Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

irregular behavior and fatal error messages

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

irregular behavior and fatal error messages

Unread postby appreciateshelp » December 8th, 2011, 3:10 pm

Message at start up "fatal error" cannot load C:\users\my name\appdata\local\autobahn\rt\bin\zip.dll(126)
Fifefox fails to load and asks for crash report.
Computer is slow. Loads webpages very slowly.
Recently recovered by boot with OS OEM disk after total system crash.
Sound from one speaker, connections chercked and in tact and comnnected.
System changes settings for monitors without direction for user.
Cannot get legitimate DDS file as after download. Report is a mish mash of gibberish characters with text in the middle that says "DDS doesn't do squat". Looks like this excerpt:
v e d i a g n o s t i c s c a n n e r 4
 C o m p a n y N a m e S w e a r w a r e T   F i l e D e s c r i p t i o n D D S , D o e s n ' t D o S q u a t <   F i l e V e r s i o n 2 0 1 1 . 0 8 . 2 6 . 0 1 0   I n t e r n a l N a m e d d s . e x e .   L e g a l C o p y r i g h t s U B s 8   O r i g i n a l F i l e N a m e d d s . e x e ,   P r o d u c t N a m e D D S D V a r F i l e I n f o $  T r a n s l a t i o n äÚ <?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly> h    u  0  ‚  8    @  ™  H  £  P  ¯  X  º  `  Æ  Ô  ä  ô  
 
 
  € ,
 8
 H
 X
 `
 KERNEL32.DLL ADVAPI32.dll COMCTL32.dll GDI32.dll ole32.dll SHELL32.dll USER32.dll VERSION.dll LoadLibraryA GetProcAddress VirtualProtect VirtualAlloc VirtualFree ExitProcess RegEnumKeyA SetBkMode CoTaskMemFree ShellExecuteA GetDC VerQueryValueA  ï¾­ÞNullsoftInstM` ì ] € &—ü© h
¨.…Ó„z´j À„¸UxZHEýT°CçA{˜ó5®ÃÛ}ø2Ÿ¿™Hð¹`óïˆËÛ•”=uô´õMp´Z) ¯¤Û9Ìo
þõÞt`€è¸
_훩Za%•dF+€nP7Ø^,ºú0¯"8Ûl u¶G1c¨.³µõV €Á\2
¯¥J}#ÎËû> \¼å%+FG.9÷

HIJACK THIS REPORT:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:50:27 PM, on 12/8/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19154)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Vista Start Menu\VistaStartMenu.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Robert Smith\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (file missing)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Robert Smith\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Startup: NexDef Plug-in.lnk = C:\Users\Robert Smith\AppData\Local\Autobahn\nexdef.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &3 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &4 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Open Client to monitor &5 - C:\Windows\web\AOpenClient.htm
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O15 - Trusted Zone: http://install.homestead.com
O16 - DPF: Web-Based Email Tools - http://email01.secureserver.net/Download.CAB
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install-ie/alttiff.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9543F3DF-25CC-40E6-8D0A-6B2F6337E906}: NameServer = 4.2.2.2,4.2.2.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe
O23 - Service: McciCMService - Unknown owner - (no file)
O23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

--
End of file - 10113 bytes
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm
Advertisement
Register to Remove

Re: irregular behavior and fatal error messages

Unread postby askey127 » December 9th, 2011, 7:24 pm

Hi appreciateshelp,
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

The following is not too simple, but is really the only way to get a test of your memory.
-------------------------------------------------------
If you are able to do so, Make a Memtest boot floppy or boot CD and run it.
The download page is here: http://www.memtest86.com/download.html
If your PC can boot from a floppy, download this one, unzip it and make the floppy:
Download - Pre-Compiled Memtest86 v3.4a installable from Windows and DOS

If your PC can boot from a CD, you will need to download this one, unzip it, and use a CD writing application to generate the CD:
Download - Memtest86 v3.4a ISO image (zip)

For windows installation begin by downloading either the Pre-Compiled Windows package to build a boot-able floppy disk or an ISO (zip version) to create a boot-able CD-ROM. After the file is downloaded an extract must be done to uncompress the file(s). To extract right click on the downloaded file and select the "Extract All" option. The extract option will let you choose where the files will be extracted to. To build a bootable floppy go the the folder where the files were extracted and click on the Install icon. The floppy disk will appear to be unformatted by Windows after the install is complete.

To build a boot-able CD-ROM use your CD burning software to burn a CD from the un-zipped ISO image file.
In either case, set your machine to boot from Floppy or CD before the Hard Drive, and let the test run.
If it shows any errors, you should replace one RAM card at a time and rerun the test until it runs for an hour or more without errors..

Please respond with the contents of checkhd.txt and anything you can learn from memtest.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: irregular behavior and fatal error messages

Unread postby appreciateshelp » December 10th, 2011, 3:24 pm

Check HD results:
The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
1652 large file records processed.

0 bad file records processed.

2 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files processed.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
27395 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
The Volume Bitmap is incorrect.
Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these.

312568831 KB total disk space.
119192944 KB in 161216 files.
92148 KB in 27396 indexes.
0 KB in bad sectors.
335843 KB in use by the system.
65536 KB occupied by the log file.
192947896 KB available on disk.

4096 bytes in each allocation unit.
78142207 total allocation units on disk.
48236974 allocation units available on disk.
I have tried several times to get it right downloading, unzipping, storing and booting from the dvd drive. I have arranged for boot from cd before as I had to boot from the windows os oem disk when the system crashed the other day. Now however, either I did not download the memtest file and get it on the dvd correctly or I am doing something else wrong. There are two dvd drives I guess #1 is (D) drive and #2 is (E) drive. As you know this is reflected as either 1 or 2 in the post bios boot set-up menu. I have tried different combos to see if I can get it to boot from the files on the disk. I will continue to try and boot the memtest. When the system does boot from the memetest disk, does it boot into windows and run this test in the background? How will I know it is running....system screen message?
Thank you!
robert
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: irregular behavior and fatal error messages

Unread postby askey127 » December 10th, 2011, 4:09 pm

appreciateshelp,
That hard disk report is OK.

About Memtest:
The key thing is how you created the CD to begin with.
You cannot just copy the .iso image to the disc.
You can "Create a CD from an Image " if you have Nero or Roxio or AShampoo.
Otherwise you need to use a utility like ImgBurn.
It's here: http://imgburn.en.softonic.com/
You download the .iso file from memtest, then tell ImgBurn to use "Write" mode and burn the .iso image to a blank CD.

Does this make sense?
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: irregular behavior and fatal error messages

Unread postby appreciateshelp » December 10th, 2011, 4:55 pm

Good instructions...the memtest is running.
Thank you.
I'll get back to you as we see results!
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: irregular behavior and fatal error messages

Unread postby appreciateshelp » December 10th, 2011, 8:16 pm

askey127,
memtest:
Walltime Cached RsvdMem MemMap Cache ECC Test Pass Errors EccErrs
3:20:03 4095M 824k e820-Std on off Std 1 0 no value

Pass complete, no errors, press Esc to exit
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: irregular behavior and fatal error messages

Unread postby askey127 » December 10th, 2011, 8:28 pm

How long did it run with showing no errors?
(There is no useful report created).
Just tell me what happened. Did it eventually show an error on the screen before you hit the <esc> key?
If so, what?

askey
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: irregular behavior and fatal error messages

Unread postby appreciateshelp » December 10th, 2011, 10:47 pm

Right now it has been running for 6hrs., 2nd. pass 0 errors.
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: irregular behavior and fatal error messages

Unread postby askey127 » December 11th, 2011, 8:25 am

appreciateshelp,
OK. Thanks for the hard work. That was a good result.
You can hit the <Esc> key if you haven't already, remove the Memtest CD and let the machine boot up normally.
(Save the Memtest CD for the future - good for testing PC memory on any machine).
This and the Hard drive test eliminates two possible causes of the problem.
Now we can go ahead with some other evaluations.

Please tell me whether your PCTools Security and/or your Norton is up to date.
You shouldn't run both at once.
------------------------------------------------
Download and Run Rkill
Please download and run the tool named Rkill, which may help in allowing other programs to run.
There are different versions with different names. If one of them won't run ,then download and try to run one of the other ones.
After the download, Vista and Win7 users will need to right click the icon and choose Run as Administrator.
You only need to get ONE of these to run, not all of them. You may get warnings from your antivirus about any of these tools. Either ignore the warnings or shutdown your antivirus.
Please download Rkill from one of the following links (note the different names) and save to your Desktop:
iExplore.exe
Rkill.exe
eXplorer.exe
RKill.com
RKill.scr
Rkill.pif
uSeRiNiT.exe
  • Double-click on the iExplore, Rkill, eXplorer, or uSeRiNiT desktop icon to run the tool.(If using Vista or Windows 7 right-click on it and choose Run As Administrator).
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If you get a Warning Message when you try to run it, run it again while the Warning Message is still displayed.
  • If it doesn't run on the first try, please try to run it another two or three times.
  • If it still does not run, delete the desktop entry. Then download and use the one provided in the next link.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided after trying each a few times, please let me know.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the answers about the antivirus programs, and the two logs from OTL.
Let me know how it goes.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: irregular behavior and fatal error messages

Unread postby appreciateshelp » December 11th, 2011, 5:43 pm

Askey127,
PC Tools and Semantec up to date. Semantec as you can see is disabled.
Rkill log:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 12/11/2011 at 15:12:32.
Operating System: Windows Vista (TM) Ultimate


Processes terminated by Rkill or while it was running:

C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\ehome\mcupdate.EXE


Rkill completed on 12/11/2011 at 15:13:13.

OTL:
OTL logfile created on: 12/11/2011 3:24:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robert Smith\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.45% Memory free
4.24 Gb Paging File | 2.48 Gb Available in Paging File | 58.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 185.33 Gb Free Space | 62.17% Space Free | Partition Type: NTFS

Computer Name: ROBERTSMITH-PC | User Name: Robert Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/11 15:20:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Robert Smith\Desktop\OTL.exe
PRC - [2011/05/15 13:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2011/01/13 15:17:26 | 001,589,208 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsGui.exe
PRC - [2010/12/08 14:41:58 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2010/12/08 14:41:58 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2010/12/08 14:41:54 | 001,893,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2010/12/08 14:41:54 | 001,839,776 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2010/12/08 14:41:54 | 001,459,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsSvc.exe
PRC - [2010/05/27 12:41:52 | 000,385,024 | ---- | M] (AMD) -- C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/05/27 10:59:54 | 000,376,832 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010/05/27 10:59:30 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Security\pctsAuxs.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/05/23 01:50:12 | 002,079,232 | ---- | M] (OrdinarySoft) -- C:\Program Files\Vista Start Menu\VistaStartMenu.exe
PRC - [2007/08/30 00:05:10 | 000,790,609 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
PRC - [2007/05/22 18:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 02:30:48 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/07/05 12:42:16 | 000,091,520 | ---- | M] () -- C:\Program Files\SOS Online Backup\ClientApi.dll
MOD - [2011/04/14 19:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/05/27 10:24:24 | 000,023,040 | ---- | M] () -- C:\Windows\System32\atitmpxx.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- -- (McciCMService)
SRV - [2011/06/12 10:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/12/08 14:41:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2010/12/08 14:41:58 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2010/12/08 14:41:54 | 001,893,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2010/12/08 14:41:54 | 001,839,776 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2010/12/08 14:41:54 | 000,357,744 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2010/11/19 06:57:14 | 001,150,936 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2010/09/07 16:05:51 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2010/05/27 10:59:30 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/04/21 11:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 11:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/03/15 14:02:36 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/04/11 00:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/05/22 18:36:48 | 000,061,440 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Marvell\61xx\svc\mvraidsvc.exe -- (Marvell RAID)
SRV - [2007/05/22 18:17:02 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exe -- (MRUWebService)


========== Driver Services (SafeList) ==========

DRV - [2011/11/15 12:05:24 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111202.032\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/11/15 12:05:24 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20111202.032\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/15 03:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/11/15 03:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/12/29 18:34:58 | 000,125,488 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/12/10 13:24:12 | 000,239,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/12/08 14:41:58 | 000,320,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2010/12/08 14:41:58 | 000,284,720 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2010/12/08 14:41:58 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2010/12/08 14:41:52 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2010/12/08 14:41:52 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2010/12/08 14:41:52 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2010/12/08 14:41:50 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2010/07/16 14:59:54 | 000,656,320 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/07/16 14:59:54 | 000,338,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/27 11:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/05/27 11:38:24 | 005,586,432 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/05/27 10:25:18 | 000,209,920 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/05/06 03:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/09/05 14:25:36 | 001,183,744 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/09/03 15:33:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/09/03 15:33:38 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2007/11/13 19:49:50 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007/07/26 21:03:00 | 000,058,880 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2007/05/24 21:29:02 | 000,137,728 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv61xx.sys -- (mv61xx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DF 64 FD 0F 8D B3 CC 01 [binary data]
IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.76
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2011/12/07 14:25:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2011/12/07 14:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2011/11/11 14:20:02 | 000,000,000 | ---D | M]

[2010/05/12 15:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Extensions
[2011/12/10 14:45:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\extensions
[2010/05/17 17:28:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/05/17 17:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
[2011/12/10 14:45:09 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
[2011/12/10 14:45:08 | 000,001,945 | ---- | M] () -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\searchplugins\bing-zugo.xml
[2011/12/06 13:20:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/07 14:26:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/01/19 12:47:22 | 000,172,344 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\mozilla firefox\plugins\npatgpc.dll
[2010/06/08 16:49:45 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/02/26 17:03:12 | 000,036,864 | ---- | M] (Homestead Technologies, Inc.) -- C:\Program Files\mozilla firefox\plugins\nphssb.dll
[2011/11/20 19:04:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/20 19:04:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?q={searchTerms}&pc=Z127&form=ZGACDF&install_date=20111210
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s,
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Robert Smith\AppData\Local\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Robert Smith\AppData\Local\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Robert Smith\AppData\Local\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: ActiveTouch General Plugin Container (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\npatgpc.dll
CHR - plugin: Homestead SiteBuilder Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins\nphssb.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Robert Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.5.7_0\
CHR - Extension: goo.gl URL Shortener = C:\Users\Robert Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.2_0\
CHR - Extension: Poppit = C:\Users\Robert Smith\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL File not found
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000..\Run: [VistaStartMenu] C:\Program Files\Vista Start Menu\VistaStartMenu.exe (OrdinarySoft)
O4 - Startup: C:\Users\Robert Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe (Belkin International, Inc.)
O4 - Startup: C:\Users\Robert Smith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk = C:\Users\Robert Smith\AppData\Local\Autobahn\nexdef.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - Reg Error: Value error. File not found
O8 - Extra context menu item: Open Client to monitor &1 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &2 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &3 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &4 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Open Client to monitor &5 - C:\Windows\web\AOpenClient.htm File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..Trusted Domains: homestead.com ([install] http in Trusted sites)
O15 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..Trusted Ranges: Marvell ([http] in Local intranet)
O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} http://tools.ebayimg.com/eps/wl/activex ... 0-29-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email01.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FE5B819-7ACA-4359-850D-31FE9D7A2A76}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9543F3DF-25CC-40E6-8D0A-6B2F6337E906}: NameServer = 4.2.2.2,4.2.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CDF82118-9205-4453-AD4E-7755D8BABD4E}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img19.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/11 15:20:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Robert Smith\Desktop\OTL.exe
[2011/12/10 14:49:33 | 000,000,000 | ---D | C] -- C:\Users\Robert Smith\AppData\Roaming\ImgBurn
[2011/12/10 14:46:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/12/10 14:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\StartNow Toolbar
[2011/12/08 12:48:10 | 000,607,260 | ---- | C] (Swearware) -- C:\Users\Robert Smith\Desktop\dds.scr
[2011/12/07 13:03:52 | 000,656,320 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctEFA.sys
[2011/12/07 13:03:52 | 000,338,880 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctDS.sys
[2011/12/07 13:03:51 | 000,251,560 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2011/12/07 13:03:51 | 000,103,232 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2011/12/07 13:03:46 | 000,239,168 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2011/12/07 13:03:46 | 000,160,448 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2011/12/07 13:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2011/12/07 13:03:23 | 000,070,536 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2011/12/07 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/12/07 13:03:02 | 000,000,000 | ---D | C] -- C:\Users\Robert Smith\AppData\Roaming\PC Tools
[2011/12/07 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/12/07 13:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/12/07 12:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011/12/05 17:00:46 | 000,000,000 | ---D | C] -- C:\Program Files\UltraMon
[2011/12/05 17:00:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2011/12/05 11:29:16 | 000,000,000 | ---D | C] -- C:\Users\Robert Smith\Desktop\Set-up files
[2011/12/05 10:44:38 | 000,000,000 | ---D | C] -- C:\Users\Robert Smith\Desktop\Desktop working files
[2011/12/02 16:13:37 | 072,348,368 | ---- | C] (Microsoft Corporation) -- C:\Users\Robert Smith\Desktop\msert.exe
[2011/12/02 16:08:08 | 000,347,920 | ---- | C] (Microsoft Corporation) -- C:\Users\Robert Smith\Desktop\MicrosoftFixit.WinSecurity.Run.exe
[2011/11/28 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth

========== Files - Modified Within 30 Days ==========

[2011/12/11 15:25:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/12/11 15:20:24 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Robert Smith\Desktop\OTL.exe
[2011/12/11 15:18:45 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E29A13F3-F360-4D60-9B06-8B2BF0D7E333}.job
[2011/12/11 15:11:51 | 001,008,120 | ---- | M] () -- C:\Users\Robert Smith\Desktop\rkill.exe
[2011/12/11 15:08:01 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-897265402-1281397169-1080296097-1000UA.job
[2011/12/11 14:38:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/11 13:57:47 | 000,023,624 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/12/11 13:56:20 | 000,673,870 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/11 13:56:20 | 000,128,302 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/11 13:51:56 | 000,000,162 | ---- | M] () -- C:\Windows\System32\61xx.xml
[2011/12/11 13:51:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/11 13:51:45 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\RegistryPC Startup.job
[2011/12/11 13:51:41 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 13:51:41 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/11 13:51:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/10 14:40:23 | 000,046,637 | ---- | M] () -- C:\Users\Robert Smith\Desktop\memtest86-3.4a.iso.zip
[2011/12/09 10:50:07 | 000,497,947 | ---- | M] () -- C:\Users\Robert Smith\Desktop\Todville Lots @Brummerhop&1st..pdf
[2011/12/08 12:48:19 | 000,607,260 | ---- | M] (Swearware) -- C:\Users\Robert Smith\Desktop\dds.scr
[2011/12/08 12:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\tasks\RegistryPC Scan.job
[2011/12/08 02:08:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-897265402-1281397169-1080296097-1000Core.job
[2011/12/08 02:07:23 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job
[2011/12/07 21:23:20 | 000,002,637 | ---- | M] () -- C:\Users\Robert Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/12/07 20:29:11 | 000,005,543 | ---- | M] () -- C:\Users\Robert Smith\Desktop\Spyware results.htm
[2011/12/07 13:05:04 | 002,415,884 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/07 13:03:40 | 000,001,786 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/07 12:58:22 | 000,512,992 | ---- | M] () -- C:\Users\Robert Smith\Desktop\Spybot-Spyware-Doctor-Install-rw.exe
[2011/12/07 12:53:51 | 000,014,336 | ---- | M] () -- C:\Users\Robert Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/07 12:49:22 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/12/06 15:22:14 | 000,002,032 | ---- | M] () -- C:\Users\Robert Smith\AppData\Local\d3d9caps.dat
[2011/12/05 16:59:31 | 002,434,560 | ---- | M] () -- C:\Users\Robert Smith\Desktop\UltraMon_3.1.0_en_x32.msi
[2011/12/05 16:01:27 | 020,423,608 | ---- | M] () -- C:\Users\Robert Smith\Desktop\emailscan.pdf
[2011/12/05 12:51:37 | 000,002,655 | ---- | M] () -- C:\Users\Public\Desktop\OneClick Optimization.lnk
[2011/12/05 10:42:34 | 000,000,936 | ---- | M] () -- C:\Users\Robert Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2011/12/04 04:29:00 | 000,000,454 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2011/12/03 16:45:32 | 000,002,621 | ---- | M] () -- C:\Users\Public\Desktop\SystemTechVista.lnk
[2011/12/03 15:47:31 | 000,000,272 | ---- | M] () -- C:\Windows\System32\.crusader
[2011/12/02 16:14:54 | 072,348,368 | ---- | M] (Microsoft Corporation) -- C:\Users\Robert Smith\Desktop\msert.exe
[2011/12/02 16:08:09 | 000,347,920 | ---- | M] (Microsoft Corporation) -- C:\Users\Robert Smith\Desktop\MicrosoftFixit.WinSecurity.Run.exe
[2011/12/02 15:50:41 | 168,236,370 | ---- | M] () -- C:\Users\Robert Smith\Desktop\SEP11.0.7_WIN32BIT_UNMANAGED.exe
[2011/12/02 13:38:36 | 247,094,889 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/28 16:44:38 | 000,001,324 | ---- | M] () -- C:\Windows\System32\log.xml
[2011/11/28 14:43:00 | 000,002,073 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/22 05:35:35 | 000,002,595 | ---- | M] () -- C:\Users\Robert Smith\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Excel 2010 (2).lnk
[2011/11/14 10:05:53 | 000,205,257 | ---- | M] () -- C:\Users\Robert Smith\Documents\Chabuca floorplan.PDF
[2011/11/12 15:30:27 | 000,135,070 | ---- | M] () -- C:\Users\Robert Smith\Desktop\5301 Delaney.pdf

========== Files Created - No Company Name ==========

[2011/12/11 15:11:49 | 001,008,120 | ---- | C] () -- C:\Users\Robert Smith\Desktop\rkill.exe
[2011/12/10 14:40:38 | 001,837,056 | ---- | C] () -- C:\Users\Robert Smith\Desktop\memtest.iso
[2011/12/10 12:01:52 | 000,046,637 | ---- | C] () -- C:\Users\Robert Smith\Desktop\memtest86-3.4a.iso.zip
[2011/12/09 10:50:55 | 000,497,947 | ---- | C] () -- C:\Users\Robert Smith\Desktop\Todville Lots @Brummerhop&1st..pdf
[2011/12/09 10:49:47 | 000,977,577 | ---- | C] () -- C:\Users\Robert Smith\Desktop\Lts 1-5 Harbortown Plat.11.10.11.JPG
[2011/12/07 20:29:10 | 000,005,543 | ---- | C] () -- C:\Users\Robert Smith\Desktop\Spyware results.htm
[2011/12/07 13:04:32 | 002,415,884 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/12/07 13:03:40 | 000,001,786 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2011/12/07 12:58:01 | 000,512,992 | ---- | C] () -- C:\Users\Robert Smith\Desktop\Spybot-Spyware-Doctor-Install-rw.exe
[2011/12/07 12:49:22 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/12/05 16:59:30 | 002,434,560 | ---- | C] () -- C:\Users\Robert Smith\Desktop\UltraMon_3.1.0_en_x32.msi
[2011/12/05 16:02:22 | 020,423,608 | ---- | C] () -- C:\Users\Robert Smith\Desktop\emailscan.pdf
[2011/12/02 15:49:23 | 168,236,370 | ---- | C] () -- C:\Users\Robert Smith\Desktop\SEP11.0.7_WIN32BIT_UNMANAGED.exe
[2011/12/02 13:38:36 | 247,094,889 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/28 16:44:34 | 000,001,324 | ---- | C] () -- C:\Windows\System32\log.xml
[2011/11/28 14:43:00 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/14 10:05:53 | 000,205,257 | ---- | C] () -- C:\Users\Robert Smith\Documents\Chabuca floorplan.PDF
[2011/11/12 15:31:11 | 000,135,070 | ---- | C] () -- C:\Users\Robert Smith\Desktop\5301 Delaney.pdf
[2011/03/25 12:09:34 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/03/25 12:09:34 | 000,000,034 | ---- | C] () -- C:\Windows\System32\bd9840cd.dat
[2011/03/25 12:09:34 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/03/25 12:04:20 | 000,000,229 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/03/25 12:04:20 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/03/25 12:04:20 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bd9840cn.dat
[2011/03/25 11:59:38 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/03/25 11:59:38 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/03/25 11:59:38 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BAOCH06A.DAT
[2011/03/25 11:59:37 | 000,000,009 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/03/25 11:59:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/02/22 22:52:09 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2010/11/16 22:01:31 | 000,023,624 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2010/05/27 10:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2010/05/12 15:11:34 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/04/06 11:54:32 | 000,203,336 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010/02/10 12:40:38 | 000,000,025 | ---- | C] () -- C:\Users\Robert Smith\AppData\Roaming\bdfvconp.ini
[2010/01/29 14:41:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/29 14:41:03 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/29 14:40:13 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010/01/28 13:19:33 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2009/12/03 14:24:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2009/12/01 14:46:47 | 000,098,136 | ---- | C] () -- C:\Windows\gzip.exe
[2009/09/25 09:53:33 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2009/09/25 09:53:33 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2009/09/15 11:23:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009/09/01 14:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2009/09/01 14:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2009/09/01 14:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2009/09/01 14:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2009/09/01 14:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2009/09/01 14:50:27 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2009/09/01 12:31:51 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2009/08/31 13:44:15 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009/08/29 11:33:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/11 13:25:37 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/05/22 15:13:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/27 12:11:36 | 000,032,768 | ---- | C] () -- C:\Windows\System32\ktdll.dll
[2009/02/18 11:55:20 | 000,294,912 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009/02/03 14:52:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009/01/05 14:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 14:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/07/07 12:07:33 | 000,081,984 | ---- | C] () -- C:\Windows\System32\bdod.bin
[2008/05/13 19:53:31 | 000,014,336 | ---- | C] () -- C:\Users\Robert Smith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/01 13:24:54 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/03/18 15:50:38 | 000,000,041 | ---- | C] () -- C:\Windows\System32\SndDrv32b.ini
[2008/03/18 14:20:16 | 000,000,367 | ---- | C] () -- C:\Windows\System32\CNCMFP12.INI
[2008/03/05 23:38:44 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2008/02/26 13:19:52 | 000,000,000 | ---- | C] () -- C:\Windows\asym.ini
[2007/11/17 15:52:10 | 000,000,024 | ---- | C] () -- C:\Windows\VSWizard.ini
[2007/11/14 09:24:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007/11/13 19:58:25 | 000,000,009 | ---- | C] () -- C:\Windows\mvraidver.dat
[2007/11/13 19:49:50 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2007/11/13 19:26:04 | 000,001,285 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007/11/13 19:25:58 | 000,005,824 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007/11/13 19:23:44 | 000,002,032 | ---- | C] () -- C:\Users\Robert Smith\AppData\Local\d3d9caps.dat
[2007/06/06 20:24:42 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/05/22 18:17:30 | 000,047,395 | ---- | C] () -- C:\Windows\php.ini
[2007/04/25 19:21:36 | 000,000,236 | ---- | C] () -- C:\Windows\zraidtray.ini
[2006/11/02 06:55:52 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:46:27 | 000,444,952 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,673,870 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,128,302 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/06/24 14:01:07 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\Autodesk
[2009/09/01 12:17:19 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\BitDefender
[2009/09/14 15:25:31 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\Blitware
[2009/09/14 15:47:08 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/08/27 09:24:13 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\DesktopAlert, Inc
[2011/12/10 14:50:18 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\ImgBurn
[2009/01/12 12:44:24 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\Leadertech
[2011/12/07 14:25:15 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\NewTech Infosystems
[2010/07/16 11:23:55 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\QuickScan
[2009/09/12 16:17:26 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\RegistryPC
[2010/11/16 22:25:57 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\Uniblue
[2011/12/10 13:07:14 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\Vista Start Menu
[2011/07/06 11:48:27 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\WinPatrol
[2010/06/08 10:17:08 | 000,000,000 | ---D | M] -- C:\Users\Robert Smith\AppData\Roaming\Xtend2.71305F52FFD36D9BDDE00284EF6181AE6688276A.1
[2011/12/04 04:29:00 | 000,000,454 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job
[2011/12/08 12:00:00 | 000,000,452 | ---- | M] () -- C:\Windows\Tasks\RegistryPC Scan.job
[2011/12/11 13:51:45 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\RegistryPC Startup.job
[2011/12/08 12:13:41 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/08 02:07:23 | 000,000,496 | ---- | M] () -- C:\Windows\Tasks\SOS Online Backup - rsmith@houstonsuburbanrealestate.com.job
[2011/12/11 15:18:45 | 000,000,432 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E29A13F3-F360-4D60-9B06-8B2BF0D7E333}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 164 bytes -> C:\Users\Robert Smith\Desktop\Willits Subdv.TIF:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Robert Smith\Desktop\Lts 1-5 Harbortown Plat.11.10.11.JPG:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 164 bytes -> C:\Users\Robert Smith\3311 Oaklawn Place.auth.TIF:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras:
OTL Extras logfile created on: 12/11/2011 3:24:41 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Robert Smith\Desktop
Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19154)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 42.45% Memory free
4.24 Gb Paging File | 2.48 Gb Available in Paging File | 58.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298.09 Gb Total Space | 185.33 Gb Free Space | 62.17% Space Free | Partition Type: NTFS

Computer Name: ROBERTSMITH-PC | User Name: Robert Smith | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-897265402-1281397169-1080296097-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisabledInterfaces" = {9543F3DF-25CC-40E6-8D0A-6B2F6337E906},{CDF82118-9205-4453-AD4E-7755D8BABD4E},{4FE5B819-7ACA-4359-850D-31FE9D7A2A76}

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DD8D368-4452-40E7-8FF0-DB156F7D05F2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{164207BD-9C4D-4A4B-95DA-2A33C2B12CB6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{26B20A9B-1154-4097-A972-C5AFF4CC84A5}" = lport=10243 | protocol=6 | dir=in | app=system |
"{30DE83F4-3624-440A-A02F-A7739C0AF460}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{3468337B-6669-4ADC-8476-0DD1B97CFB1C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4F4C7BAB-9DC9-4D30-A5D3-7C9C0D98BE50}" = rport=10243 | protocol=6 | dir=out | app=system |
"{521A9DDB-7A4B-41B6-986B-F7EE4EC767A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A211321-CDC8-46C4-84FC-A32589C7A9CC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{87FBEB53-D87E-4628-9019-F22E94D5CB8F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9C819ABA-EC27-41A8-8A5E-910E50CE21F4}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{9D0A6C49-88CD-4984-99B6-1C3C7E2B06B1}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2762297-9742-415A-98D8-5FDAECF8CF7F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A93FA13E-F591-487E-98D4-D8798A900D73}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{CE766725-06E9-489A-962D-7DC57C1F8D32}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{CFFED337-182E-4947-A1AC-6F0861D98DFB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF756BEC-3A5A-4F6E-9CE1-719EC370E019}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06B033C4-5E75-441F-8BA7-06B542F80CEF}" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"{1D3828FD-D8C4-4744-886D-29C36F94B773}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2953BB4C-B018-4CC0-8C9E-5FB06730D905}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{2DBBEF91-4995-48BC-A3CF-F4CCFBD6D4D6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31D2513A-0ACE-4C7F-B720-1686F881CB68}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{40D6376B-162F-45E6-8984-63938E2E6ED9}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{415276C7-D7D2-40B6-83EE-08A146B83CE6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{45EF2280-D928-46CE-85E2-4BA982ECEA32}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4F43D295-4952-424A-A79A-45A195AEDFF5}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{5F9779BF-8858-4FE7-A0DA-7F2778129832}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{6290CF02-C5A9-4134-8C98-266644B2B652}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{6FF9A7F0-F4C1-42A3-930A-0C19F7CE91D2}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{7ECD9C87-AA95-4018-A3E8-0CBAB08542C4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{80EE0E51-A857-449D-B8EE-3D00CF3A77B4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{833E702D-7041-4182-9A79-AFC1F9B88FD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{84A098ED-1B3F-4E65-94A3-4A681B6D1062}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{90D25AD5-CC81-44BC-AE7B-B3C1D4D482B6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{A234AAA9-A101-4DB5-81FC-E51F44AC184D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7300AF5-DF93-4CF6-BE3F-E2E01DCA9571}" = protocol=6 | dir=out | app=system |
"{BEFF9D32-1778-4E8F-945F-F9315FD8AE53}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{C0027A26-D9D4-4436-A20A-EDD22F82134B}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{C1F50E24-26D2-453B-A133-F76D46C5B5A3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{C30C69B0-36C9-4855-9C2D-4B5A63DF13D3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{C3FC05D2-D2B8-4EE1-B903-51FACE0D3862}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{D085F719-4F5D-4C03-8695-82FEB01F61AD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D328FC1F-01C6-4304-BF9C-01D8E4F1672C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E232C52E-66BB-4501-8C41-D9530315D087}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{EB9B8486-4B25-46F3-AE9C-07DB6427D863}" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"TCP Query User{5E277A0F-23E7-4E0E-96C6-815DFACED173}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7143E40A-1789-44F3-B87D-2764A0D37457}C:\program files\marvell\61xx\apache2\bin\apache.exe" = protocol=6 | dir=in | app=c:\program files\marvell\61xx\apache2\bin\apache.exe |
"TCP Query User{8B9B4BBB-AFCA-4223-9EFB-F43106B319BB}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{B6DDB299-94ED-46FD-8A96-1C7158357065}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=6 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"UDP Query User{032062FE-08CD-4036-B358-7F580B7F41C7}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{10CD6AC4-7A46-421B-B7D0-D6E36952FD9B}C:\program files\marvell\61xx\apache2\bin\apache.exe" = protocol=17 | dir=in | app=c:\program files\marvell\61xx\apache2\bin\apache.exe |
"UDP Query User{40113301-204D-4441-B8E3-94F794C0F7DD}C:\program files\belkin\network usb hub control center\connect.exe" = protocol=17 | dir=in | app=c:\program files\belkin\network usb hub control center\connect.exe |
"UDP Query User{8EBCF6FD-870D-4135-95EE-A9F5F81976A3}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{12076C90-4A78-7241-F633-4D2B019D5611}" = CCC Help Thai
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{17E11EC2-3736-10A1-330C-CC7EB6CAC6B3}" = CCC Help Turkish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{31405CA2-F009-D91B-FEFF-35924343CB14}" = Catalyst Control Center InstallProxy
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59F5C54C-ED39-58B4-42DA-3F20AB440E49}" = CCC Help Czech
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{64B157C9-C291-2535-8177-237BC2D37EBF}" = CCC Help Korean
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84B70C16-7032-41EE-965C-3C8D9D566CBB}" = Symantec Endpoint Protection
"{85C3024B-A974-450C-4D46-C031F801F5EC}" = ccc-utility
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88A4002B-BDBA-49A2-927C-D81E8DF32B1B}" = LightScribe Applications
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8D423929-E0DE-4B27-9BE8-95FAA3F25B57}_is1" = MyTradeBook 2.1
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{916F59AC-116F-4F70-B945-35000B059D9C}" = SystemTechVista
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94F4B1D4-0BCC-E5C6-4EAE-F1A287383D5B}" = CCC Help Finnish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007F-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{98838C21-AD83-77AA-3B09-F437C6F24F8F}" = CCC Help Dutch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FE051B0-39BC-F5DD-C99B-0D4793184C2A}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA6B96C4-7AF5-3F6A-E630-4096508A9C47}" = CCC Help Danish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACFB6965-D714-3786-6B50-58E21223CB96}" = ATI AVIVO Codecs
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B48E87FE-A8D9-EE14-B607-3FA1ACEF218E}" = CCC Help Norwegian
"{B4FA8E67-D299-485A-407B-05A2681BAF47}" = CCC Help Japanese
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{BB05BC7D-BEF8-7A7B-C62E-F1BE381E70BB}" = CCC Help Swedish
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BC}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D34F0251-1C96-09B3-EE29-2A9148413252}" = CCC Help Chinese Traditional
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{DCFBBC9D-719E-4134-A572-263526AE16DD}" = Network Recording Player
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E937F8DA-8C7F-ADFE-7EA5-7C1CAAB23C05}" = HydraVision
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECD129A4-5A21-1977-0849-6913BA6BA29C}" = CCC Help Russian
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5BE88C4-A9A1-4ADD-980D-15EEB563C7BA}" = SOS Online Backup
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"{FC47C7A5-BE63-11D5-B7C9-005004566E4D}" = ViewSonic Windows Vista Signed Files
"{FD1E62F4-33DC-87C5-8C4A-77D2D8D5ACB8}" = ATI Catalyst Install Manager
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"ATT" = AT&T U-verse Setup
"Autobahn" = NexDef Plug-in
"Belkin Network USB Hub Control Center" = Belkin Network USB Hub Control Center
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DWG TrueView 2010" = DWG TrueView 2010
"Google Updater" = Google Updater
"HitmanPro35" = Hitman Pro 3.5
"Intuit SiteBuilder" = Intuit SiteBuilder
"jZip" = jZip
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 9.0 (x86 en-US)" = Mozilla Firefox 9.0 (x86 en-US)
"mv61xxDriver" = marvell 61xx
"mv61xxMRU" = Marvell MRU
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Spyware Doctor" = Spyware Doctor with AntiVirus 8.0
"thinkorswim" = thinkorswim
"Vista Start Menu" = Vista Start Menu
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-897265402-1281397169-1080296097-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{E9EB5689-4F76-4E3C-A675-5ED5F52AB890}" = NTI Shadow 3
"Google Chrome" = Google Chrome
"GoToMeeting" = GoToMeeting 4.8.0.723

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/1/2011 9:02:51 PM | Computer Name = RobertSmith-PC | Source = Perflib | ID = 1010
Description =

Error - 7/1/2011 9:02:52 PM | Computer Name = RobertSmith-PC | Source = Perflib | ID = 1008
Description =

Error - 7/1/2011 10:01:46 PM | Computer Name = RobertSmith-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 7/1/2011 10:01:48 PM | Computer Name = RobertSmith-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 7/1/2011 10:01:48 PM | Computer Name = RobertSmith-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x80070002).

Error - 7/2/2011 12:23:19 AM | Computer Name = RobertSmith-PC | Source = Outlook | ID = 34
Description = Failed to get the Crawl Scope Manager with error=0x80070002.

Error - 7/2/2011 12:23:19 AM | Computer Name = RobertSmith-PC | Source = Outlook | ID = 35
Description = Failed to determine if the store is in the crawl scope (error=0x80070002).

Error - 7/2/2011 4:25:44 PM | Computer Name = RobertSmith-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 7/2/2011 4:25:57 PM | Computer Name = RobertSmith-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 7/2/2011 4:25:57 PM | Computer Name = RobertSmith-PC | Source = Windows Search Service | ID = 3058
Description =

[ Media Center Events ]
Error - 4/1/2009 7:23:16 AM | Computer Name = RobertSmith-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/12/2009 4:01:15 AM | Computer Name = RobertSmith-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 11:08:55 AM | Computer Name = RobertSmith-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/11/2011 1:44:27 AM | Computer Name = RobertSmith-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/11/2011 1:44:30 AM | Computer Name = RobertSmith-PC | Source = DCOM | ID = 10005
Description =

Error - 12/11/2011 1:44:52 AM | Computer Name = RobertSmith-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/11/2011 1:44:56 AM | Computer Name = RobertSmith-PC | Source = DCOM | ID = 10005
Description =

Error - 12/11/2011 2:13:28 AM | Computer Name = RobertSmith-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =

Error - 12/11/2011 2:20:14 AM | Computer Name = RobertSmith-PC | Source = WMPNetworkSvc | ID = 866300
Description =

Error - 12/11/2011 3:33:57 PM | Computer Name = RobertSmith-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 1:30:39 PM on 12/11/2011 was unexpected.

Error - 12/11/2011 3:33:58 PM | Computer Name = RobertSmith-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 4002
Description =

Error - 12/11/2011 3:52:37 PM | Computer Name = RobertSmith-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2011 3:56:25 PM | Computer Name = RobertSmith-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
Thank U!
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: irregular behavior and fatal error messages

Unread postby askey127 » December 12th, 2011, 9:02 am

appreciateshelp,
Please Re-Enable Symantec Endpoint Protection now. If you are successful, then proceed:
Otherwise let me know.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Hitman Pro 3.5
Spyware Doctor with AntiVirus 8.0
Java(TM) 6 Update 20

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
In the first section on the page, labeled Java SE 7u1(JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x86 offline (or Windows 64-bit if your machine is 64-bit), and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, (or right click and choose "Run as administrator" in Vista/Win7) and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.

When it finishes, you can remove the Installer from your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    O15 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..Trusted Domains: homestead.com ([install] http in Trusted sites)
    O15 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..Trusted Ranges: Marvell ([http] in Local intranet)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
    O3 - HKU\S-1-5-21-897265402-1281397169-1080296097-1000\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    [2010/05/17 17:28:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/05/17 17:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}-trash
    [2011/12/10 14:45:09 | 000,000,000 | ---D | M] (StartNow Toolbar) -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
    [2011/12/10 14:45:08 | 000,001,945 | ---- | M] () -- C:\Users\Robert Smith\AppData\Roaming\Mozilla\Firefox\Profiles\lfraugc4.default\searchplugins\bing-zugo.xml
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: irregular behavior and fatal error messages

Unread postby appreciateshelp » December 12th, 2011, 10:37 pm

Enabled Symantec, uninstalled the progs, downloaded java (btw it was SE 7 u2), ran the Fix in OTL then the system asked to "ok" restart then after restart it gave me a log without prompting then the system froze. I could not get any response so tried task manager to restart, it would not respond so I had to use the reset button and now the screen has power but won't boot to windows desktop. Basically just a black backlit screen with power light on. Shall I boot from the oem cd?
Sorry about this but I promise I did things exactly as instructed.
Thank you!
r
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: irregular behavior and fatal error messages

Unread postby askey127 » December 13th, 2011, 8:40 am

appreciateshelp,
There have been some serious problems with the programs installed on this machine
Some programs on the machine are supposed to optimize Registries, drivers, etc.
Registry optimizers are known to have corrupted systems, leaving them unusable.
You also have had Blitware, which is a malware/adware application. It has online posts showing instances of systems which never worked correctly after using it.
The system has been running with multiple Antivirus programs, which can lead to system instability and make the system vulnerable.(Hitman pro, Symantec, Spyware Doctor)
You have Adobe Acrobat 4, which is not only very vulnerable to contaminated online PDFs, but may have a faulty updater, and can hang up a machine while it interminably tries to "updates"..

In total, This machine does not seem practical as a candidate for online cleaning.
It has too much wrong with it, and it shows serious signs of corrupted system files.
We have not done anything here which would cause a boot failure.

I would recommend, if you can get it started with the OEM CD, that you do so, and save all your important documents onto a separate media.
Then use the OEM CD to re-install your Windows Operating System from scratch.
If you save your installation codes for Windows, Symantec, and other important programs, you should be able to re-install them, and get all the Vista Updates by via Automatic updates.
This will get things running cleanly in a couple days, and produce the best result for you.

Otherwise, i think you will be chasing your tail from now on.

I know you would prefer to "fix" it, but there are times when that option is not the best solution.
This is my best recommendation.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: irregular behavior and fatal error messages

Unread postby appreciateshelp » December 13th, 2011, 12:42 pm

I understand. What security software or combo (or not) do you think will help avoid this problem again?
I do have a complete back-up that is at SOS so doc's etc. are available.
Anything else I should avoid or be aware of in this process? I guess this will completely reformat the disk erasing everything including unwanted software etc....right?
Thank you.
appreciateshelp
Regular Member
 
Posts: 22
Joined: December 6th, 2011, 4:56 pm

Re: irregular behavior and fatal error messages

Unread postby askey127 » December 13th, 2011, 8:02 pm

Sure.
Just don't try a "System Repair". Do a complete System Recovery.
When you get it running, install Symantec first thing, then let the Windows System do automatic updates
With Symantec running all the time, and Malware bytes Anti-malware doing one scan per week, you should be fine.

A word about downloads:
NO Toolbars, of any kind. They are for benefit of the purveyor, not you.
If you have a system problem, ask at Microsoft or here, but don't download any promised helpers.
You will do fine.
When you go to re-install documents, old programs, etc., make sure Norton scans the disk or external drive first.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 14 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware