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/08/05 13:21:00 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2009/03/02 07:28:14 | 00,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\defrag-disks.job
[2004/08/04 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/05 13:39:26 | 00,000,868 | ---- | M] () -- C:\WINDOWS\Tasks\Google Software Updater.job
[2009/08/05 11:37:10 | 00,000,882 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
[2009/08/05 13:12:00 | 00,000,886 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
[2009/08/05 05:50:00 | 00,000,948 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993Core.job
[2009/08/05 12:50:00 | 00,001,000 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2075735302-1962817296-126092852-1993UA.job
[2009/08/05 11:36:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 197 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:70E897B5
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D2D4B33E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC5DB2B
< End of report >
  • 0

#10
Rorschach112
Posted 05 August 2009 - 01:38 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean


Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image



  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.



Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.



Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#11
LarsH
Posted 05 August 2009 - 03:45 PM

LarsH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for your continued help on this.

I did the ComboFix uninstall, OTC, and JavaRa as directed. Note that the link to JavaRa above is obsolete... they say now go to raproducts.org.

Unfortunately, the problem is not fixed... well, the slowdown at night seems better, but more importantly, boot.ini is still getting deleted whenever I reboot. Any other ideas?
  • 0

#12
Rorschach112
Posted 05 August 2009 - 05:04 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
click Start > Run > Type the following in bold

sc stop ASKUpgrade

Click OK


That should fix it
  • 0

#13
LarsH
Posted 05 August 2009 - 08:30 PM

LarsH

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Woohoo and Woohoo! Praise the Lord!
Thank you!

"sc stop ASKUpgrade" by itself didn't do it, but when I went into "Manage" and changed ASKUprade from "Automatic" to "Disabled", that did the trick. My boot.ini stopped disappearing.

What was causing that? something to do with the fact that I had disabled ASK & Record Toolbar's FLVSrvc startup item in msconfig, but the ASKUpgrade service was still on automatic, and so somehow boot.ini was being removed? Something to do with the fact that I'm now using Selective Startup? Maybe I should stop using that mode?

Thanks again for hanging in there and getting me to a solution.
  • 0

#14
Rorschach112
Posted 06 August 2009 - 05:25 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP